39001 matches found
CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload Exploit
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4.0 CVE : CVE-2014-10078,CVE-2014-1007...
WinMPG Video Convert Local Dos Exploit
Exploit Title: WinMPG Video Convert Local Dos Exploit Date: 15.03.2019 Vendor Homepage:http://www.winmpg.com Software Link: http://www.winmpg.com/down/WinMPGVideoConvert.zip Exploit Author: Achilles Tested Version: 9.3.5 and older ones Tested on: Windows XP SP3 EN 1.- Run python code :WinMPG.py 2...
Pegasus CMS 1.0 - (extra_fields.php) Plugin Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Pegasus extrafields.php Plugin Remote Code Execution Date: 14 March 2019 Exploit Author: R3zk0n Vendor Homepage: https://www.wisdom.com.au/web/pegasus-cms Software Link: N/A Version: 1.0 Tested on: Linux CVE : N/A The Pegasus CM...
Intel Modular Server System 10.18 - CSRF (Change Admin Password) Vulnerability
Exploit for php platform in category web applications history.pushState'', 't00t', 'index.php' input type="hidden" name="dbTableUser1UserId" valu...
Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution Exploit
""" Exploit Title: Apache UNO API RCE Exploit Author: sud0woodo Vendor Homepage: https://www.apache.org/ Software Link: https://www.openoffice.org/api/ Version: LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 but really any version with the UNO API included Tested on: Ubuntu Mate 18.04 with kernel...
FTPGetter Standard 5.97.0.177 - Remote Code Execution Exploit
Exploit Title: FTPGetter Standard - v.5.97.0.177 Remote Code Execution Exploit Author: https://github.com/w4fz5uck5 | @w4fz5uck5 Vendor Homepage: https://www.ftpgetter.com Software Link: https://www.ftpgetter.com/ftpgettersetup.exe Version: v.5.97.0.177 Tested on: Windows 7 x64 CVE : CVE-2019-976...
WordPress GraceMedia Media Player 1.0 Plugin - Local File Inclusion Vulnerability
Exploit for php platform in category web applications WordPress GraceMedia Media Player 1.0 Plugin - Local File Inclusion ============================================= MGC ALERT 2019-001 - Original release date: February 06, 2019 - Last revised: March 13, 2019 - Discovered by: Manuel García...
Microsoft Windows MSHTML Engine - (Edit) Remote Code Execution Exploit
Exploit for windows platform in category local exploits Exploit Title: Microsoft Windows CVE-2019-0541 MSHTML Engine "Edit" Remote Code Execution Vulnerability Google Dork: N/A Date: March, 13 2019 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link:...
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N/A Google Dork: N/A CVE:2019-8953...
Apache Tika-server < 1.18 - Command Injection Exploit
Description: This is a PoC for remote command execution in Apache Tika-server. Versions Affected: Tika-server versions " print "Example: python CVE-2018-1335.py localhost 9998 calc.exe" else: host = sys.argv1 port = sys.argv2 cmd = sys.argv3 url = host+":"+strport+"/meta" headers =...
Microsoft Windows .Reg File / Dialog Box Message Spoofing Exploit
The Windows registry editor allows specially crafted .reg filenames to spoof the default registry dialog warning box presented to an end user. This can potentially trick unsavvy users into choosing the wrong selection shown on the dialog box. Furthermore, we can deny the registry editor its abili...
WordPress Fastest Cache 0.8.9.0 Arbitrary File Deletion Exploit
WordPress WP Fastest Cache plugin versions 0.8.9.0 and below suffer from an arbitrary file deletion vulnerability. The wordpress plugin "WP Fastest Cache" 0 suffered from an arbitrary file deletion bug. Description A successful attack allows an unauthenticated attacker to specify a path to a...
robinbhandari FTP Remote Denial Of Service Exploit
Title: CVE-2019-9668 robinbhandari FTP remote DoS vulnerability Vulnerable: - https://github.com/rovinbhandari/FTP Description: robinbhandari is a open source tiny ftp server/client in github.com. it has a remote DoS vulnerability in a 'put' command. Timeline: 2019-03-11 CVE-2019-9668 robinbhanda...
Core FTP 2.0 Build 653 PBSZ Denial Of Service Exploit
Exploit Title: Core FTP 2.0 build 653 - 'PBSZ' - Unauthenticated - Denial of Service PoC Exploit Author: Hodorsec email protected / email protected Vendor Homepage: http://www.coreftp.com/ Software Link: http://coreftp.com/server/download/archive/CoreFTPServer653.exe Version: Version 2.0, build...
