39001 matches found
Snapchat takeover any account 0day Exploit
Exploit can reset any Snapchat account...
Splunk Enterprise 7.2.4 - Custom App RCE (Persistent Backdoor - Custom Binary Payload) Exploit
Exploit for windows platform in category web applications !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications...
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: Remote code execution in Raisecom xpon Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: https://www.raisecom.com Software Link: https://www.raisecom.com/products/xpon Version:...
MarcomCentral FusionPro VDP Creator < 10.0 - Directory Traversal Exploit
Exploit for windows platform in category web applications !/usr/bin/env python ''' Exploit Title: MarcomCentral FusionPro VDP Creator :/Windows/System32/drivers/etc/hosts. No slash-dot-dots /../.. are required, but you can add some if you want. Note that the slashes are forward slashes! By defaul...
Apache UNO API Remote Code Execution Vulnerability
When Apache OpenOffice and LibreOffice are spawn as an office server, they bind an Apache UNO API that allows for remote code execution. Dear reader, I am not sure if I am contacting through the right email address but someone said I should e-mail you guys. I found an RCE functionality in the...
WordPress Cerber Security Antispam & Malware Scan 8.0 Plugin - Multiple Bypass Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son...
Craft CMS 3.1.12 Pro - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Craft CMS 3.1.12 Pro - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://craftcms.com/ Software Link : https://github.com/craftcms/cms Software : Craft CMS 3.1.12 Pro Version : 3.1.12 Pro Vulernabilit...
Booked Scheduler 2.7.5 - Remote Command Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Booked Scheduler v2.7.5 - Remote Command Execution', 'Description' = %q This module exploits...
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
/ Exploit Title: getting Read permission through Type Confusion Date: date Exploit Author: Fahad Aid Alharbi Vendor Homepage: https://www.microsoft.com/en-us/ Version: Chakra 1114 REQUIRED Tested on: Windows 10 CVE : cve-2019-0539 / / author @0x4142 = Fahad Aid Alharbi cve-2019-0539 Getting Read ...
Bolt CMS 3.6.4 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Bolt CMS - 3.6.4 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bolt CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type : Cross-si...
elFinder 2.1.47 - Command Injection vulnerability in the PHP connector Exploit
Exploit for php platform in category web applications !/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data =...
zzzphp CMS 1.6.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link:...
macOS XNU - Copy-on-Write Behavior #Bypass via Mount of User-Owned Filesystem Image Exploit
XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might be...
Cisco WebEx Meetings < 33.6.6 / < 33.9.1 - Privilege Escalation Exploit
Exploit for windows platform in category local exploits Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 1. Advisory Information Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 Advisory ID: CORE-2018-0012 Advisory URL:...
FileZilla 3.40.0 Denial Of Service Exploit
Exploit Title: FileZilla 3.40.0 - "Local search" Denial of Service PoC Discovery by: Mr Winst0n Vendor Homepage: https://filezilla-project.org Software Link : https://filezilla-project.org/download.php?type=client&showall=1 Tested Version: 3.40.0 Tested on: Kali linux x8664 Vulnerability Type:...
tcpdump < 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads Exploit
tcpdump 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads Exploit Through fuzzing of network capture .pcap files, we have identified 16 crashes with unique stack traces in tcpdump. These crashes are caused by heap-based out-of-bounds memory reads, and can be reproduced with the latest tcpdump sourc...
Google Chrome < M72 - FileWriterImpl Use-After-Free Exploit
Google Chrome GetBlobDataFromBlobPtr std::moveblob, base::BindOnce&FileWriterImpl::DoWrite, base::Unretainedthis, std::movecallback, position; Note that the last argument to GetBlobDataFromBlobPtr is a callback object bound to base::Unretainedthis. And the implementation of GetBlobDataFromBlobPtr...
Google Chrome < M72 - PaymentRequest Service Use-After-Free Exploit
Google Chrome M72 - PaymentRequest Service Use-After-Free Exploit There are several object-lifetime issues in the browser process in the implementation of payments.mojom.PaymentRequest. The PaymentRequest object contains a std::uniqueptr to a PaymentRequestSpec, which is initialised during the ca...
CMSsite 1.0 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: CMSsite 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link :...
OOP CMS BLOG 1.0 Cross Site Request Forgery / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: http://zsoft.com.bd/ Software Link :...
Linux < 4.14.103 / < 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module Exploit
Linux 1 return -ENOTSUPP; return 1; int snmphelpervoid context, sizet hdrlen, unsigned char tag, const void data, sizet datalen struct snmpctx ctx = struct snmpctx context; be32 pdata = be32 data; if pdata == ctx-from prdebug"%s: %pI4 to %pI4\n", func, void &ctx-from, void &ctx-to; if ctx-check...
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...
