39001 matches found
SolarWinds Serv-U FTP 15.1.6.25 Cross Site Scripting Vulnerability
Exploit for windows platform in category web applications Issue: Reflected Cross-Site Scripting CVE: CVE-2018-19934 Security researcher: Chris Moberly @ The Missing Link Security Product name: Serv-U FTP Server Product version: Tested on 15.1.6.25 current as of Dec 2018 Fixed in: Serv-U 15.1.6...
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to
/ xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the message body is large, then it's sent as a MACHMSGOOLDESCRIPTOR. Also if the message contains other port resources eg memory entry ports th...
macOS < 10.14.3 / iOS < 12.1.3 XNU - vm_map_copy Optimization which Requires Atomicity isn�
/ vmmapcopyininternal in vmmap.c converts a region of a vmmap into "copied in" form, constructing a vmmapcopy structure representing the copied memory which can then be mapped into another vmmap or the same one. The function contains a while loop which walks through each of the vmmapentry...
Remote Process Explorer 1.0.0.16 - Denial of Service SEH Overwrite Exploit
Exploit Title: Remote Process Explorer v1.0.0.16 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Vendor Homepage: http://lizardsystems.com/action.php?action=home&product=rpexplorer&version=1.0.0.16 Software Link :...
SureMDM < 2018-11 Patch - Local / Remote File Inclusion Vulnerability
Exploit for windows platform in category web applications Exploit Title: SureMDM LFI/RFI Prior to 2018-11 Patch Google Dork: inurl:/api/DownloadUrlResponse.ashx Date: 2019-02-01 Exploit Author: Digital Interruption Vendor Homepage: https://www.42gears.com/ Software Link:...
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issu
/ It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and backboardd on iOS. You can talk to it from the app sandbox on iOS. It uses an IOMIGMachPortCache to translate between...
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File Exploit
/ XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might ...
macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking
/ Inspired by Ned Williamsons's fuzzer I took a look at the netkey code. keygetsastat handles SADBGETSASTAT messages: It allocates a buffer based on the number of SAs there currently are: bufsize = ipsecsavcount + 1 sizeofsastatssav; KMALLOCWAITsastatssav, typeofsastatssav, bufsize; It the...
Anyburn 4.3 - Convert image to file format Denial of Service Exploit
!/usr/bin/python Exploit Title: AnyBurn x86 - Denial of Service DoS Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.anyburn.com/ Version: 4.3 32-bit Software Link : http://www.anyburn.com/anyburnsetup.exe Contact: [email protected] Twitter: @telspacesystems Gree...
PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit
Exploit for windows platform in category local exploits Exploit Title: PassFab Excel Password Recovery SEH Local Exploit Vendor Homepage:https://www.passfab.com/products/excel-password-recovery.html Software Link: https://www.passfab.com/downloads/passfab-excel-password-recovery.exe Exploit Autho...
ASPRunner Professional 6.0.766 - Denial of Service Exploit
Exploit Title: ASPRunner Professional v6.0.766 - Denial of Service PoC Discovery by: Rafael Pedrero Vendor Homepage: http://www.xlinesoft.com/asprunnerpro Software Link : http://www.xlinesoft.com/asprunnerpro Tested Version: v6.0.766 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service...
UltraISO 9.7.1.3519 - Output FileName Local Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: UltraISO 9.7.1.3519 - Local Buffer Overflow SEH Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.ultraiso.com/ Version: 9.7.1.3519 Software Link:...
AMAC Address Change 5.4 - Denial of Service Exploit
Exploit Title: a-Mac Address Change v5.4 - Denial of Service PoC Discovery by: Rafael Pedrero Vendor Homepage: http://amac.paqtool.com/ Software Link : http://amac.paqtool.com/ Tested Version: 5.4 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS Local Buffer Overflow Steps to...
LanHelper 1.74 - Denial of Service Exploit
Exploit Title: LanHelper v1.74 - Denial of Service PoC Discovery by: Rafael Pedrero Vendor Homepage: http://www.hainsoft.com/ Software Link : http://www.hainsoft.com/ Tested Version: 1.74 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS Local Buffer Overflow Steps to Produce th...
