39001 matches found
Android DeviceVersionFragment.java Privilege Escalation Exploit
Proof of concept exploit for a privilege escalation issue in Android. In checkDebuggingDisallowed of DeviceVersionFragment.java, there is a possible way to access adb before SUW completion due to an insecure default value. This could lead to local escalation of privilege with no additional...
PSOProxy 0.5 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: PSOProxy 0.5 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 10 january 2024 Vendor Homepage: https://sourceforge.net/projects/psoproxy/files/psoproxy/0.5/ Download to demo:...
AdvantechWeb / SCADA 9.1.5U SQL Injection Vulnerability
AdvantechWeb/SCADA version 9.1.5U suffers from a post authentication remote SQL injection vulnerability. ;; PostAuth SQLi in AdvantechWeb/SCADA 9.1.5U ;; ;; found: 28.12.2023 ;; ;; more: ;; https://code610.blogspot.com/2024/01/postauth-sqli-in-advantechwebscada-915u.html ;; POST...
Intrasrv Simple Web Server 1.0 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket; Exploit Title: Intrasrv Simple Web Server 1.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 09 january 2024 Vendor Homepage: http://www.leighb.com/intrasrv.htm Download to demo: http://www.leighb.com/intrasrv.zip Download 2 to demo:...
cpio 2.13 Privilege Escalation Vulnerability
cpio version 2.13 suffers from a privilege escalation vulnerability via setuid files in a cpio archive. cpio privilege escalation vulnerability via setuid files in cpio archive Happy New Year, let in 2024 happiness be with you! : When extracting archives cpio at least version 2.13 preserves the...
liveSite 2019.1 Remote Code Execution Vulnerability
Exploit Title: liveSite Version : 2019.1 Remote Code Execution Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://livesite.com/ Version : 2019.1 Tested on: https://www.softaculous.com/apps/cms/liveSite 1 Login with admin cred Click Staff Home Edit Designer Region Name:megamenu ,...
Microsoft SQL Server db_ddladmin Privilege Escalation Vulnerability
Microsoft SQL Server versions 2014 through 2022 suffers from a dbddladmin privilege escalation vulnerability. When escalated to Microsoft as a concern, they instead opted to update their documentation to note that this is possible instead of addressing the issue. Title: SQL Server Privilege...
File Sharing Wizard 1.5.0 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: File Sharing Wizard 1.5.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 07 january 2024 Vendor Homepage: N/A Download to demo: https://drive.google.com/file/d/13fs9IHSaGQ27YIQNDyrQV20jCT7owPQ6/view?usp=sharing Notificati...
httpdx 1.5.4 Denial Of Service Exploit
!/usr/bin/perl use IO::Socket::INET; Exploit Title: httpdx 1.5.4 - Denied of Service DoS Discovery by: Fernando Mengali Discovery Date: 06 january 2024 Vendor Homepage: http://httpdx.sourceforge.net Download to demo: https://sourceforge.net/projects/httpdx/files/httpdx/httpdx%201.5.4/ Download 2 ...
Femitter FTP Server 1.03 Denial Of Service Exploit
!/usr/bin/perl use Net::FTP; Exploit Title: Femitter FTP Server 1.03 - Denial of Service DoS Discovery by: Fernando Mengali Vendor Homepage: https://acritum.com/ Download to demo: https://drive.google.com/file/d/1GBFmc7tMavA9mMoZPYVlUVUe62dGjBhF/view?usp=sharing Notification vendor: No reported...
Form Tools 3.1.1 Cross Site Scripting Vulnerability
Exploit Title: Form Tools Version: 3.1.1 - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://formtools.org/ Version: 3.1.1 Tested on: https://www.softaculous.com/demos/FormTools 1 Write after formid your payload :...
Themebleed Windows 11 Themes Arbitrary Code Execution Exploit
When an unpatched Windows 11 host loads a theme file referencing an msstyles file, Windows loads the msstyles file, and if that file's PACKMEVERSION is 999, it then attempts to load an accompanying dll file ending in vrf.dll. Before loading that file, it verifies that the file is signed. It does...
iGalerie 3.0.22 Cross Site Scripting Vulnerability
Exploit Title: iGalerie Version: 3.0.22 - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://www.igalerie.org/ Version: 3.0.22 Tested on: https://softaculous.com/demos/iGalerie 1 Go to home page and click edit https://127.0.0.1/iGalerie/ Titre : "sVg/onLy=1 onLoaD=confirm1// 2 Write i...
