39001 matches found
ImageMagick - Memory Leak Exploit
Exploit for multiple platform in category local exploits !/bin/bash help echo "Usage poc generator: basename $0 gen WIDTHxHEIGHT NAME.xbm minimal" echo " Example gen: basename $0 gen 512x512 poc.xbm" echo "Usage result recovery: basename $0 recover SAVEDPREVIEW.png|jpeg|gif|etc" echo " Example...
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications 0day.today 2018-12-12...
HTML Video Player 1.2.5 - Buffer-Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: HTML Video Player 1.2.5 - Buffer-Overflow SEH Author: Kağan Çapar Software Link: http://www.html5videoplayer.net/html5videoplayer-setup.exe Vendor Homepage : http://www.html5videoplayer.net Tested Version: 1.2.5 Tested on OS:...
XMPlay 3.8.3 - .m3u Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: XMPlay 3.8.3 - '.m3u' Denial of Service PoC Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version: 3.8.3 latest Tested on: Windows XP/7/8 CVE ...
Microsoft Edge Chakra - OP_Memset Type Confusion Exploit
Exploit for windows platform in category dos / poc Microsoft Edge Chakra - OPMemset Type Confusion / Since the patch for CVE-2018-8372, it checks all inputs to native arrays, and if any input equals to the MissingItem value which can cause type confusion, it starts the bailout process. But it...
Budabot 4.0 Denial Of Service Vulnerability
Exploit for php platform in category dos / poc 4.0 Tested on: 4.0 CVE: CVE-2018-19290 1. Description In modules/HELPBOTMODULE in Budabot 0.6 through 4.0, lax syntax validation allows remote attackers to perform a command injection attack against the PHP daemon with a crafted command, resulting in...
Helpdezk 1.1.1 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Helpdezk 1.1.1 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1 Category:...
Linux - Broken uid/gid Mapping for Nested User Namespaces Exploit
Exploit for linux platform in category local exploits Linux - Broken uid/gid Mapping for Nested User Namespaces Exploit commit 6397fac4915a "userns: bump idmap limits to 340" increases the number of possible uid/gid mappings that a namespace can have from 5 to 340. This is implemented by switchin...
EverSync 0.5 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: EverSync 0.5 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link:...
BitZoom 1.0 - rollno SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: BitZoom 1.0 - 'rollno' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://bitzoom.sourceforge.io/ Software Link: https://excellmedia.dl.sourceforge.net/project/bitzoom/bitzoom-master.zip Version: 1.0 Category:...
Mumsoft Easy Software 2.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Mumsoft Easy Software 2.0 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyRARRecovery/ Software Link:...
2-Plan Team 1.0.4 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: 2-Plan Team 1.0.4 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://2-plan.com/ Software Link: https://datapacket.dl.sourceforge.net/project/to-plan-team/1.1.0/2-plan-team.tgz Version: 1.0.4 Category:...
PHP Mass Mail 1.0 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP Mass Mail 1.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/phpmassmail/phpmassmail/1.0.0/phpmassmail.zip...
Meneame English Pligg 5.8 - search SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Meneame English Pligg 5.8 - 'search' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/meneame-english/ Software Link:...
Galaxy Forces MMORPG 0.5.8 - type SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://galaxy.alyx.pl/ Software Link: https://excellmedia.dl.sourceforge.net/project/galaxyforces/galaxy/0.5.8/galaxy-0.5.8.7z...
Simple E-Document 1.31 - username SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.tecorange.com/index.php/download-free-open-source-software/79-simple-e-document-free-open-source-document-and-paper-m...
PHP 5.2.3 imap (Debian Based) - imap_open Disable Functions Bypass Vulnerability
Exploit for linux platform in category local exploits PHP 5.2.3 imap Debian Based - imapopen Disable Functions Bypass Vulnerability /tmp/test0001 $server = "x -oProxyCommand=echo\tZWNobyAnMTIzNDU2Nzg5MCc+L3RtcC90ZXN0MDAwMQo=|base64\t-d|sh"; imapopen''.$server.':143/imapINBOX', '', '' or...
PHP-Proxy 5.1.0 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1...
Easy Outlook Express Recovery 2.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Easy Outlook Express Recovery 2.0 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyOutlookExpressRecovery/ Software Link:...
DomainMOD 4.11.01 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Exploit Author: Dawood Ansar Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE :...
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://www.kordil.net/ Software Link:...
Notepad3 1.0.2.350 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Notepad3 1.0.2.350 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://www.rizonesoft.com/ Software Link: https://netix.dl.sourceforge.net/project/notepad3/Notepad3%20Build%20350/Notepad3-1.0.2.350.exe...
Net-Billetterie 2.9 - login SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Net-Billetterie 2.9 - 'login' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://net-billetterie.tuxfamily.org/ Software Link: https://netix.dl.sourceforge.net/project/netbilletterie/Netbilletterie2.9.zip Version...
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Precurio Intranet Portal 2.0 - Cross-Site Request Forgery Add Admin Exploit Author: Ihsan Sencan Vendor Homepage: http://www.precurio.org Software Link:...
WordPress Custom Frontend Login Registration Form 1.01 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================================== Custom Frontend Login Registration Form v1.01 WP Plugin - Multiple XSS Vulnerabilities...
Wordpress Ninja Forms 3.3.17 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2...
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
Exploit for linux platform in category web applications ''' KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities Title: Dell OpenManage Network Manager Multiple Vulnerabilities Advisory ID: KL-001-2018-009 Publication Date: 2018.11.05 Publication URL:...