FlexHEX 2.46 - Denial of Service SEH Overwrite Exploit
Exploit Title: FlexHEX v2.46 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Vendor Homepage: http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 Software Link : http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 Tested Version: 2.46 Tested on: Windows XP S...
Advanced Host Monitor 11.90 Beta - Registration number Denial of Service Exploit
Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service PoC Discovery by: Luis Martinez Vendor Homepage: https://www.ks-soft.net Software Link : https://www.ks-soft.net/download/hm1190.exe Tested Version: 11.90 Beta Vulnerability Type: Denial of Service DoS Local...
R 3.5.0 - Local Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: R i386 3.5.0 - Local Buffer Overflow SEH Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.r-project.org/ Version: 3.5.0 Software Link:...
Advanced File Manager 3.4.1 - Denial of Service Exploit
Exploit Title: Advanced File Manager v3.4.1 - Denial of Service PoC Discovery by: Rafael Pedrero Vendor Homepage: http://www.advexsoft.com Software Link : http://www.advexsoft.com Tested Version: 3.4.1 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS Local Buffer Overflow Steps...
iOS / macOS 10.13.6 - if_ports_used_update_wakeuuid() 16-byte Uninitialized Kernel Stack Disclosure
/ macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the code of the latter function: extern "C" bool IOPMCopySleepWakeUUIDKeychar buffer, sizet...
IP-Tools 2.50 - Denial of Service SEH Overwrite Exploit
Exploit Title: IP TOOLS v2.50 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Vendor Homepage: https://www.ks-soft.net/ip-tools.eng/index.htm Software Link : https://www.ks-soft.net/ip-tools.eng/index.htm /...
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEHDEP Bypass Vulnerable Software: 10-Strike Network Inventory Explorer 8.54 Vendor Homepage:...
Rukovoditel Project Management CRM 2.4.1 - lists_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Rukovoditel Project Management CRM 2.4.1 - 'listsid' SQL Injection Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/ Version: 2.4.1 Categor...
Necrosoft DIG 0.4 - Denial of Service SEH Overwrite Exploit
Exploit Title: Necrosoft DIG v0.4 - Denial of Service PoC SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2005-01-10 Vendor Homepage: http://www.nscan.org/?index=dns Software Link : http://www.nscan.org/?index=dns Tested Version: 0.4 Tested on: Windows XP SP3 Vulnerability...
MiniUPnPd 2.1 - Out-of-Bounds Read Exploit
!/usr/bin/python3 miniupnpd 0: self.server.notify += line line = self.rfile.read1 except: pass self.wfile.writeb"HTTP/1.1 200 OK\r\n\r\n" def splash: print" miniupnpd '.formatargs.callbackip,args.callbackport,callbackuri, 'Timeout': 'Second-20' server = socketserver.TCPServerargs.callbackip,...
Mod_Security <= 3.0 Bypass XSS Payload Vulnerability
ModSecxurity = 3.0 XSS payload. This is private exploit. You can buy it at https://0day.today...
PDF Signer 3.0 - SSTI to RCE via CSRF Cookie Vulnerability
Exploit for php platform in category web applications Exploit Title: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie Exploit Author: dd email protected Vendor Homepage: https://codecanyon.net/user/simcycreative Software Link:...
HTML Video Player 1.2.5 Local Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: HTML Video Player 1.2.5 - Local Buffer Overflow - Non SEH Date: 27/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.html5videoplayer.net/download.html Software:...
CMSsite 1.0 - search SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: CMSsite 1.0 - 'search' SQL injection Exploit Author : Majid kalantari email protected Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1...
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Care2x 2.7 HIS Hospital Information system - Multiples SQL Injection Software Links/Project: https://github.com/care2x/care2x | http://www.care2x.org/ Version: Care2x 2.7 Exploit Author: Carlos Avila Category: webapps Tested on:...
MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits Exploit Title: MySQL User-Defined Linux x32 / x8664 sysexec function local privilege escalation exploit Date: 24/01/2019 Exploit Author: d7x Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on:...