Linux io_uring __io_uaddr_map() Dangerous Multi-Page Handling Exploit
iouring: iouaddrmap handles multi-page region dangerously iouaddrmap wants to import a region from userspace, and then address the imported region through the linear mapping area. This requires that the imported region is physically contiguous. A comment in iouaddrmap explains that the imported...
Gom Player 2.3.92.5362 DLL Hijacking Vulnerability
Exploit Title: Gom Player 2.3.92.5362 - nvcuda.dll DLL Hijacking Exploit Author: Yehia Elghaly Mrvar0x Vendor Homepage: https://www.mrvar0x.com/ Version: 2.3.92.5362 Tested on: Windows 7, Windows 10 A DLL hijacking vulnerability has been discovered Gom Player 2.3.92.5362. When a user loads the...
FreeSWITCH Denial Of Service Exploit
FreeSWITCH versions prior to 1.10.11 remote denial of service exploit that leverages a race condition in the hello handshake phase of the DTLS protocol. include include include include define IP "127.0.0.1" define PORT 5061 int main SSLlibraryinit; SSLloaderrorstrings; OpenSSLaddsslalgorithms;...
PluXml Blog 5.8.9 Remote Code Execution Vulnerability
Exploit Title: PluXml Blog Version : 5.8.9 - Remote Code Execution Authenticated Exploit Author: tmrswrr Category: Webapps Vendor Homepage: https://pluxml.org/ Version : 5.8.9 Tested on: https://www.softaculous.com/apps/cms/PluXml 1 After login Click Static pages Edit Write in content your payloa...
Gom Player 2.3.92.5362 Buffer Overflow Exploit
Exploit Title: Gom Player 2.3.92.5362 - Buffer Overflow PoC Discovered by: Yehia Elghaly Mrvar0x Vendor Homepage: https://www.gomlab.com/en Tested Version: 2.3.92.5362 Tested on: Windows 7, Windows 10 - Open GOM Player - Click on the settings - From the menu, select Audio -- Equalizer - Click on...
Linux 6.4 io_uring Use-After-Free Exploit
Linux =6.4: iouring: page UAF via buffer ring mmap Since commit c56e022c0a27 "iouring: add support for user mapped provided buffer ring", landed in Linux 6.4, iouring makes it possible to allocate, mmap, and deallocate "buffer rings". A "buffer ring" can be allocated with iouringregister...,...
Easy File Sharing FTP Server 2.0 Denial Of Service Exploit
!/usr/bin/perl use Net::FTP; Exploit Title: Easy File Sharing FTP Server 2.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 04 january 2024 Download to demo: https://drive.google.com/drive/folders/1XISgBk4Zql8NzkWsrzAPOUEqbjJP4hZQ?usp=sharing Notification vendor: No report...
minaliC 2.0.0 Denial Of Service Exploit
!/usr/bin/perl use Socket; Exploit Title: minaliC 2.0.0 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 03 january 2024 Vendor Homepage: http://minalic.sourceforge.net/ Download to demo: https://drive.google.com/file/d/1WoDbps6up2s5Xa40YXDSABRU9J17yRQd/view?usp=sharing...
WebCalendar 1.3.0 Cross Site Scripting Vulnerability
Exploit Title: WebCalendar Version: 1.3.0 - Stored XSS - Reflected XSS Exploit Author: tmrswrr Vendor Homepage: http://www.k5n.us/webcalendar.php Version: 1.3.0 Tested on: https://www.softaculous.com/apps/calendars/WebCalendar Stored XSS 1 Write Events Add New Events Brief Description :...
CMSMS 2.2.19 Arbitrary File Upload Vulnerability
The parameter "fileupload" in type ID is vulnerable to File Upload and RCE attacks, it is not sanitized correctly. The attacker can upload a virus directly on the server by using this web vulnerability, and then he can execute it, this can be the end of this server depending on the scenario! In...
