39001 matches found
Craft CMS 3.0.25 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications...
PLC Wireless Router GPN2.4P21-C-CN Cross Site Scripting Vulnerability
Exploit for cgi platform in category web applications Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Reflected XSS Exploit Author: Kumar Saurav Vendor: ChinaMobile Category: Hardware Version: GPN2.4P21-C-CN Firmware: W2001EN-00 Tested on: Multiple CVE : CVE-2018-20326 Description: PLC Wireles...
WordPress Baggage Freight Shipping Australia 0.1.0 Plugin - Arbitrary File Upload
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Software Link: https://wordpress.org/plugins/baggage-freight/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.1.0 Category: webapps...
MAGIX Music Editor 3.1 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: MAGIX Music Editor 3.1 - Buffer Overflow SEH Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: MAGIX Music Editor 3.1 Vendor Homepage: https://www.magix.com/us/ Version: 3.1 Software Link:...
WordPress Audio Record 1.0 Plugin - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Audio Record 1.0 - Arbitrary File Upload Software Link: https://wordpress.org/plugins/audio-record/ Exploit Author: Kaimi Website: https://kaimi.io Version: 1.0 Category: webapps Unrestricted file upload in reco...
bludit Pages Editor 3.0.0 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: bludit Pages Editor 3.0.0 - Arbitrary File Upload Exploit Author: BouSalman Vendor Homepage: https://www.bludit.com/ Software Link: N/A Version: 3.0.0 Tested on: Ubuntu 18.04 CVE : 2018-1000811 POST /admin/ajax/upload-files...
ShareAlarmPro 2.1.4 - Denial of Service Exploit
Exploit Title:ShareAlarmPro 2.1.4 - Denial of Service PoC Exploit Author: T3jv1l Vendor Homepage: :http://www.nsauditor.com Software: http://sharealarm.nsauditor.com/downloads/sharealarmprosetup.exe Contact: https://twitter.com/T3jv1l Version:ShareAlarmPro 2.1.4 Tested on: Windows 7 SP1 x86 PoC: ...
Terminal Services Manager 3.1 - Local Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Terminal Services Manager 3.1 - Buffer Overflow SEH Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: Terminal Services Manager 3.1 Vendor Homepage: https://lizardsystems.com Version: 3.1 Software Link:...
NetShareWatcher 1.5.8 - Denial of Service Exploit
Exploit Title: NetShareWatcher 1.5.8 - Denial of Service PoC Exploit Author: T3jv1l Vendor Homepage: :http://www.nsauditor.com Software: http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Contact: https://twitter.com/T3jv1l Version: NetShareWatcher 1.5.8 Tested on: Windows 7...
Product Key Explorer 4.0.9 - Denial of Service Exploit
Exploit Title: Product Key Explorer 4.0.9 - Denial of Service PoC Exploit Author: T3jv1l Vendor Homepage: :http://www.nsauditor.com Software: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Contact: https://twitter.com/T3jv1l Version: Product Key Explorer 4.0.9 Tested on: Windows 7...
Linux/x64 - Disable ASLR Security Shellcode (93 Bytes)
/ ASLR Address Space Layout Randomization Disable Shellcode Language C & ASM - Linux/x8664 Author : Kağan Çapar contact: email protected shellcode len : 93 bytes compilation: gcc -fno-stack-protector -z execstack .c -o Test: run shellcode ./aslr etc. check : cat /proc/sys/kernel/randomizevaspace...
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Copy/Read Exploit
Exploit for windows platform in category local exploits The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while...
Linux/x86 - Kill All Processes Shellcode (14 bytes)
Exploit Title: Linux/x86 - Kill All Processes Shellcode 14 bytes Exploit Author: strider Vendor Homepage: None Software Link: None Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : None Shellcode Length: 14 Description: Linux/x86 kill 9 -1 14 bytes...
WSTMart 2.0.8 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WSTMart 2.0.8 - Cross-Site Scripting Exploit Author: linfeng Vendor Homepage: https://github.com/wstmall/wstmart/ Software Link: http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE: CVE-2018-20367 0x01 stored XSS PoC Functi...
FrontAccounting 2.4.5 - SubmitUser SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: FrontAccounting 2.4.5 - 'SubmitUser' SQL Injection Exploit Author: Sainadh Jamalpur Vendor Homepage: http://frontaccounting.com/ Software Link: https://sourceforge.net/projects/frontaccounting/ Version: 2.4.5 Tested on: XAMPP...
