39001 matches found
KPOT Botnet - File Download/Source Code Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: KPOT Botnet - File Download/Source Code Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: https://bhf.io/threads/515432/ Version: unkn0wn Tested on: Window...
xorg-x11-server < 1.20.3 - modulepath Local Privilege Escalation Exploit
Exploit for openbsd platform in category local exploits !/bin/sh raptorxorgy - xorg-x11-server LPE via modulepath switch Copyright c 2018 Marco Ivaldi A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server...
Linux Kernel 4.8 (Ubuntu 16.04) - Leak sctp Kernel Pointer Exploit
Exploit Title: Linux Kernel 4.8 Ubuntu 16.04 - Leak sctp kernel pointer Google Dork: - Date: 2018-11-20 Exploit Author: Jinbum Park Vendor Homepage: - Software Link: - Version: Linux Kernel 4.8 Ubuntu 16.04 Tested on: 4.8.0-36-generic 3616.04.1-Ubuntu SMP Sun Feb 5 09:39:57 UTC 2017 x8664 x8664...
Moxa NPort W2x50A 2.1 OS Command Injection Vulnerability
Moxa NPort W2x50A products with firmware version 2.1 Build17112017 or lower are vulnerable to several authenticated OS command injection vulnerabilities. Moxa NPort W2x50A products with firmware version 2.1 Build17112017 or lower are vulnerable to several authenticated OS Command Injection...
Schneider Electric PLC - Session Calculation Authentication Bypass Exploit
Exploit for hardware platform in category web applications ! /usr/bin/env python ''' Copyright 2018 Photubiasc Exploit Title: Schneider Session Calculation - CVE-2017-6026 Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.schneider-electric.com Software Link:...
Microsoft VBScript OLEAUT32!VariantClear / scrrun!VBADictionary::put_Item Use-After-Free
vbscript: use-after-free in OLEAUT32!VariantClear and scrrun!VBADictionary::putItem CVE-2018-8544 There is a use-after-free vulnerability possibly two vulnerabilities triggerable by the same PoC, see below in Microsoft VBScript. The vulnerability has been confirmed in Internet Explorer on Windows...
Tarantella Enterprise Security Bypass Vulnerability
Exploit for cgi platform in category web applications &ms=unique Where the parameter un is the username you know. You recive the message: "The content of this file must be language independent! This applet immediately loads a new document in a named frame here WebtopFrame, which will be so...
QQ Mail hijacking account 0day Exploit
Using 0day exploit you can hijack any account and take possession of the correspondence...
WebKit JSC JIT - ByteCodeParser::handleIntrinsicCall Type Confusion Exploit
WebKit JIT - ByteCodeParser::handleIntrinsicCall Type Confusion Exploit / case ArrayPushIntrinsic: ... if staticcastargumentCountIncludingThis = MINSPARSEARRAYINDEX return false; ArrayMode arrayMode = getArrayModemcurrentInstructionOPCODELENGTHopcall - 2.u.arrayProfile, Array::Write; ... This cod...
WebKit JSC JIT - JSPropertyNameEnumerator Type Confusion Exploit
WebKit JSC JIT - JSPropertyNameEnumerator Type Confusion Exploit / When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of ever...
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Exploit
WebKit JSC - BytecodeGenerator::hoistSloppyModeFunctionIfNecessary Does not Invalidate the ForInContext Object / This is simillar to issue 1263 . When hoisting a function onto the outer scope, if it overwrites the iteration variable for a for-in loop it should invalidate the corresponding...
Unitrends Enterprise Backup bpserverd Privilege Escalation Exploit
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to...
Mac OS X libxpc MITM Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in libxpc on macOS versions 10.13.3 and below. The tasksetspecialport API allows callers to overwrite their bootstrap port, which is used to communicate with launchd. This port is inherited across forks: child processes will use the same bootstrap...
PHP imap_open Remote Code Execution Exploit
The imapopen function within PHP, if called without the /norsh flag, will attempt to preauthenticate an IMAP session. On Debian based systems, including Ubuntu, rsh is mapped to the ssh binary. Ssh's ProxyCommand option can be passed from imapopen to execute arbitrary commands. While many custom...
TeamCity Agent XML-RPC Command Execution Exploit
This Metasploit module allows remote code execution on TeamCity Agents configured to use bidirectional communication via xml-rpc. In bidirectional mode the TeamCity server pushes build commands to the Build Agents over port TCP/9090 without requiring authentication. Up until version 10 this was t...
BMC Remedy 7.1 User Impersonation Vulnerability
Exploit for jsp platform in category web applications !-- Exploit Title: Impersonation may lead to incorrect user context in Remedy AR System Server in BMC Remedy 7.1 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.bmc.com/ Software Link: http://www.bmc.com/ Version: Impersonation may...