FTPDMIN 0.96 Denial Of Service Exploit
!/usr/bin/perl use Net::FTP; Exploit Title: FTPDMIN 0.96 - Denial of Service DoS Discovery by: Fernando Mengali Discovery Date: 2024-01-01 Vendor Homepage: https://www.sentex.ca/mwandel/ftpdmin/ Download to demo: https://drive.google.com/file/d/1CpfvaJbJVxR3HPWvcxIVipTaTj7RAaLd/view?usp=sharing...
Ultra Mini HTTPd 1.21 Denial Of Service Exploit
Exploit Title: Ultra Mini HTTPd 1.21 - Denial of Service DoS Discovery by: Fernando Mengali Vendor Homepage: https://acme.com/ Software Link: https://acme.com/ Notification vendor: Yes reported Tested Version: Ultra Mini HTTPd 1.21 Tested on: Window XP Professional - Service Pack 2 and 3 - Englis...
Apache 2.4.55 mod_proxy HTTP Request Smuggling Exploit
Some modproxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP request smuggling attack. Configurations are affected when modproxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the...
ShopSite 14.0 Cross Site Scripting Vulnerability
Exploit Title: ShopSite Version: 14.0 - Stored XSS Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://www.shopsite.com/ Version: 14.0 Tested on: https://www.shopsite.com/demo.html 1 Upload poc.svg file here : https://demo.shopsite.com/cgi-bin/ssdemos/stores/alsdemo/ss/mediam.cgi...
Apache OFBiz 18.12.09 Remote Code Execution Exploit
Apache OFBiz version 18.12.09 suffers from a pre-authentication remote code execution vulnerability. From: Jacques Le Roux Date: Mon, 04 Dec 2023 21:04:50 +0000 Severity: moderate Affected versions: - Apache OFBiz before 18.12.10 Description: Pre-auth RCE in Apache Ofbiz 18.12.09. It's due to...
Lot Reservation Management System 1.0 Shell Upload Vulnerability
Exploit Title: Lot Reservation Management System Unauthenticated File Upload and Remote Code Execution Date: 10th December 2023 Exploit Author: Elijah Mandila Syoyi Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html Softwar...
WhatACart 2.0.7 Cross Site Scripting Vulnerability
Exploit Title: WhatACart Version: 2.0.7 - Reflected XSS Date: 2023-12-27 Exploit Author: tmrswrr Category : Webapps Vendor Homepage: https://whatacart.com Version: 2.0.7 Tested on: https://whatacart.com/demo 1 Go to this page : https://demo.whatacart.com/ 2 Write search field this payload :...
FreeSWITCH 1.10.10 Denial Of Service Vulnerability
When handling DTLS-SRTP for media setup, FreeSWITCH version 1.10.10 is susceptible to denial of service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS-SRTP encrypted calls during the attack. FreeSWITCH...
Lot Reservation Management System 1.0 File Disclosure Vulnerability
Exploit Title: Lot Reservation Management System Unauthenticated File Disclosure Vulnerability Date: 10th December 2023 Exploit Author: Elijah Mandila Syoyi Vendor Homepage: https://www.sourcecodester.com/php/14530/lot-reservation-management-system-using-phpmysqli-source-code.html Software Link:...
Microsoft Windows PowerShell Code Execution / Event Log Bypass Vulnerabilities
Prior work from this researcher disclosed how PowerShell executes unintended files or BASE64 code when processing specially crafted filenames. This research builds on their PSTrojanFile work, adding a PS command line single quote bypass and PS event logging failure. On Windows CL tab, completing ...
Hospital Management System 4.0 XSS / Shell Upload / SQL Injection Vulnerabilities
Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. Description: Mutiple vulnerabilties were discovered in Hospital Management System Affected CMS: Hospital Management System Affected Version: unread...
GilaCMS 1.15.4 SQL Injection Vulnerability
Description: GilaCMS widget and use wiget area filter to perform search Sample payload: http://targeturl/cm/listrows/widget?page=1&area=dashboard'%20UNION%20ALL%20SELECT%20NULL,NULL,NULL,NULL,@@version,NULL--%20 Attack Vector 2: After login into admin portal, go to edit...
Craft CMS 4.4.14 Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated remote code execution vulnerability in Craft CMS versions 4.0.0-RC1 through 4.4.14. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Craft CMS...