Google Chrome 70 - SQLite Magellan Crash Exploit
This proof-of-concept crashes the Chrome renderer process using Tencent Blade Team's Magellan SQLite3 bug. It's based on a SQLite test case from the commit that fixed the bug. If you're using Chrome 70 or below, tap the button below to crash this page: Crash this page Your browser's user agent is...
Keybase keybase-redirector - ($PATH) Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executing a cust...
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution Exploit
Exploit for windows platform in category local exploits Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/46051.zip Password: infected 0day.today 2018-12-27...
phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read Exploit
Exploit for php platform in category web applications !/usr/bin/env python coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLoggername log.setLevellogging.DEBUG tmpformat =...
PhpSpreadsheet < 1.5.0 - XML External Entity (XXE) Vulnerability
Exploit for php platform in category web applications Product Description PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc. Vulnerabilities List One...
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Exploit Author: linfeng Vendor Homepage:https://github.com/wstmall/wstmart/ Software Link:http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE :CVE-2018-19138 0x02 CSRF Po...
Kubernetes - (Authenticated) Arbitrary Requests Exploit
!/usr/bin/env python3 import argparse from ssl import wrapsocket from socket import createconnection from secrets import base64, tokenbytes def requeststage1namespace, pod, method, target, token: stage1 = "" with open'stage1', 'r' as stage1fd: stage1 = stage1fd.read return stage1.formatnamespace,...
Kubernetes - (Unauthenticated) Arbitrary Requests Exploit
!/usr/bin/env python3 import argparse from ssl import wrapsocket from json import loads, dumps from socket import createconnection def requeststage1base, version, target: stage1 = "" with open'ustage1', 'r' as stage1fd: stage1 = stage1fd.read return stage1.formatbase, version, target .encode'utf-...
ASUS Aura Sync versions 1.07.22 Driver Privilege Escalation Exploit
Multiple vulnerabilities were found in the GLCKIo and Asusgio drivers installed by ASUS Aura Sync, which could allow a local attacker to elevate privileges. ASUS Aura Sync versions 1.07.22 and below are affected. ASUS Drivers Elevation of Privilege Vulnerabilities 1. Advisory Information Title:...
Juniper Secure Access SSL VPN Privilege Escalation Vulnerability
Certain Secure Access SA Series SSL VPN products originally developed by Juniper Networks but now sold and supported by Pulse Secure, LLC allow privilege escalation, as demonstrated by Secure Access SSL VPN SA-4000 5.1R5 build 9627 4.2 Release build 7631. This occurs because appropriate controls...
Microsoft Edge 42.17134.1.0 - Tree::ANode::DocumentLayout Denial of Service Exploit
Exploit Title: Microsoft Edge edgehtml.dll!Tree::ANode::DocumentLayout. Denial of Service PoC Exploit Author: Bogdan Kurinnoy email protected Vendor Homepage: https://www.microsoft.com/ Version: Microsoft Edge 42.17134.1.0 Microsoft EdgeHTML 17.17134 Tested on: Windows 10 x64 CVE : N/A Descriptio...
VBScript - MSXML Execution Policy Bypass Exploit
According to https://blogs.windows.com/msedgedev/2017/07/07/update-disabling-vbscript-internet-explorer-11/, Starting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted Sites Zone by default. However, the...
SQLScan 1.0 - Denial of Service Exploit
Exploit Title: McAfee Foundstone SQLScan - Denial of Service PoC and EIP record overwrite Discovery by: Rafael Pedrero Vendor Homepage: http://www.mcafee.com/us/downloads/free-tools/sqlscan.aspx Software Link : http://www.mcafee.com/us/downloads/free-tools/sqlscan.aspx Tested Version: 1.0.0.0...
AnyBurn 4.3 - Local Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python Exploit Title: AnyBurn 4.3 - Local Buffer Overflow SEH Unicode Exploit Author: Matteo Malvica Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Tested Version: 4.3 32-bit...
Netatalk < 3.1.12 - Authentication Bypass Exploit
Exploit Title: Netatalk Authentication Bypass Exploit Author: Jacob Baines Vendor Homepage: http://netatalk.sourceforge.net/ Software Link: https://sourceforge.net/projects/netatalk/files/ Version: Before 3.1.12 Tested on: Seagate NAS OS x8664 CVE : CVE-2018-1160 Advisory:...
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts) Vulnerability
Exploit for php platform in category web applications Exploit Title: ZeusCart4.0 Deactivate Customer Accounts CSRF Exploit Author: mqt Vendor Homepage: http://http://www.zeuscart.com/ Version: Zeus Cart 4.0 CSRF 1. Vulnerability Description Due to the form not being validated, ZeusCart4.0 suffers...