Linux Nested User Namespace idmap Limit Local Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in Linux kernels 4.15.0 to 4.18.18, and 4.19.0 to 4.19.1, where broken uid/gid mappings between nested user namespaces and kernel uid/gid mappings allow elevation to root CVE-2018-18955. The target system must have unprivileged user namespaces enabl...
Cisco WebEx Meetings Privilege Escalation Vulnerability
A vulnerability in the update service of Cisco Webex Meetings Desktop App for Windows could allow a local attacker to elevate privileges. This vulnerability is related to a previous security issue fixed by Cisco in October. Affected versions include Cisco Webex Meetings Desktop App releases prior...
SonarSource SonarQube 7.3 Information Disclosure Vulnerability
Exploit for multiple platform in category web applications Exploit Title: SonarSource SonarQube 7.3 - Information Disclosure Vendor Homepage: https://www.sonarsource.com/ Software Link: https://www.sonarqube.org/downloads/ Version: 7.3 and prior CVE : CVE-2018-19413 Description: A vulnerability i...
Avahi 0.7 Denial Of Service Vulnerability
Avahi-daemon in Avahi version through 0.7 inadvertently sends Legacy Unicast Responses to IPv4 unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service traffic amplification or obtain potentially sensitive information via port-5353...
phpMyAdmin 4.8.1 Authenticated Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.8.1 - Authenticated Local File Inclusion Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.phpmyadmin.net/ Software...
Netgear Unauthenticated Remote Command Execution Exploit
Netgear WN604 versions before 3.3.3 and WN802Tv2, WNAP210v2, WNAP320, WNDAP350, WNDAP360, and WNDAP660 versions before 3.5.5.0 allow remote attackers to execute arbitrary commands. This module requires Metasploit: https://metasploit.com/download Current source:...
No-Cms 1.0 - order_by SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: No-Cms 1.0 - 'orderby' SQL Injection Exploit Author: Loading Kura Kura Vendor Homepage: https://github.com/goFrendiAsgard/No-CMS Software Link: https://codeload.github.com/goFrendiAsgard/No-CMS/zip/master Tested on: Win10/Kali...
ELBA5 5.8.0 - Remote Code Execution Exploit
Exploit Title: ELBA5 5.8.0 - Remote Code Execution Exploit Author: Florian Bogner Vendor Homepage: https://www.elba.at Vulnerable Software: https://www.elba.at/eBusiness/01template1/1206507788612244132-12065155957890496571206515641959948315-1292519691128454196-NA-38-NA.html Version: up to 5.8.0...
MariaDB Client 10.1.26 - Denial of Service Exploit
Exploit Title: MariaDB Client 10.1.26 - Denial of Service PoC Google Dork: None Date: 2018-11-16 Exploit Author: strider Software Link: https://github.com/MariaDB/server Version: mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu x8664 using readline 5.2 Tested on: Debian 9 Stretch x64 ...
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal Exploit Author: numan türle Vendor Homepage: https://www.zyxel.com/ Software Link:...
Consona Password Reset Security Bypass Vulnerability
Exploit for php platform in category web applications 8 years ago, I discovered this vulnerability, CVE-2010-1910, and now, you can see the details. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1910 The login page, "/sdcxuser/asp/login.asp", had a commented access to the page that...
Oracle Secure Global Desktop Administration Console 4.4 Cross Site Scripting Vulnerability
Oracle Secure Global Desktop Administration Console version 4.4 build 20080807152602 suffers from cross site scripting vulnerabilities. alert"XSS" helpFile=concepts.html&pageTitle=Administrator Help&mastheadUrl=/images/productNameSecondaryMasthead.png&mastheadDescription=Sun Secure Global Desktop...
Arm Whois 3.11 - Buffer Overflow (ASLR) Exploit
Exploit for windows platform in category local exploits Exploit Title: Arm Whois 3.11 - Buffer Overflow ASLR Google Dork: if applicable Exploit Author: zephyr Vendor Homepage: http://www.armcode.com Software Link: http://www.armcode.com/downloads/arm-whois.exe Version: 3.11 Tested on: Windows Vis...
Cory Support 1.0 SQL Injection Vulnerability
Cory Support version 1.0 suffers from a remote time-based SQL injection vulnerability. ============================================================ Cory Support v1.0 - Time-Based SQL Injection in 'signin.php' ============================================================ Exploit Title: Cory Support...
Wordpress Easy Testimonials 3.2 Plugins - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Exploit Author: Endust Vendor Homepage: https://wordpress.org/plugins/easy-testimonials/ Software Link: https://wordpress.org/plugins/easy-testimonials/ Version: 3.2...
