39001 matches found
7 Tik 1.0.1.0 - Denial of Service Exploit
Exploit Title: 7 Tik 1.0.1.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NQL2QC8S935 Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "PoC.txt" Copy t...
Mozilla Firefox 64 Information Disclosure Exploit
Mozilla Firefox versions 64 and below have an issue where an overly liberal same-origin policy for file URIs and a bug in the implementation of this policy make Firefox vulnerable to exposure of local files to a remote attacker. Product: Firefox Manufacturer: Mozilla Affected Versions: = 64 Teste...
Watchr 1.1.0.0 - Denial of Service Exploit
Exploit Title: Watchr 1.1.0.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9PN12GNX62VZ Version: 1.1.0.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "watchr.txt" Co...
Eco Search 1.0.2.0 - Denial of Service Exploit
Exploit Title: Eco Search 1.0.2.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9N05DCQP5C3W Version: 1.0.2.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "PoC.txt"...
SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: SeoToaster Ecommerce 3.0.0 - Local File Inclusion Exploit Author: Ihsan Sencan Vendor Homepage: https://www.seotoaster.com/shopping-cart/ Software Link: https://www.seotoaster.com/downloads/seotoaster.v3.0.0.zip Version: 3.0.0...
Microsoft Edge Chakra - InlineArrayPush Type Confusion Exploit
/ In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer to the object array which stores numeric properties. For...
Webmin 1.900 - Remote Command Execution Exploit
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Webmin 1.900 - Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...
FastTube 1.0.1.0 - Denial of Service Exploit
Exploit Title: FastTube 1.0.1.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9MXS9JVDP25V Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "PoC.txt" Cop...
Microsoft Windows CONTACT - Remote Code Execution Exploit
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec...
Siemens SICAM A8000 Series Denial Of Service Exploit
Exploit for windows platform in category web applications Product: SICAM A8000 Series Vendor: Siemens CSNC ID: CSNC-2019-002 CVE ID: CVE-2018-13798 Subject: SICAM Webinterface XXE DoS Risk: Medium CVSS 3.0 Base Score: 5.3 CVSS 3.0: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C Effect...
Microsoft Edge Chakra - InitClass Type Confusion Exploit
/ Issue description This is similar to issue 1702 https://www.exploit-db.com/exploits/46203 . This time, it uses an InitClass instruction to reach the SetIsPrototype method. PoC: / function opto, c, value o.b = 1; class A extends c o.a = value; function main for let i = 0; i 2000; i++ let o = a: ...
Joomla Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
Exploit for php platform in category web applications Exploit Title: Joomla Global Configuration Text Filter settings Stored XSS Vulnerability Exploit Author: Praveen Sutar , Twitter: @praveensutar123 Vendor Homepage: https://www.joomla.org/ Affected Versions: Joomla versions 2.5.0 through 3.9.1...
Pydio / AjaXplorer < 5.0.4 - Unauthenticated Arbitrary File Upload Exploit
Exploit for php platform in category web applications Exploit Title: Unauthenticated Arbitrary File Upload Vulnerability In Pydio/AjaXplorer 5.0.3 â 3.3.5 Exploit Author: @jazz Vendor Homepage: https://pydio.com/ Software Link:...
OpenSSH 7.6p1 SCP Client - Multiple Vulnerabilities (SSHtranger Things) Exploit
Exploit Title: SSHtranger Things Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111, CVE-2019-6110 ''' Title: SSHtranger Things Author: Mark E. Haase Homepage:...
Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion Exploit
NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusion in the JITed code. In the PoC, it overwrites the pointer to property...
phpTransformer 2016.9 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: phpTransformer 2016.9 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link: https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release2016.9.zip Versio...
phpTransformer 2016.9 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: phpTransformer 2016.9 - Directory Traversal Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link: https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release2016.9.zip...
Kentix MultiSensor-LAN 5.63.00 Authentication Bypass Vulnerability
Kentix MultiSensor-LAN versions 5.63.00 and below suffer from an authentication bypass vulnerability. The web based application is not using a usual session concept with a session cookie for managing authenticated user sessions. Some URLs are protected with HTTP Basic Authentication, but the user...
One Search 1.1.0.0 - Denial of Service Exploit
Exploit Title: One Search 1.1.0.0 - Denial of Service PoC Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9PMR5QNS5LTL Version: 1.1.0.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file "PoC.txt"...
Microsoft Edge Chakra - JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode
/ The JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it's essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise i...
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Cross-site Scripting XSS Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3 REQUIRED Tested on: Windows 10 CV...
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
function main var ar = ; forlet i = 0; i...