Maitra Mail Tracking System 1.7.2 - SQL Injection / Database File Download Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Maitra - Mail Tracking System 1.7.2 - SQL Injection / Database File Download Exploit Author: Ihsan Sencan Vendor Homepage: http://salzertechnologies.com/ Software Link:...
Rmedia SMS 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Rmedia SMS 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://sms.rmediaindia.com/ Software Link: https://master.dl.sourceforge.net/project/rmediasms/rmediasms.rar Version: 1.0 Category: Webapps Tested on:...
Pedidos 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Pedidos 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://obedalvarado.pw/ Software Link: https://netcologne.dl.sourceforge.net/project/sistema-web-de-pedidos-php/pedidos.zip Version: 1.0 Category: Webapps...
Tina4 Stack 1.0.3 - SQL Injection / Database File Download Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Tina4 Stack 1.0.3 - SQL Injection / Database File Download Exploit Author: Ihsan Sencan Vendor Homepage: http://tina4.com/ Software Link: https://ayera.dl.sourceforge.net/project/tina4stack/v1.0.3/Release%20V1.0.3.zip Version:...
Alienor Web Libre 2.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Alienor Web Libre 2.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://alienor.org/ Software Link: https://excellmedia.dl.sourceforge.net/project/alienorweblibre/alienorweblibre.zip Version: 2.0 Category:...
SwitchVPN For MacOS / Windows 2.1012.03 Man-In-The-Middle Vulnerability
Exploit for multiple platform in category local exploits ======================================================================= Title: Insecure Update Process and RCE Product: SwitchVPN for MacOS, Windows Vulnerable version: 2.1012.03 CVE ID: Requested Impact: Critical Homepage:...
iServiceOnline 1.0 - r SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: iServiceOnline 1.0 - 'r' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/iserviceonline/ Software Link: https://netcologne.dl.sourceforge.net/project/iserviceonline/iServiceEng.zip...
Data Center Audit 2.6.2 - Cross-Site Request Forgery (Update Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Data Center Audit 2.6.2 - Cross-Site Request Forgery Update Admin Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/datacenteraudit/ Software Link:...
Atlassian Jira Authenticated Upload Code Execution Exploit
This Metasploit module can be used to execute a payload on Atlassian Jira via the Universal Plugin ManagerUPM. The module requires valid login credentials to an account that has access to the plugin manager. The payload is uploaded as a JAR archive containing a servlet using a POST request agains...
EdTv 2 - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: EdTv 2 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://edtv.edsup.org/ Software Link: https://ayera.dl.sourceforge.net/project/edtv/beta/edtv2go.zip Version: 2 Category: Webapps Tested on:...
DoceboLMS 1.2 - SQL Injection / Arbitrary File Upload Vulnerabilities
Exploit for php platform in category web applications Exploit Title: DoceboLMS 1.2 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.spaghettilearning.com/ Software Link:...
Electricks eCommerce 1.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Electricks eCommerce 1.0 - Cross-Site Scripting Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 When a user signs up for an accoun...
Electricks eCommerce 1.0 - Cross-Site Request Forgery (Change Admin Password) Vulnerability
Exploit for php platform in category web applications Exploit Title: Electricks eCommerce 1.0 - Cross-Site Request Forgery Change Admin Password Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 PoC:...
Tina4 Stack 1.0.3 - Cross-Site Request Forgery (Update Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Tina4 Stack 1.0.3 - Cross-Site Request Forgery Update Admin Exploit Author: Ihsan Sencan Vendor Homepage: http://tina4.com/ Software Link: https://ayera.dl.sourceforge.net/project/tina4stack/v1.0.3/Release%20V1.0.3.zip Version:...
Easyndexer 1.0 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Easyndexer 1.0 - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link: https://ayera.dl.sourceforge.net/project/easyndexer/easyndexerwin32.exe Version:...
Surreal ToDo 0.6.1.2 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Surreal ToDo 0.6.1.2 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://getsurreal.com/surrealtodo Software Link: https://netcologne.dl.sourceforge.net/project/surrealtodo/Surreal%20ToDo/surrealtodov0.6.1.2.zip...
Surreal ToDo 0.6.1.2 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: Surreal ToDo 0.6.1.2 - Local File Inclusion Exploit Author: Ihsan Sencan Vendor Homepage: http://getsurreal.com/surrealtodo Software Link:...
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://demo.aliveparish.com Software Link: https://netcologne.dl.sourceforge.net/project/aliveparish/aliveparish-v2.0.zip...
Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery (Add Admin)
Exploit for php platform in category web applications Exploit Title: Webiness Inventory 2.3 - Arbitrary File Upload / Cross-Site Request Forgery Add Admin Exploit Author: Ihsan Sencan Vendor Homepage: https://github.com/webiness/webinessinventory Software Link:...
SIPve 0.0.2-R19 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SIPve 0.0.2-R19 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/sipve/ Software Link: https://datapacket.dl.sourceforge.net/project/sipve/sipve-v0.0.2-R19.tar.gz Version: 0.0.2-R19...
Webiness Inventory 2.3 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Webiness Inventory 2.3 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://github.com/webiness/webinessinventory Software Link:...
Silurus Classifieds Script 2.0 - wcategory SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Silurus Classifieds Script 2.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://snowhall.com/store/silurus/ Software Link: https://netcologne.dl.sourceforge.net/project/silurus/silurus2.0.zip Version: 2.0...
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload) Vulnerability
Exploit for php platform in category web applications Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability Exploit Author: Ameer Pornillos Website: http://ethicalhackers.club Vendor Homepage: http://www.clippercms.com/ Software Link:...