Glibc Tunables Privilege Escalation Exploit
A buffer overflow exists in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. It has been dubbed Looney Tunables. This issue allows an local attacker to use maliciously crafted GLIBCTUNABLES when launching binaries with SUID permission to execute co...
Vinchin Backup And Recovery Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in Vinchin Backup & Recovery v5.0., v6.0., v6.7., and v7.0.. Due to insufficient input validation in the checkIpExists API endpoint, an attacker can execute arbitrary commands as the web server user. This module requires Metasploit...
MajorDoMo Remote Code Execution Vulnerability
Introduction MajorDoMo, a beacon in Russian home automation and particularly favored by Raspberry Pi aficionados, has been a trusted name for over a decade. With over 380 stars on its official GitHub repository at the time of writing https://github.com/sergejey/majordomo, its popularity is eviden...
TYPO3 11.5.24 Path Traversal Vulnerability
Exploit Title: TYPO3 11.5.24 Path Traversal Vulnerability Authenticated Exploit Author: Saeed reza Zamanian Software Link: https://get.typo3.org/release-notes/11.5.24 Version: 11.5.24 Tested on: Kali 2022.3 CVE : CVE-2023-30451 In TYPO3 11.5.24, the filelist component allows attackers with access...
Atlassian Confluence Improper Authorization / Code Execution Exploit
This improper authorization vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account. Using this account, an attacker can then perform all administrative actions that are available to the Confluence instance administrator. This...
PKP-WAL 3.4.0-3 Remote Code Execution Exploit
PKP Web Application Library PKP-WAL versions 3.4.0-3 and below, as used in Open Journal Systems OJS, Open Monograph Press OMP, and Open Preprint Systems OPS before versions 3.4.0-4 or 3.3.0-16, suffer from a NativeImportExportPlugin related remote code execution vulnerability...
WordPress Backup Migration 1.3.7 Remote Code Execution Vulnerability
Vulnerability Summary from Wordfence Intelligence Description: Backup Migration = 1.3.7 backup-backup Unauthenticated Remote Code Execution Affected Plugin: Backup Migration Plugin Slug: backup-backup Affected Versions: = 1.3.7 CVE ID:CVE-2023-6553 Pending CVSS Score: 9.8 Critical CVSS Vector:...
Splunk XSLT Upload Remote Code Execution Exploit
This Metasploit module exploits a remote code execution vulnerability in Splunk Enterprise. The affected versions include 9.0.x before 9.0.7 and 9.1.x before 9.1.2. The exploitation process leverages a weakness in the XSLT transformation functionality of Splunk. Successful exploitation requires...
WordPress Bravo Translate 1.2 SQL Injection Vulnerability
Exploit Title: WP Plugins Bravo Translate = 1.2 - SQL Injection Exploit Author: Arvandy Software Link: https://wordpress.org/plugins/bravo-translate/ Version: 1.2 Tested on: Windows, Linux CVE: CVE-2023-49161 Product Description This plugin allow you to translate your monolingual website in a sup...
WordPress TextMe SMS 1.9.0 Cross Site Request Forgery Vulnerability
Exploit Title: WP Plugins TextMe SMS history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.9.1...
WordPress Contact Form To Any API 1.1.6 Cross Site Request Forgery Vulnerability
Exploit Title: WP Plugins Contact Form to Any API history.pushState'', '', '/'; document.forms0.submit; Recommendation Upgrade to version 1.1.7...
Microsoft Defender Anti-Malware PowerShell API Arbitrary Code Execution Vulnerability
Microsoft Defender API and PowerShell APIs suffer from an arbitrary code execution due to a flaw in powershell not handling user provided input that contains a semicolon. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
ISPConfig 3.2.11 PHP Code Injection Exploit
------------------------------------------------------------------------ ISPConfig = 3.2.11 languageedit.php PHP Code Injection Vulnerability ------------------------------------------------------------------------ - Software Link: https://www.ispconfig.org - Affected Versions: Version 3.2.11 and...
VMware Cloud Director - Bypass identity verification Exploit
CVE-2023-34060 vulnerability is a vulnerability that allows an attacker to bypass identity verification when entering port 22 ssh or port 5480 Device Management Console in VMware Cloud Director Appliance123. This vulnerability does not exist on port 443 VCD provider and tenant sign-in...