Google Chrome < M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost
Google Chrome M72 - Use-After-Free in RenderProcessHostImpl Binding for P2PSocketDispatcherHost There's an object-lifetime issue in the browser process in the handling of P2PSocketDispatcherHost binding in parallel with OnBloatedRenderer event handling. In RenderProcessHostImpl, we have a uniquep...
Usermin 1.750 - Remote Command Execution Exploit
Exploit for linux platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' ...
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service Exploit
Exploit Title: Buffer overflow Exploit Author: Dhiraj Mishra Vendor Homepage: https://webkit.org/ Software Link: https://gitlab.gnome.org/GNOME/epiphany Version: 2.23.90 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-8375 References: https://nvd.nist.gov/vuln/detail/CVE-2019-8375...
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Add Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...
TransMac 12.3 - Denial of Service Exploit
-- coding: utf-8 -- Exploit Title: TransMac 12.3 - 'Volume name' Denial of Service PoC Author: Alejandra Sánchez Vendor Homepage: https://www.acutesystems.com/ Software Link: https://www.acutesystems.com/tmac/tmsetup.exe Version: 12.3 Tested on: Windows 10 Proof of Concept: 1.- Run the python...
Feng Office 3.7.0.5 - Remote Command Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command...
Simple Online Hotel Reservation System - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - SQL Injection / Authentication Bypass Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...
FTP Server 1.32 - Denial of Service Exploit
!/usr/bin/env python coding: utf-8 Author: Marcelo Vázquez aka s4vitar FTP Server 1.32 Remote Denial of Service DoS Exploit Title: FTP Server 1.32 Remote Denial of Service DoS Date: 2019-02-26 Exploit Author: Marcelo Vázquez aka s4vitar Vendor: The Olive Tree Software Link:...
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Vendor Homepage: https://code-projects.org/ Software Link :...
Joomla J2Store < 3.3.7 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: J2Store Plugin for Joomla! 3.3.6 - SQL Injection Author: Andrei Conache Twitter: @andreiconache Contact: andrei.conacheatprotonmail.com Software Link: https://www.j2store.org Version: 3.x-3.3.6 Tested on: Linux CVE: CVE-2019-918...
Linux SNMP NAT Module Out-Of-Bounds Read/Write Exploit
Linux: out-of-bounds read and write in SNMP NAT module commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the kernel's ASN.1...
RavenDB 4.1.4 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: RavenDB 4.1.4 | Multiple Vulnerabilities Exploit Author: Ozer Goker Vendor Homepage: https://ravendb.net Software Link: https://ravendb.net/download Version: 4.1.4 Introduction Hibernating Rhinos, a global provider of database...
Drupal < 8.6.9 - REST Module Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce...
Xlight FTP Server 3.9.1 - Buffer Overflow Exploit
Exploit Title: Xlight 3.9.1 FTP Server SEH Overwrite Exploit Author: Logan Whitmire Vendor Homepage: https://www.xlightftpd.com/index.htm Software Link: https://www.xlightftpd.com/download/xlight.zip Version: 3.9.1 Tested on: Windows XP CVE : N/A POC:!/usr/bin/python Vulnerable Software: Xlight F...
zzzphp CMS 1.6.1 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zi...
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: PHP Ecommerce Script 2.0.6 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Lin...
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution Exploit
Exploit for java platform in category web applications !/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49,...
News Website Script 2.0.5 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: News Website Script 2.0.5 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...
Advance Gift Shop Pro Script 2.0.3 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Advance Gift Shop Pro Script 2.0.3 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 21, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution Vulnerability
Exploit for php platform in category web applications Drupal FALSE; instead of the standard unserialize$values'options';. As for all FieldItemBase subclasses, LinkItem references a property type. Shortcut uses this property type, for a property named link. Triggering the unserialize Having all...
Quest NetVault Backup Server < 11.4.5 - SQL Injection / Remote Code Execution Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 C...
Memu Play 6.0.7 - Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7...
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
MikroTik RouterOS 6.43.12 stable / 6.42.12 long-term - Firewall and NAT Bypass CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack ca...
Nuuo Central Management SQL Injection Exploit
The Nuuo Central Management Server allows an authenticated user to query the state of the alarms. This functionality can be abused to inject SQL into the query. As SQL Server 2005 Express is installed by default, xpcmdshell can be enabled and abused to achieve code execution. This module will...
Advanced Comment System 1.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications 0day.today 2019-03-09...
EI-Tube 3 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP EI-Tube Script - Sql Injection Exploit Author: Meisam Monsef - email protected Vendor Homepage: https://codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912?srank=17 Version: 3 Tested on: ubuntu special thanks :...
VertrigoServ 2.17 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications alert1 3. Solution: The product is discontinued. Update last version -- 0day.today 2019-03-09...