NREL BEopt 2.8.0 Insecure Library Loading Arbitrary Code Execution Exploit
BEopt suffers from a DLL Hijacking issue. The vulnerability is caused due to the application loading libraries sdl2.dll and libegl.dll in an insecure manner. This can be exploited to load arbitrary libraries by tricking a user into opening a related application file .BEopt located on a remote...
elFinder PHP Connector < 2.1.48 - exiftran Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in elFinder versions prior to 2.1.48. The PHP connector component allows unauthenticated users to upload files and perform file modification operations, such as resizing and rotation of an image. The file name of uploaded files is...
CoreFTP Server FTP / SFTP Server v2 Build 674 MDTM Directory Traversal Vulnerability
CoreFTP Server FTP and SFTP Server version 2 build 674 suffer from a directory traversal vulnerability. By utilizing a directory traversal along with the FTP MDTM command, an attacker can browse outside the root directory to determine if a file exists based on return file size along with the date...
Core FTP Server FTP / SFTP Server v2 Build 674 - SIZE Directory Traversal Exploit Vulnerability
Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal Google Dork: N/A Date: 3/13/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link: http://www.coreftp.com/server/index.html Version: Firmware: CoreFTP Server FTP / SFTP Serv...
PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: PilusCart 1.4.1 - Cross-Site Request Forgery Add Admin Exploit Author: Gionathan "John" Reale Vendor Homepage: https://github.com/piluscart Software Link:...
Linux Kernel 4.4 (Ubuntu 16.04) - snd_timer_user_ccallback() Kernel Pointer Leak Exploit
include include include include include include include include include include include include include include Exploit Title: Linux Kernel 4.4 Ubuntu 16.04 - Leak kernel pointer in sndtimeruserccallback Google Dork: - Date: 2019-03-11 Exploit Author: wally0813 Vendor Homepage: - Software Link: -...
OpenKM 6.3.2 < 6.3.7 - Remote Command Execution Exploit #RCE
Exploit for jsp platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' ,...
NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode) Exploit
Exploit for windows platform in category local exploits Exploit Title: NetSetMan 4.7.1 - Local Buffer Overflow SEH Unicode Exploit Author: Devin Casadey Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1 Tested on: Windows XP S...
Liferay CE Portal < 7.1.2 ga3 - Remote Command Execution Exploit #RCE
Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE Portal...
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution Exploit #RCE
Exploit for php platform in category web applications !/usr/bin/env python Exploit Title: FlexPaper PHP Publish Service = 2.3.6 RCE Date: March 2019 Exploit Author: Red Timmy Security - redtimmysec.wordpress.com Vendor Homepage: https://flowpaper.com/download/ Version: = 2.3.6 Tested on: Linux/Un...
PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution Exploit
Exploit for windows platform in category web applications !/bin/bash echo -e "\n\e00;33m++ \e00m" echo -e "\e00;32m Authenticated PRTG network Monitor remote code execution \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Date: 11/03/2019 \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m...
SonyPlaystation 4 (PS4) < 6.20 - WebKit Code Execution Exploit
Exploit for hardware platform in category local exploits...
Linux/x86 - INSERTION Encoder / Decoder execve(/bin/sh) Shellcode (88 bytes)
/ ''' ; Date: 07/03/2019 ; Insertion-Encoder.asm ; Author: Daniele Votta ; Description: This program encode shellcode with insertion technique 0xAA. ; Tested on: i686 GNU/Linux ''' !/usr/bin/python Python Insertion Encoder import random Execve /bin/sh 25 bytes shellcode...
DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link: https://www.directadmin.com:2222/CMDACCOUNTADM...
OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery / Cross-Site Scripting
Exploit for multiple platform in category web applications Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link: https://orientdb.org/download Version: 3.0.17 ...
McAfee ePO 5.9.1 - Registered Executable Local Access Bypass Vulnerability
Exploit for windows platform in category web applications Exploit Title: McAfee ePO 5.9.1 Registered Executable Local Access Bypass Exploit Author: @leonjza Vendor Homepage: https://www.mcafee.com/ Software Link: https://www.mcafee.com/enterprise/en-us/products/epolicy-orchestrator.html Version:...
OpenSSH SCP Client - Write Arbitrary Files Exploit
''' OpenSSH SCP Client - Write Arbitrary Files Exploit Title: SSHtranger Things Author: Mark E. Haase Homepage: https://www.hyperiongray.com CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS, OpenSSH...
TeamCity < 9.0.2 - Disabled Registration Bypass Exploit
TeamCity 9.0.2 - Disabled Registration Bypass Exploit var login = 'testuser'; //логин пользователя var password = 'SuperMEgaPa$$'; //пароль var email = 'email protected'; // email / Code / var b = BS.LoginForm; var publickey = $F"publicKey"; var encryptedpass = BS.Encrypt.encryptDatapassword,...