XMPlay 3.8.3 - .m3u Local Stack Overflow Code Execution Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python -- coding: utf-8 -- Exploit Title: XMPlay 3.8.3 - '.m3u' Code Execution PoC Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version:...
VBScript - VbsErase Reference Leak Use-After-Free Exploit
There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied. Details: VbsErase function is used to reset and free the content...
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Base64 Decoder 1.1.2 - Local Buffer Overflow SEH Date: 12-20-18 Vulnerable Software: Base64 Decoder 1.1.2 Vendor Homepage: http://4mhz.de/b64dec.html Version: 1.1.2...
Microsoft Windows - MsiAdvertiseProduct Arbitrary File Read Exploit
Exploit for windows platform in category local exploits The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while...
Erlang Port Mapper Daemon Cookie Remote Code Execution Exploit
The erlang port mapper daemon is used to coordinate distributed erlang instances. Should an attacker get the authentication cookie, remote code execution is trivial. Usually, this cookie is named ".erlang.cookie" and varies on location. This module requires Metasploit:...
Yeswiki Cercopitheque - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SQL Injection in Yeswiki Cercopitheque Exploit Author: Mickael BROUTY @ark1nar - FIDENS Vendor Homepage: https://yeswiki.net Software Link: https://repository.yeswiki.net/cercopitheque/yeswiki-cercopitheque-2018-12-07-1.zip...
Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure Exploit
Exploit for linux platform in category local exploits...
IBM Operational Decision Manager 8.x - XML External Entity Injection
Exploit for multiple platform in category web applications Exploit Title: XML External Entity Injection XXE Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10744149 Version: v8.6 - v8.7 - v8.8 - v8.9 REQUIRED Tested on:...
Integria IMS 5.0.83 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Integria IMS 5.0.83 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Artica ST Software Link: https://github.com/articaST/integriaims Affected Version: 5.0.83 and possibly before...
Hotel Booking Script 3.4 - CSRF (Change Admin Password) Vulnerability
Exploit for php platform in category web applications Exploit Title: Admin Account take over Via CSRF Exploit Author: Sainadh Jamalpur Vendor Homepage: https://www.phpjabbers.com/hotel-booking-system/ Software Link:...
Integria IMS 5.0.83 - search_string Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Integria IMS 5.0.83 - Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Artica ST Software Link: https://github.com/articaST/integriaims Affected Version: 5.0.83 and possibly before Patch...
Bolt CMS < 3.6.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Bolt CMS https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting/raw/master/bolt-v3.6.2.zip Affected Version: alert"Raif" Description Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the...
LanSpy 2.0.1.159 - Local Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: LanSpy 2.0.1.159 - Local Buffer Overflow RCEPoC Date: 2018-12-16 Author: Juan...
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Rukovoditel Project Management/CRM 2.3.1 - Authenticated...
PDF Explorer 1.5.66.2 - SEH Local Exploit
Exploit for windows platform in category local exploits Exploit Title: PDF Explorer SEH Local Exploit Original Discovery:Gionathan "John" Reale DoS exploit Exploit Author: Achilles Date: 18-12-2018 Vendor Homepage: http://www.rttsoftware.com/ Software Link:...
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow Exploit
Exploit for windows platform in category local exploits Exploit Title: Nsauditor Local SEH Buffer Overflow Vendor Homepage:http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Exploit Author: Achilles Tested Version: 3.0.28.0 Tested on: Windows XP SP3 1.-...
SDL Web Content Manager 8.5.0 - XML External Entity Injection Vulnerability
Exploit for php platform in category web applications Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Company : Canon Security Date : 25/11/2018 Software Information Affected Software : SDL Web Content Manager Version: Build 8.5.0 Vendor: SDL Tridion Software website :...
Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write Exploit
function f0 function f1 f2.prototype = arguments; new f2; function f2 Array.prototype.sort.callthis, f0; f11, 2, 3; !-- ========================================================= Details: JsArrayFunctionHeapSort is called when sorting an array with a provided comparison function. One of its...
Excel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service Exploit
Exploit Title: Excel Password Recovery Professional Vendor Homepage:https://www.recoverlostpassword.com/ Software Link :https://www.recoverlostpassword.com/downloads/excelpasswordrecoveryprotrial.exe Exploit Author: Achilles Tested Version: 8.2.0.0 Tested on: Windows 7 64 Vulnerability Type: Deni...