39001 matches found
LibreHealth 2.0.0 - Arbitrary File Actions Vulnerability
Exploit for php platform in category web applications Exploit Title: LibreHealth 2.0.0 - Arbitrary File Actions Exploit Author: Carlos Avila Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested on: Debian LAMP, LibreHealth 2.0.0...
Arm Whois 3.11 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Arm Whois 3.11 - Buffer Overflow SEH Exploit Author: Yair Rodríguez Aparicio 0-day DoS exploit, Semen Alexandrovich Lyhin 1-day fully working exploit Vendor Homepage: http://www.armcode.com/ Software Link:...
libiec61850 1.3 - Stack Based Buffer Overflow
Exploit for linux platform in category local exploits Exploit Title: libiec61850 1.3 - Stack Based Buffer Overflow Exploit Author: Dhiraj Mishra Vendor Homepage: http://libiec61850.com/libiec61850/ Software Link: https://github.com/mz-automation/libiec61850 Version: 1.3 Tested on: Linux...
OOP CMS BLOG 1.0 - search SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category:...
VSAXESS V2.6.2.70 build20171226_053 - organization Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: VSAXESS V2.6.2.70 build20171226053 - 'organization' Denial of Service PoC Discovery by: Diego Santamaria Vendor Homepage: https:https://www.visionistech.com/en/home/ Software Link:...
OpenBiz Cubi Lite 3.0.8 - username SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sourceforge.net/projects/bigchef/ Software Link:...
eToolz 3.4.8.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: eToolz 3.4.8.0 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: https://www.gaijin.at Software Link: https://www.gaijin.at/de/software/etoolz Version: 3.4.8.0 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE:...
FaceTime - RTP Video Processing Heap Corruption Exploit
Exploit for iOS platform in category dos / poc FaceTime - RTP Video Processing Heap Corruption Exploit There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if ...
Blue Server 1.1 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Blue Server 1.1 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mafiatic.org/ Software Link: https://master.dl.sourceforge.net/project/blueserver/Blue-Server-1.1.exe Version: 1.1 Category: Dos Teste...
FaceTime - VCPDecompressionDecodeFrame Memory Corruption Exploit
Exploit for macOS platform in category dos / poc FaceTime - VCPDecompressionDecodeFrame Memory Corruption Exploit There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer. The issue...
FaceTime - readSPSandGetDecoderParams Stack Corruption Exploit
Exploit for macOS platform in category dos / poc FaceTime - readSPSandGetDecoderParams Stack Corruption Exploit There are a variety of problems that occur when processing malformed H264 streams in readSPSandGetDecoderParams, leading to OOB read, OOB write and stackchk crashes. I think the root...
XNU Kernel iOS / macOS heap buffer overflow Exploit
The vulnerability is a heap buffer overflow in the networking code in the XNU operating system kernel. XNU is used by both iOS and macOS, which is why iPhones, iPads, and Macbooks are all affected. My exploit PoC just overwrites the heap with garbage, which causes an immediate kernel crash and...
blueimp jQuery Arbitrary File Upload Exploit
This Metasploit module exploits an arbitrary file upload in the sample PHP upload handler for blueimp's jQuery File Upload widget in versions 9.22.0 and below. Due to a default configuration in Apache 2.3.9+, the widget's .htaccess file may be disabled, enabling exploitation of this vulnerability...
Royal TSX Information Disclosure Vulnerability
Exploit for jsp platform in category web applications Title: Royal TS/X - Information Disclosure Author: Jakub Palaczynski CVE: CVE-2018-18865 Affected product: ============= Royal TS/X RoyalTS/X Exploit var wsUri = "ws://127.0.0.1:54890/"; var output; function init output =...
Softros LAN Messenger 9.2 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Softros LAN Messenger 9.2 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://messenger.softros.com/ Software Link: https://messenger.softros.com/downloads/ Tested Version: 9.2 Tested on: Windows 10 Sing...
PHP Proxy 3.0.3 - Local File Inclusion Exploit
Exploit for php platform in category web applications Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version:...
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Exploit
Exploit for asp platform in category web applications Exploit Title: Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Exploit Author: Chris Lyne @lynerc Vendor Homepage: http://www.advantech.com Device: NRVMini2 Software Link:...