Mess Management System 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Mess Management System 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m.testbd.xyz/ Software Link: https://www.sourcecodester.com/sites/default/files/download/biddut/ms0.zip Version: 1.0 Category:...
Teameyo Project Management System 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Teameyo - Project Management System 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.teameyo.com/ Software Link: https://codecanyon.net/item/teameyo-project-management-system/23142804 Version: 1.0...
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Cisco Firepower Management Center Cross-Site Scripting XSS Vulnerability Exploit Author: Bhushan B. Patil Exploit DB author ID: 9551 Advisory URL:...
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Easy Video to iPod Converter - Local Buffer Overflow SEH Exploit Author: Nawaf Alkeraithe Twitter: @Alkeraithe1 Vulnerable Software: Easy Video to iPod Converter 1.6.20 Vendor Homepage: http://www.divxtodvd.net/ Version: 1.6.2...
Sricam gSOAP 2.8 - Denial of Service Exploit
!/bin/bash Exploit Title: Sricam gSOAP 2.8 - Denial of Service Date: 25/01/2019 Vendor Status: Informed 24/10/2018 CVE ID: CVE-2019-6973 Exploit Author: Andrew Watson Contact: https://keybase.io/bitfu Software Version: Sricam gSOAP 2.8 Vendor Homepage: http://www.sricam.com/ Tested on: Sricam IP...
ResourceSpace 8.6 - collection_edit.php SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting Vulnerability
Exploit for java platform in category web applications Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact:...
CMSsite 1.0 - cat_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: CMSsite 1.0 - SQL injection Exploit Author : Majid kalantari email protected Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested...
BEWARD Intercom 2.3.1 - Credentials Disclosure Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For...
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: R 3.4.4 - Local Buffer Overflow Windows XP SP3 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://cloud.r-project.org/bin/windows/ Contact: [email protected] Twitter:...
Linux/x86 exit(0) Shellcode (5 bytes)
/ Exit.asm Author: Daniele Votta Description: Exit with no nulls. Tested on: i686 GNU/Linux Shellcode Length: 5 / include include / Disassembly of section .text: 00000000 : 0: 31 c0 xor eax,eax 2: 40 inc eax 3: cd 80 int 0x80 ======================= POC Daniele Votta ======================= /...
Newsbull Haber Script 1.0.0 - search SQL Injection Vulnerability
Exploit for php platform in category web applications...
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1213 Version: 1.0.2 Tested on: Ubuntu 18.04 CVE:...
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: AirTies Air5341 1.0.0.12 Modem CSRF Exploit & PoC Version: AirTies Modem Firmware 1.0.0.12 Tested on: Windows 10 x64 CVE : CVE-2019-6967 Author : Ali Can Gönüllü 0day.today 2019-02-06...
Smart VPN 1.1.3.0 - Denial of Service Exploit
Exploit Title: Smart VPN 1.1.3.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NH1G93D4HKR Version: 1.1.3.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "PoC.txt" Co...
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass) Exploit
Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow - WoW64 - DEP Bypass Exploit Author: Matteo Malvica Vendor Homepage:https://www.cloudme.com/en Software: https://www.cloudme.com/downloads/CloudMe1112.exe Category: Remote Contact:https://twitter.com/matteomalvica Version: CloudMe Sync 1.11.2...
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Faleemi Desktop Software 1.8 - Local Buffer Overflow SEHDEP Bypass Date: 01-26-19 Vulnerable Software: Faleemi Desktop Software 1.8 Vendor Homepage: https://www.faleemi.com/...
LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure
Exploit for multiple platform in category web applications Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 =...
Cisco RV300 / RV320 - Information Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Cisco RV300 / RV320 - Information Disclosure Vulnerability Exploit Author: Harom Ramos Horus Tested on: Cisco RV300/RV320 CVE : CVE-2019-1653 import requests from requests.packages.urllib3.exceptions import...
WordPress ad manager wd v1.0.11 Plugin - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin ad manager wd v1.0.11 - Arbitrary File Download Google Dork: N/A Date: 25.01.2019 Vendor Homepage: https://web-dorado.com/products/wordpress-ad-manager-wd.html Software:...