Spotify 1.0.96.181 - Proxy configuration Denial of Service Exploit
Exploit Title: Spotify 1.0.96.181 - "Proxy configuration" Denial of Service PoC Discovery by: Aaron V. Hernandez Vendor Homepage: https://www.spotify.com Software Link: https://www.spotify.com/mx/download/windows/ Tested Version: 1.0.96.181 Vulnerability Type: Denial of Service DoS Local Tested o...
NTPsec 1.1.2 - ntp_control Authenticated NULL Pointer Dereference Exploit
!/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated NULL pointer exception Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-authed-npe Vendor Homepage: https://ntpsec.org...
Microsoft Windows 10 - RestrictedErrorInfo Unmarshal Section Handle Use-After-Free Exploit
Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT RestrictedErrorInfo doesnât correctly check the validity of a handle to a section...
blueman - set_dhcp_handler D-Bus Privilege Escalation Exploit
Exploit for linux platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'blueman setdhcphandler D-Bus Privilege Escalation', 'Description' = %q This module attempts...
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free Exploit
/ The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage collection via rope strings. As a result, it can lead to UaF. PoC: ...
NTPsec 1.1.2 - config Authenticated Out-of-Bounds Write Denial of Service Exploit
!/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated out of bounds write proof of concept DoS Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-authed-oobwrite Vendor Homepage:...
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: XmlDocument Insecure Sharing Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox...
NTPsec 1.1.2 - ntp_control Out-of-Bounds Read Exploit
!/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread2 Vendor Homepage: https://ntpsec.org/ Software Link:...
NTPsec 1.1.2 - ctl_getitem Out-of-Bounds Read Exploit
!/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread1 Vendor Homepage: https://ntpsec.org/ Software Link:...
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: DSSVC DSOpenSharedFile Arbitrary File Open EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues Iâm reporti...
ownDMS 4.7 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: ownDMS 4.7 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.owndms.com/ Software Link: https://datapacket.dl.sourceforge.net/project/owndms/owndms47.zip Version: 4.7 Category: Webapps Tested on:...
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version - 1.2.0.1000 -...
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues Iâm...
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broker COM object...
1Password < 7.0 - Denial of Service Exploit
Description The 1Password application 7.0 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application...
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: DSSVC MoveFileInheritSecurity Multiple Issues EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues Iâm...
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass Exploit
Exploit for windows platform in category local exploits Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This i...
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: The...
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: SSPI Network Authentication Session 0 EoP Platform: Windows 10 1803/1809 not tested earlier versions Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session boundary Summary: Performing an NTLM...
Cleanto 5.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Cleanto 5.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://skymoonlabs.com/ Software Link: https://codecanyon.net/item/appointment-booking-software-for-cleaning-maintenance-businesses-cleanto/18397969...
PORTIER 4.4.4.2 / 4.4.4.6 Cryptographic Issues Exploit
Exploit for php platform in category web applications PORTIER 4.4.4.2 / 4.4.4.6 Cryptographic Issues Exploit Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: Cryptographic Issues CWE-310 Risk Level: HIGH Solution Status: Open Manufacturer...
Hootoo HT-05 - Remote Code Execution Exploit
require 'msf/core' require 'net/http' require "uri" class MetasploitModule 'Hootoo HT-05 remote shell exploit', 'Description' = %q This module tries to open a door in the device by exploiting the RemoteCodeExecution by creating a backdoor inside the device This exploit was written by Andrei Manol...
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Live Call Support 1.5 - Remote Code Execution / SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link:...
Find a Place CMS Directory 1.5 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Locations CMS 1.5 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://themerig.com/ Software Link: https://codecanyon.net/item/locations-multipurpose-cms-directory-theme/21098597 Version: 1.0 Category: Webapps...
Lenovo R2105 - Cross-Site Request Forgery Exploit
Exploit for hardware platform in category web applications Exploit Title: Lenovo R2105 Remote Code Execution through CSRF Date: 01/14/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Version: 1.0 Tested on: Windows 10 x64 Note: The administrator who opens the URL should be...
Horde Imp - imap_open Remote Command Execution
Exploit for php platform in category web applications Exploit Title: Horde Imp Unauthenticated Remote Command Execution Google Dork: inurl:/imp/login.php Exploit Author: Paolo Serracino - Pietro Minniti - Damiano Proietti Vendor Homepage: https://www.horde.org/apps/imp/ Software Link:...
Hucart CMS 5.7.4 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications function posturl,fields var p = document.createElement"form"; p.action = url; p.innerHTML = fields; p.target = "self"; p.method = "post"; document.body.appendChildp; p.submit; function csrfhack var fields; fields += ""; fields += ""; fields +=...
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link:...