Ticketly 1.0 - kind_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Ticketly 1.0 – Multiple SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link:...
Xorg X11 Server SUID Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges with SUID Xorg X11 server versions 1.19.0 up to 1.20.3. A permission check flaw exists for -modulepath and -logfile options when starting Xorg. This allows unprivileged users that can start the server the ability to elevate privileges and ru...
WordPress Absolutely Glamorous Custom Admin 6.4.1 Database Disclosure Vulnerability
WordPress Absolutely Glamorous Custom Admin plugin version 6.4.1 suffers from a database disclosure vulnerability. Exploit Title : WordPress Absolutely Glamorous Custom Admin ag-custom-admin Plugin Database Backup Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from...
Joomla Admin 3.7.4 Database Disclosure Vulnerability
Joomla comadmin component versions 2.5.4 through 3.7.4 suffer from a database disclosure vulnerability. Exploit Title : Joomla comadmin Components from V2.5.4 to V3.7.4 Database Backup Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army...
WordPress Universal Post Manager 1.5.0 Database Disclosure Vulnerability
WordPress Universal Post Manager plugin version 1.5.0 suffers from a database disclosure vulnerability. Exploit Title : WordPress universal-post-manager 1.5.0 Plugins Database Backup Information Disclosure Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army...
Joomla MacGallery Database Disclosure Vulnerability
The Joomla commacgallery component suffers from a database disclosure vulnerability. Exploit Title : Joomla commacgallery Components Apptha Install-Uninstall Database Backup Information Disclosure Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Vendor...
WordPress Pods 2.7.9 Database Disclosure Vulnerability
WordPress Pods plugin version 2.7.9 suffers from a database disclosure vulnerability. Exploit Title : WordPress Pods Plugins 2.7.9 Database Backup Arbitrary File Download Vulnerability Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Vendor Homepage : +...
Governikus Autent SDK 3.8.1 Signature Bypass Vulnerability
Governikus Autent SDK versions 3.8.1 and below suffer from a signature bypass vulnerability. This vulnerability could allow an attacker to impersonate any German citizen on a vulnerable web application. ======================================================================= title: Signature Bypas...
Miss Marple Enterprise Edition File Upload / Hardcoded AES Key Vulnerability
Exploit for windows platform in category local exploits ======================================================================= title: Multiple critical vulnerabilities product: Miss Marple Enterprise Edition vulnerable version: 2.0 fixed version: 2.0 CVE number: CVE-2018-19233, CVE-2018-19234...
WebOfisi E-Ticaret V4 - urun SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.web-ofisi.com Software Demo: http://demobul.net/eticaretv4/ Software Link:...
Ticketly 1.0 - name SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Ticketly 1.0 – 'name' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql...
WordPress CherryFramework Themes 3.1.4 - Backup File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress CherryFramework Themes 3.1.4 - Backup File Download Google Dork: inurl:/wp-content/themes/CherryFramework Exploit Author: b1p0l4r Vendor Homepage: http://www.cherryframework.com/ Software Link:...
Richfaces 3.x Remote Code Execution Vulnerability
Exploit for multiple platform in category web applications Original report+advisories: TITLE: ==================== Unauthenticated Remote Code execution in WebApps using Richfaces 3.X all versions. RESUME ==================== RichFaces Framework 3.X through 3.3.4 all versions is vulnerable to...
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Vendor: Abisoft https://abisoftgt.net Software Link:...
macOS 10.13 - workq_kernreturn Denial of Service Exploit
Exploit for macOS platform in category dos / poc Exploit Title: MacOS 10.13 - 'workqkernreturn' Denial of Service PoC Exploit Author: Fabiano Anemone Vendor Homepage: https://www.apple.com/ Version: iOS 11.4.1 / MacOS 10.13.6 Tested on: iOS / MacOS CVE: Not assigned Tweet:...
Zoho ManageEngine OpManager 12.3 Cross Site Scripting Vulnerability
Zoho ManageEngine OpManager versions 12.3 before build 123223 have a cross site scripting vulnerability via the updateWidget API. I. VULNERABILITY ------------------------- Zoho ManageEngine OpManager 12.3 before Build 123223 has XSS via the updateWidget API. II. CVE REFERENCE...
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for the DfMarshal...
Ricoh myPrint Hardcoded Credentials / Information Disclosure Vulnerability
Ricoh myPrint suffers from hardcoded application credential and information disclosure vulnerabilities. The myPrint windows client version 2.9.2.4 and myPrint android client version 2.2.7 are both affected. Exploit Title: Ricoh myPrint - Hardcoded application credentials and information disclosur...
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass Vulnerability
Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving...