39001 matches found
MPS Box 0.1.8.0 - uuid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested o...
WebEx Local Service Permissions Code Execution Exploit
This Metasploit module exploits a flaw in the 'webexservice' Windows service, which runs as SYSTEM, can be used to run arbitrary commands locally, and can be started by limited users in default installations. This module requires Metasploit: https://metasploit.com/download Current source:...
Fifa Master XLS 2.3.2 - usw SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Fifa Master XLS 2.3.2 - 'usw' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://fankstribe.org/ Software Link: https://sourceforge.net/projects/fifamasterxls/files/latest/download Version: 2.3.2 Category: Webapp...
ServersCheck Monitoring Software 14.3.3 Cross Site Scripting Vulnerability
Exploit for multiple platform in category web applications + ServersCheck Monitoring Software 14.3.3 Cross Site Scripting Vulnerability + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
exim 4.90 - Remote Code Execution Exploit
Exploit Title: exim 4.90 - Remote Code Execution Exploit Author: hackk.gr Vendor Homepage: exim.org Version: exim -1: authplainavailable = True if test: if lenl 70: sys.stdout.writel:70 + " ...\n" sys.stdout.flush else: print l.strip"\r".strip"\n" data = data + l if data.finddelim -1: return data...
SIM-PKH 2.4.1 SQL Injection Vulnerability
SIM-PKH version 2.4.1 suffers from a remote SQL injection vulnerability. Exploit Title: SIM-PKH 2.4.1 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1...
Microsoft Active Directory Federated Services (ADFS) User Enumeration Vulnerability
Microsoft Active Directory Federated Services ADFS suffers from a time-based user enumeration vulnerability. + Credits: Joshua Platz aka Binary1985 + CVE ID: Requested + Website: https://github.com/binary1985 + Source:...
ServersCheck Monitoring Software 14.3.3 SQL Injection Vulnerability
Exploit for multiple platform in category web applications + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2018-18550-SERVERSCHECK-MONITORING-SOFTWARE-SQL-INJECTION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka |...
VestaCP 0.9.8-22 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications + Title: VestaCP Multiple XSS Vulnerabilities https://IP:8083/list/directory/ - Stored XSS: A visitor may upload a file as named xss payload, using any form in your website. If VestaCP user see this file in the interface, his browser will run...
MGB OpenSource Guestbook 0.7.0.2 - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m-gb.org/ Software Link: https://sourceforge.net/projects/mopzz-gb/files/latest/download Version: 0.7.0.2 Category:...
Microsoft Windows 10 UAC Bypass By computerDefault Exploit
This exploit permits an attacker to bypass UAC by hijacking a registry key during computerSecurity.exe auto elevate windows binary execution. !/usr/bin/env python Exploit Title: Windows 10 UAC Bypass by computerDefault Date: 2018-10-18 Exploit Author: Fabien DROMAS - Security consultant @ Synetis...
Appsource School Management System 1.0 - student_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Appsource School Management System 1.0 - 'studentid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.appsource.ug/school/ Software Link: https://sourceforge.net/p/appsource-school-system/code/ Version: 1.0...
Chrome Debugger Extension API Is Too Powerful Vulnerability
The Chrome debugger extension API appears to have more power than necessary, including the ability to bypass the check for disabled natives. Chrome: debugger extension API is too powerful My understanding of Chrome's security model regarding extensions is as follows: Users can grant almost comple...
SIM-PKH 2.4.1 - Arbitrary File Upload
Exploit for php platform in category web applications Exploit Title: SIM-PKH 2.4.1 - Arbitrary File Upload Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category: Webapps...
Traq 3.7.1 CSRF / XSS / SQL Injection Vulnerabilities
Exploit for php platform in category web applications ================================================= Synopsis: Traq vulnerable to XSS, Admin account creation CSRF, SQL Injection, Lack of session timeout. Product: Traq Version: 3.7.1 Vendor site: https://traq.io/ Researcher: Matt Landers...
AjentiCP 1.2.23.13 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications + Title: AjentiCP Dir Name Based Stored XSS dir 2- Open this directory in File Manager tool in Ajenti server admin panel. // for secure days... 0day.today 2018-10-24...
ServersCheck Monitoring Software 14.3.3 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: ServersCheck Monitoring Software 14.3.3 - Denial of Service PoC Author: John Page aka hyp3rlinx Vendor: www.serverscheck.com Software Link: http://downloads.serverscheck.com/monitoringsoftware/setup.exe CVE: N/A References:...
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas Exploit
Exploit for iOS platform in category dos / poc Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas / There was recently some cleanup in the persona code to fix some race conditions there, I don't think it was sufficient: In kpersonaallocsyscall if we provide an invalid userspa...
The Open ISES Project 3.30A - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: The Open ISES Project 3.30A - Arbitrary File Download Exploit Author: Ihsan Sencan Vendor Homepage: http://openises.sourceforge.net/ Software Link: https://sourceforge.net/projects/openises/files/latest/download Version:...
Viprinet VPN Hub Router Cross Site Scripting Vulnerability
Exploit for php platform in category web applications New Hope Team identified a stored XSS in Viprinet VPN Hub Router. Overview: Input validation and output escaping mechanisms are missing for CLI interface. Stored XSS is possible. By exploiting that vulnerability an attacker can obtain sensitiv...
School ERP Ultimate 2018 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: School ERP Ultimate 2018 - Arbitrary File Download Dork: N/A Date: 2018-10-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://freeschoolerp.com/ Software Link: http://freeschoolerp.com/schoolerp30Nov2017free.zip Software...
eNdonesia Portal 8.7 - artid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: eNdonesia Portal 8.7 - 'artid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.endonesia.org/ Software Link: https://sourceforge.net/projects/endonesia/files/latest/download Version: 8.7 Category: Webapps...
Apple iOS / macOS - Kernel Memory Corruption due to Integer Overflow Exploit
Exploit for multiple platform in category dos / poc...
The Open ISES Project 3.30A - tick_lat SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: The Open ISES Project 3.30A - 'ticklat' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://openises.sourceforge.net/ Software Link: https://sourceforge.net/projects/openises/files/latest/download Version:...
School ERP Ultimate 2018 - fid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: School ERP Ultimate 2018 - 'fid' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://freeschoolerp.com/ Software Link: http://freeschoolerp.com/schoolerp30Nov2017free.zip Software Link:...
Modbus Poll 7.2.2 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Modbus Poll 7.2.2 - Denial of Service PoC Discovery by: Cemal Cihad ÇİFTÇİ Tested Version: 7.2.2 Vulnerability Type: DOS Tested on OS: Windows XP Professional Service Pack 3 Vendor Homepage: https://www.modbustools.com Download Lin...
Apple Intel GPU Driver - Use-After-Free/Double-Delete due to bad Locking Exploit
Exploit for macOS platform in category dos / poc / This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory external methods. The intel...
Apple iOS Kernel - Stack Memory Disclosure due to Failure to Check copyin Return Value Exploit
Exploit for iOS platform in category dos / poc Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Exploit Here's a code snippet from sleh.c with the second level exception handler for undefined instruction exceptions: static void handleuncategorizedarmsavedstat...
MySQL Edit Table 1.0 - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: MySQL Edit Table 1.0 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.bookman.nl Software Link: https://sourceforge.net/projects/sql-edit-table/files/latest/download Version: 1.0 Category: Webapps...
Apple iOS / macOS - Sandbox Escape due to Trusted Length Field in Shared Memory Exploit
Exploit for multiple platform in category dos / poc Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboard...
Microsoft Windows SetImeInfoEx Win32k NULL Pointer Dereference Exploit
This Metasploit module exploits an elevation of privilege vulnerability that exists in Windows 7 and 2008 R2 when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploits this vulnerability could run arbitrary code in kernel mode. An attacker could th...
WiFiRanger 7.0.8rc3 Incorrect Access Control / Privilege Escalation Vulnerability
WiFiRanger version 7.0.8rc3 suffers from an incorrect access control that allows for ftp retrieval of an RSA identity that an attacker can use to ssh in as root. Exploit Title: WiFiRanger 7.0.8rc3 Incorrect Access Control - Privilege Escalation POC Exploit Author: Mitchel Jordan Vendor Homepage:...
Apple iOS / macOS - Sandbox Escape due to mach Message sent from Shared Memory Exploit
Exploit for multiple platform in category dos / poc Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client...
Oracle Siebel CRM 8.1.1 - CSV Injection Vulnerability
Exploit for java platform in category web applications Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link:...