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass) Exploit
Oracle Weblogic Server - Deserialization Remote Command Execution Patch Bypass Exploit // All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath =...
phpBB 3.2.3 - Remote Code Execution Exploit
Exploit for php platform in category web applications phpBB 3.2.3 - Remote Code Execution Exploit // All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath =...
WordPress Core 5.0 - Remote Code Execution Exploit
Exploit for php platform in category web applications WordPress Core 5.0 - Remote Code Execution Exploit var wpnonce = ''; var ajaxnonce = ''; var wpattachedfile = ''; var imgurl = ''; var postajaxdata = ''; var postid = 0; var cmd = '?php phpinfo;/'; var cmdlen = cmd.length var payload =...
Android su Privilege Escalation Exploit
This Metasploit module uses the su binary present on rooted devices to run a payload as root. A rooted Android device will contain a su binary often linked with an application that allows the user to run commands as root. This module will use the su binary to execute a command stager as root. The...
QNAP TS-431 QTS < 4.2.2 - Remote Command Execution Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' class MetasploitModule 'QNAP TS-431 QTS %q This module creates a virtual web server and uploads the php payload into it. Admin privileges cannot access a...
Kados R10 GreenBee - Multiple SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: Kados R10 GreenBee - 'menulev1' SQL Injection Dork: N/A Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.kados.info/ Softwar...
Anyburn 4.3 x86 - Copy disc to image file Buffer Overflow - (UNICODE) (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: Anyburn 4.3 - 'Copy disc to image file' Buffer Overflow - UNICODESEH Version: 4.3 Author: Hodorsec email protected / email protected Vendor Homepage: http://www.anyburn.com/ Software Link:...
ClearOS 7 Community Edition Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: ClearOS 7 Community Edition | Cross-Site Scripting Exploit Author: Ozer Goker Vendor Homepage: https://www.clearos.com Software Link: http://mirror.clearos.com/clearos/7/iso/x8664/ClearOS-DVD-x8664.iso Version: 7 Introduction...
FreeBSD - Intel SYSRET Privilege Escalation Exploit
Exploit for freebsd platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeBSD Intel SYSRET Privilege Escalation', 'Description' = %q This module exploits a...
Sagemcom [email protected] 5260 Router Insufficient Default PSK Entropy Vulnerability
Sagemcom email protected 5260 routers on firmware version 0.4.39 and possibly others, in WPA mode, default to using a PSK that is generated from a 2-part wordlist of known values and a nonce with insufficient entropy. The number of possible PSKs is about 1.78 billion, which is too small. 0day.tod...
Java Debug Wire Protocol Remote Code Execution Exploit
Java Debug Wire Protocol JDWP remote code execution exploit. !/usr/bin/python Universal JDWP shellifier @hugsy And special cheers to @lanjelot import socket import time import sys import struct import urllib import argparse JDWP protocol variables HANDSHAKE = "JDWP-Handshake" REQUESTPACKETTYPE =...
Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass Exploit
Android - getpidcon Usage in Hardware binder ServiceManager Permits ACL Bypass Exploit We already reported four bugs in Android that are caused by the use of getpidcon, which is fundamentally unsafe: https://bugs.chromium.org/p/project-zero/issues/detail?id=727 AndroidID-27111481; unexploitable...
Imperva SecureSphere 13.x PWS Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in Imperva SecureSphere version 13.x. The vulnerability exists in the PWS service, where Python CGIs did not properly sanitize user supplied command parameters and directly passes them to corresponding CLI utility, leading to comma...
Drupal RESTful Web Services unserialize() Remote Code Execution Exploit
This Metasploit module exploits a PHP unserialize vulnerability in Drupal RESTful Web Services by sending a crafted request to the /node REST endpoint. As per SA-CORE-2019-003, the initial remediation was to disable POST, PATCH, and PUT, but Ambionics discovered that GET was also vulnerable albei...
Linux < 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to /proc/*/mem Exploit
Linux memrw - accessremotevm - accessremotevm - getuserpagesremote - getuserpageslocked - getuserpages - findextendvma Then, if the VMA in question has the VMGROWSDOWN flag set: expandstack - expanddownwards - securitymmapaddr - capmmapaddr This, if the address is below dacmmapminaddr, does a...
Android - binder Use-After-Free via racy Initialization of ->allow_user_free Exploit
Android - binder Use-After-Free via racy Initialization of -allowuserfree Exploit The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. Th...
OpenDocMan 1.3.4 - (search.php where) SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================================================================== Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection Exploit Author: Mehmet EMIROGLU Vendor Homepage:...