39001 matches found
Google Chrome 70.0.3538.77 Cross Site Scripting / Man-In-The-Middle Vulnerability
Exploit for windows platform in category local exploits Chrome: malicious WPAD server can proxy localhost leading to XSS in http://localhost:/ VERSION Chrome Version: 70.0.3538.77 stable Operating System: Windows 10 version 1803 When Chrome is installed on Windows and the user joins a malicious...
XNU POSIX Shared Memory Mapping Issue Exploit
Exploit for multiple platform in category local exploits XNU: POSIX shared memory mappings have incorrect maximum protection CVE-2018-4435 When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the...
ZTE Home Gateway ZXHN H168N 2.2 Access Control Bypass Vulnerability
ZTE Home Gateway ZXHN H168N suffers from multiple access bypass and information disclosure vulnerabilities. POC: CVE-2018-7357 and CVE-2018-7358 Disclaimer: This POC is for Educational Purposes , I would Not be responsible for any misuse of the information mentioned in this blog post +...
i-doit CMDB 1.11.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: i-doit CMDB 1.11.2 - Remote Code Execution Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.i-doit.org/ Software Link: https://www.i-doit.org/i-doit-open-1-11-2/ Version:...
Textpad 8.1.2 - Denial Of Service Exploit
Exploit Title: Textpad 8.1.2 - Denial Of Service PoC Author: Gionathan "John" Reale Homepage: https://textpad.com Software Link: https://www.textpad.com/download/v81/win32/txpeng812-32.zip Tested Version: 8.1.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it...
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting Software Link: httpås://loganalyzer.adiscon.com/ https://github.com/rsyslog/loganalyzer Exploit Author: Gustavo Sorondo Contact: http://twitter.com/iampuky Website:...
DomainMOD 4.11.01 - DisplayName Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE :...
MiniShare 1.4.1 HEAD / POST Buffer Overflow Exploit
Hi!!! playing in 2006.... I have adapted the exploit to python Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...
FutureNet NXR-G240 Series ShellShock Command Injection Exploit
-- coding: utf-8 -- Title: FutureNet NXR-G240 Series - "ShellShock" Remote Command Injection Author: Nassim Asrir You have a Q ? Contact me at: https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: http://www.centurysys.co.jp/ CVE: CVE-2014-6271 Greetz to : Nadia BENCHIKHA for the great hel...
macOS 10.14.1 Carbon Core Memory corruption Vulnerability
CVE: CVE-2018-4463 Old and funny bug CVE-2018-4463 was patched by Apple in last macOS security update. Since 2015 Apple was exposing the users using Apple’s filesystem for stack overflow and infection by hidedd malware in DMG image. Insufficient patch for old vulnerability is the cause of problem...
Chrome V8 Math.expm1 Incorrect Type Information Vulnerability
Chrome: V8: incorrect type information on Math.expm1 The typer sets the type of Math.expm1 to be UnionPlainNumber, NaN. This is missing the -0 case: Math.expm1-0 returns -0. Tracked in: https://bugs.chromium.org/p/chromium/issues/detail?id=880207 Here's a quick example that showcases the issue:...
Rockwell Automation Allen-Bradley 1752-EN2T/C, 1769-L33ER/A Cross Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Rockwell Automation Allen-Bradley 1752-EN2T/C, 1769-L33ER/A LOGIX5333ER Cross Site Scripting Google Dork: N/A Date: 5/12/2018 Exploit Author: n4pst3r Vendor Homepage: https://www.rockwellautomation.com/ Software Link: unkn0...
HasanMWB 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: HasanMWB 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/hasanmwb/ Software Link: https://netcologne.dl.sourceforge.net/project/hasanmwb/HasanMWB-v1.zip Version: 1.0 Category:...
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE :...
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID / Clear Text Password Storage
Exploit for hardware platform in category web applications ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt + ISR: ApparitionSec Greetz: indoushka | Eduardo B...
FreshRSS 1.11.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications...