Viva Visitor & Volunteer ID Tracking 0.95.1 - fname SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://viva-visitor.sourceforge.io/ Software Link:...
AudaCity 2.3 - High processor usage Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: AudaCity 2.3 - High processor usage Denial of Service Author: Kağan Çapar Software Link: https://www.fosshub.com/Audacity.html Vendor Homepage : https://www.audacityteam.org Tested Version: 2.3 top version Tested on OS: Windows 10...
Linux/x86 print "If psycho say this is the end?" Shellcode (75 bytes)
/ Exploit Title : Linux/x86 print 'If psycho say "this is the end" ? :' Shellcode 75 bytes Exploit Author : Febriyanto Nugroho Tested on : Ubuntu 16.04 LTS Special thx : Meisye Deedee Cornelia :P / include include char shellcode= "\x31\xdb\x8d\x43\x0b\x99\x52\x6a\x6f\x68"...
libSSH - Authentication Bypass Exploit
!/usr/bin/env python3 import paramiko import socket import argparse from sys import argv, exit parser = argparse.ArgumentParserdescription="libSSH Authentication Bypass" parser.addargument'--host', help='Host' parser.addargument'-p', '--port', help='libSSH port', default=22...
Linux Semi-Arbitrary Task Stack Read On ARM64 / x86 Exploit
Linux suffers from a semi-arbitrary task stack read on ARM64 and x86 via /proc/$pid/stack. Linux: semi-arbitrary task stack read on ARM64 and x86 via /proc/$pid/stack This issue probably had the most impact on ARM64 kernels before commit e01e80634ecd "fork: unconditionally clear stack on fork",...
OwnTicket 1.0 - TicketID SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: OwnTicket 1.0 - 'TicketID' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://ownticket.sourceforge.io/ Software Link: https://sourceforge.net/projects/ownticket/files/latest/download Version: 1.0 Category:...
PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP-SHOP master 1.0 - Cross-Site Request Forgery Add admin Exploit Author : Alireza Norkazemi Vendor Homepage : https://github.com/joeyrush/PHP-SHOP Software link: https://github.com/joeyrush/PHP-SHOP/archive/master.zip Version:...
Learning with Texts 1.6.2 - start SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Learning with Texts 1.6.2 - 'start' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://lwt.sourceforge.net/ Software Link: https://sourceforge.net/projects/lwt/files/latest/download Version: 1.6.2 Category: Webap...
Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation Exploit
Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a readoffset/writeoffset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then...
FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Vulnerability
Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Author: Gjoko 'LiquidWorm' Krstic @zeroscience Vendor: FLIR Systems, Inc Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13, OS: necov1.8-0-g7ffe5b3 Hardware: Flir Systems Neco Board Tested on...
Time and Expense Management System 3.0 - CSRF (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Time and Expense Management System 3.0 - Cross-Site Request Forgery Add Admin Exploit Author: Ihsan Sencan Vendor Homepage: http://www.initechs.com/ Software Link: http://sourceforge.net/projects/tems/files/latest Version: 3.0...
IBM Security AppScan Standard 9.0.3 .udt Denial Of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: IBM Security AppScan Standard 9.0.3 .udt Denial Of Service Author: Kağan Çapar Software Link: http://www-01.ibm.com/support/docview.wss?uid=ibm10715965 Vendor Homepage : https://www.ibm.com/security/application-security/appscan...
LANGO Codeigniter Multilingual Script 1.0 Cross Site Scripting Vulnerability
LANGO Codeigniter Multilingual Script version 1.0 suffers from html injection and cross site scripting vulnerabilities. Exploit Title: LANGO - Codeigniter Multilingual Script 1.0 - HTML Injection and Stored XSS Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Lin...
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.com Affected version: 1.6.18P12121101 Tested on:...
Ekushey Project Manager CRM 3.1 Cross Site Scripting Vulnerability
Ekushey Project Manager CRM version 3.1 suffers from a persistent cross site scripting vulnerability. Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushe...
Any Sound Recorder 2.93 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Any Sound Recorder 2.93 - Buffer Overflow SEH Exploit Author: Abdullah Alic Homepage: http://www.any-sound-recorder.com Software Link: http://www.any-sound-recorder.com/anysoundrecorder.exe Version: 2.93 Tested on: Windows XP...