Intel (Skylake / Kaby Lake) - PortSmash CPU SMT Side-Channel Exploit
Exploit for hardware platform in category local exploits Intel Skylake / Kaby Lake - PortSmash CPU SMT Side-Channel Exploit Summary This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407. Setup Prerequisites A CPU featuring SMT e.g. Hyper-Threading ...
Easy File Sharing Web Server 7.2 - author Remote Buffer Overflow (SEH) Exploit
An issue was discovered in Easy File Sharing EFS Web Server 7.2, A stack-based buffer overflow vulnerability occurs when an authenticated user sends a malicious POST request to forum.ghp upon creating a new topic in the forums, which allows remote attackers to execute arbitrary code. Exploit Titl...
Microsoft Internet Explorer 11 - Null Pointer Dereference Exploit
Exploit for windows platform in category local exploits Exloit Title: Microsoft Internet Explorer 11 - Null Pointer Difference Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-03 Vendor: Microsoft Corporation Product web page: https://www.microsoft.com Affected version: 11.345.17134.0...
WebVet 0.1a - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WebVet 0.1a - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://webvet.exreality.net/ Software Link: https://netix.dl.sourceforge.net/project/webvet/webvet20130708.zip Version: 0.1a Category: Webapps Tested...
Virgin Media Hub 3.0 Router - Denial of Service Exploit
Exploit for hardware platform in category dos / poc Exploit Title: Virgin Media Hub 3.0 Router - Denial of Service PoC Exploit Author: Ross Inman Vendor Homepage: https://www.broadbandchoices.co.uk/guides/hardware/virgin-media-broadband-routers Software Link: N/A Version: Virgin Media Hub 3.0...
LiquidVPN For macOS 1.3.7 Privilege Escalation Vulnerability
LiquidVPN for macOS versions 1.3.7 and below suffer from privilege escalation vulnerabilities. ======================================================================= Title: Multiple Privilege Escalation Vulnerabilities Product: LiquidVPN for MacOS Vulnerable versions: 1.37, 1.36 and earlier CVE...
QBee Camera / iSmartAlarm Credential Disclosure Vulnerability
Cleartext storage of credentials in the iSmartAlermData.xml configuration file in the iSmartAlarm application through 2.0.8 for Android allows an attacker to retrieve the username and password. Insecure cryptographic storage of credentials in com.vestiacom.qbeecamerapreferences.xml in the QBee Ca...
CMS Made Simple 2.2.7 Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
SiAdmin 1.1 - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SiAdmin 1.1 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.bubul.net/ Software Link: https://kent.dl.sourceforge.net/project/siadmin/SiAdmin%201.1/SiAdmin%201.1.zip Version: 1.1 Category: Webapps...
CentOS Web Panel Root Account Takeover <= v0.9.8.740 Remote Command Execution Exploit
CentOS Web Panel versions 0.9.8.740 and below suffer from cross site request forgery and cross site scripting vulnerabilities that can be leveraged to achieve remote code execution. + Title: CentOS Web Panel Root Account Takeover + Remote Command Execution var url =...
Mongo Web Admin 6.0 - Information Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Mongo Web Admin 6.0 - Information Disclosure Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mongoadmin.org/ Software Link: https://netix.dl.sourceforge.net/project/mongo-web-admin/mongoDesktopAdminSetup-beta-6.exe...
Morris Worm sendmail Debug Mode Shell Escape Exploit
This Metasploit module exploits sendmail's well-known historical debug mode to escape to a shell and execute commands in the SMTP RCPT TO command. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. Currently only...
Poppy Web Interface Generator 0.8 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Poppy Web Interface Generator 0.8 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: http://poppy.dc-development.de/ Software Link: https://master.dl.sourceforge.net/project/poppy-beta-rc/poppy0.8betarc.zip...
Morris Worm fingerd Stack Buffer Overflow Exploit
This Metasploit module exploits a stack buffer overflow in fingerd on 4.3BSD. This vulnerability was exploited by the Morris worm in 1988-11-02. Cliff Stoll reports on the worm in the epilogue of The Cuckoo's Egg. This module requires Metasploit: https://metasploit.com/download Current source:...
Voovi Social Networking Script 1.0 - user SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Voovi Social Networking Script 1.0 - 'user' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.adminspoint.com/voovi/index.php Software Link:...
Zint Barcode Generator 2.6 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Zint Barcode Generator 2.6 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://www.zint.org.uk Software Link: https://sourceforge.net/projects/zint/files/latest/download Version: 2.6 Category: Dos Tested on...
CdCatalog 2.3.1 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: CdCatalog 2.3.1 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://cdcat.sourceforge.net Software Link: https://netcologne.dl.sourceforge.net/project/cdcat/cdcat/cdcat-2.3.1/cdcat-2.3.1.tar.bz2 Version:...
Fantastic Blog CMS 1.0 - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link:...
WinMTR 0.91 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: WinMTR 0.91 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://winmtr.net Software Link: http://winmtr.net/winmtrdownload/ Version: 0.91 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1 Host:...
Yot CMS 3.3.1 - aid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Yot CMS 3.3.1 - 'aid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://yot.sourceforge.io/ Software Link: https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip Version: 3.3.1 Category: Webapps Tested on...
Jelastic 5.4 - host SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Jelastic 5.4 - 'host' SQL injection Exploit Author: Procode701 Vendor Homepage: https://jelastic.com/ Software Link: https://jelastic.com/ Version: 5.4 Tested on: Kali Linux CVE : N/A POC: The application...
qdPM 9.1 - filter_by SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: qdPM 9.1 - 'filterby' SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://qdpm.net Software Link: http://qdpm.net/download-qdpm-free-project-management Version: v9.1...
Gate Pass Management System 2.1 - login SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Gate Pass Management System 2.1 - 'login' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.livebms.com Software Link: https://netcologne.dl.sourceforge.net/project/gatepass/gpmsUpdate.zip Version: 2.1...
WebDrive 18.00.5057 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: WebDrive 18.00.5057 - Denial of Service PoC Discovery by: Victor Mondragón Vendor Homepage: https://webdrive.com/ Software Link: https://webdrive.com/download/ Tested Version: 18.00.5057 Tested on: Windows 10 Single Language x64...
Arm #Whois 3.11 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Arm Whois 3.11 - Denial of Service PoC Exploit Author: Yair Rodríguez Aparicio Vendor Homepage: http://www.armcode.com/ Software Link: http://www.armcode.com/downloads/arm-whois.exe Version: 3.11 Tested on: Windows XP Profesional...
Artha The Open Thesaurus 1.0.3.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Artha The Open Thesaurus 1.0.3.0 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://artha.sourceforge.net Software Link: https://netcologne.dl.sourceforge.net/project/artha/artha/1.0.3/artha1.0.3.0.exe...
Anviz AIM CrossChex Standard 4.3 Excel Macro Injection Vulnerability
CSV XLS Injection Excel Macro Injection or Formula Injection exists in the AIM CrossChex version 4.3 when importing or exporting users using xls Excel file. This can be exploited to execute arbitrary commands on the affected system via SE attacks when an attacker inserts formula payload in the Na...
Sourcetree Git Arbitrary Code Execution Vulnerability
An attacker can exploit the embedded version of Git used in Sourcetree if they can commit to a Git repository linked in Sourcetree. This allows them to execute arbitrary code on systems running a vulnerable version of Sourcetree for macOS. Versions of Sourcetree for macOS starting with version...
Expense Management 1.0 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Expense Management 1.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/expense-management Software Link:...
gVisor runsc Guest -> Host Breakout Via Filesystem Cache Desync
Exploit for linux platform in category dos / poc gVisor runsc guest-host breakout via filesystem cache desync The following writeup describes an attack that can be used to overwrite files in the host filesystem /etc/crontab in my PoC from inside a Docker container that uses gVisor's runsc. I test...
School Attendance Monitoring System 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: School Attendance Monitoring System 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
Aplaya Beach Resort Online Reservation System 1.0 - SQL Injection / Cross-Site Request Forgery
Exploit for php platform in category web applications Exploit Title: Aplaya Beach Resort Online Reservation System 1.0 - Multiple Vulnerabilities Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
Notes Manager 1.0 - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Notes Manager 1.0 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/notes-management Software Link:...