Linux/x86 - /usr/bin/head -n99 cat etc/passwd Shellcode (61 Bytes)
; Exploit Title: /usr/bin/head -n99 cat etc/passwd poly shellcode-571.php ; Exploit Author: Nelis ; Version: 0.2 ; Tested on: Ubuntu 12.10 ; Filename: headpass.nasm ; SLAE-ID: 1327 ; Based on: http://shell-storm.org/shellcode/files/shellcode-571.php ;...
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
Exploit for hardware platform in category web applications Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/ Version: 1408-EM3A-ENT B Tested on: It is a proprietary devices:...
Dolibarr ERP/CRM 8.0.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Dolibarr ERP/CRM = 8.0.3 - Cross-Site Scripting CVE: CVE-2018-19799 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://dolibarr.org Software Link:...
Wireshark - find_signature Heap Out-of-Bounds Read Vulnerability
The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut --- ==35788==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x62d0000e4400 at pc...
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE :...
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE :...
CubeCart 6.2.2 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Reflected Cross-site Scripting Vulnerability in CubeCart 6.2.2 Information -------------------- Advisory by Netsparker Name: Reflected Cross-site Scripting Vulnerability in CubeCart Affected Software: CubeCart Affected Versions: 6.2.2 Homepage...
Emacs - movemail Privilege Escalation Exploit
This Metasploit module exploits a SUID installation of the Emacs movemail utility to run a command as root by writing to 4.3BSD's /usr/lib/crontab.local. The vulnerability is documented in Cliff Stoll's book The Cuckoo's Egg. This module requires Metasploit: https://metasploit.com/download Curren...
Wireshark - cdma2k_message_ACTIVE_SET_RECORD_FIELDS Stack Corruption Vulnerability
The following crash due to a stack-based out-of-bounds memory access can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": Attached are three files which trigger the crash. --- cut --- ==25039==ERROR:...
NUUO NVRMini2 3.9.1 - Authenticated Command Injection Exploit
Exploit for php platform in category web applications Exploit Title: NUUO NVRMini2 Authenticated Command Injection Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE : CVE-2018-15716 Advisory:...
Linux/x64 - Reverse (0.0.0.0:1907/TCP) Shell Shellcode (119 Bytes)
/ reverse shell tcp 1907 port shellcode C language - Linux/x8664 Author : Kağan Çapar contact: email protected shellcode len : 119 bytes compilation: gcc -fno-stack-protector -z execstack reverse-shell.c -o reverse-shell Test: run your machine: nc -vlp 1907 and run exploit ./reverse-shell check...
Microsoft Lync for Mac 2011 - Injection Forced Browsing/Download Exploit
Exploit Title: Microsoft Lync for Mac 2011 Injection Forced Browsing/Download Author: @nyxgeek - TrustedSec Vendor Homepage: microsoft.com Software Link: https://www.microsoft.com/en-us/download/details.aspx?id=36517 CVE: CVE-2018-8474 Version: Lync:Mac 2011 14.4.3, likely earlier versions Tested...
Xorg X11 Server (AIX) - Local Privilege Escalation Exploit
Exploit for aix platform in category local exploits Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1...
DomainMOD 4.11.01 - Registrar Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE :...
OpenSSH < 7.7 - User Enumeration Exploit (2)
!/usr/bin/env python2 CVE-2018-15473 SSH User Enumeration by Leap Security @LeapSecurity https://leapsecurity.io Credits: Matthew Daley, Justin Gardner, Lee David Painter import argparse, logging, paramiko, socket, sys, os class InvalidUsernameException: pass malicious function to malform packet...
HP Intelligent Management Java Deserialization Remote Code Execution Exploit
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Hewlett Packard Enterprise Intelligent Management Center. Authentication is not required to exploit this vulnerability. The specific flaw exists within the WebDMDebugServlet, which listens on TCP...
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Exploit
Exploit for linux platform in category web applications Exploit Title: PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Exploit Author: paragonsec @ Critical Start Vendor Homepage: https://live.paloaltonetworks.com/t5/Expedition-Migration-Tool/ct-p/migrationtool Softwa...
Wordpress Advanced-Custom-Fields 5.7.7 Plugins - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link: https://www.advancedcustomfields.com/...
Mozilla Firefox 63.0.1 - Denial of Service Exploit
Exploit Title: Mozilla Firefox 63.0.1 - Denial of Service PoC Exploit Author: SAIKUMAR CHEBROLU Vendor Homepage: https://www.mozilla.org/en-US/firefox/new/ Bugzilla report: https://bugzilla.mozilla.org/showbug.cgi?id=1504512 Version: Firefox 63.0.1 Tested on: Windows 10 CVE : No CVE is been...
KeyBase Botnet v1.5 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: KeyBase Botnet v1.5 - SQL Injection Vulnerability Google Dork: intitle:"KeyBase: Login" + intext:" Login to get access to your logs " Date: 3/12/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Versio...
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link:...
CyberArk 9.7 - Memory Disclosure Exploit
Exploit Title: CyberArk 9.7 - Memory Disclosure Exploit Author: Thomas Zuk @Freakazoidile Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012, Windows 7, Windows 8, Windows 10...
Joomla JE Photo Gallery 1.1 Component - categoryid SQL Injection Exploit
Exploit for php platform in category web applications Exploit Title: Joomla! Component JE Photo Gallery 1.1 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://joomlaextensions.co.in Software Link:...
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://www.sidertia.com Google Dork: N/A Vendor: https://www.phpservermonitor.org/ Software Link:...
Apache Superset 0.23 - Remote Code Execution Exploit
Exploit for linux platform in category web applications Exploit Title: Apache Superset 0.23 - Remote Code Execution Exploit Author: David May email protected Vendor Homepage: https://superset.apache.org/ Software Link: https://github.com/apache/incubator-superset Version: Any before 0.23 Tested o...
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/ Version: 1408-EM3A-ENT B Tested on: It is a proprietary devices:...
Budabot 4.0 - Denial of Service Exploit
Exploit Title: Budabot 4.0 - Denial of Service PoC Date: 2018-10-15 Exploit Author: Ryan Delaney Author Contact: email protected Vendor Homepage: http://budabot.com/ Software Link: http://budabot.com/forum/viewtopic.php?f=8&t=1413 Version: 0.6 - 4.0 Tested on: 4.0 CVE: CVE-2018-19290 1. Descripti...
Tarantella Enterprise Security Bypass Vulnerability
Exploit for cgi platform in category web applications &ms=unique Where the parameter un is the username you know. You recive the message: "The content of this file must be language independent! This applet immediately loads a new document in a named frame here WebtopFrame, which will be so...
knc (Kerberized NetCat) Denial Of Service Exploit
knc Kerberised NetCat versions before 1.11-1 are vulnerable to denial of service memory exhaustion that can be exploited remotely without authentication, possibly affecting another service running on the targeted host. Proof of concept included. Product "KNC is Kerberised NetCat. It works in...
ATool 1.0.0.22 Stack Buffer Overflow Vulnerability
Exploit for windows platform in category local exploits Exploit Title: Kernel stack buffer overflow ATool - 1.0.0.22 0day CVE: CVE-2018-19650 Software Link: http://www.antiy.net/ Vendor Homepage: http://www.antiy.net/ http://www.antiy.net/ Category: Windows Attack Type: local Impact:Code...
Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free
vbscript: use-after-free in OLEAUT32!VariantClear and scrrun!VBADictionary::putItem CVE-2018-8544 There is a use-after-free vulnerability possibly two vulnerabilities triggerable by the same PoC, see below in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows...
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass Vulnerability
Exploit for cgi platform in category web applications Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver 6.10 NP-...
Schneider Electric PLC - Session Calculation Authentication Bypass Exploit
Exploit for hardware platform in category web applications ! /usr/bin/env python ''' Copyright 2018 Photubiasc Exploit Title: Schneider Session Calculation - CVE-2017-6026 Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.schneider-electric.com Software Link:...
Apache Spark - Unauthenticated Command Execution Exploit
This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Spark with standalone cluster mode through the REST API. It uses the function CreateSubmissionRequest to submit a malicious java class and triggers it. This module requires Metasploit:...