39001 matches found
WAGO 750-881 01.09.18 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WAGO 750-881 01.09.18 - Cross-Site Scripting Exploit Author: SecuNinja @secuninja Vendor Homepage: wago.com Version: 01.09.1813 and earlier Affected Products: Ethernet Controller 750-881 - 01.09.1813, 01.08.01 10 CVE : N/A...
ERegistrasi Pencak Silat 18.10 - id_partai SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: E-Registrasi Pencak Silat 18.10 - 'idpartai' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/eregistrasi-kejuaraan-silat/ Software Link:...
Wikidforum 2.20 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...
Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL...
CentOS Web Panel 0.9.8.480 Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Centos Web Panel 0.9.8.480 Multiple Vulnerabilities Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/system-requiremen...
Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection Vulnerability
Exploit for windows platform in category web applications...
Responsive Filemanager 9.8.1 Authentication Bypass Vulnerability
Exploit for php platform in category web applications I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Authentication Bypass II. CVE REFERENCE ------------------------- CVE-2018-18061 III. VENDOR ------------------------- https://www.responsivefilemanager.com IV. REFERENCES...
ghostscript - executeonly Bypass with errorhandler Setup Exploit
Exploit for linux platform in category local exploits While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc...
NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass Vulnerabilities
NPLUG Wireless Repeater version 1.0.0.14 suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities. ===== Tempest Security Intelligence ===================================== Multiple vulnerabilities in NPLUG wireless repeater CVE-2018-12455:...
Ektron CMS 9.20 SP2 - Improper Access Restrictions Vulnerability
Exploit for asp platform in category web applications Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...
jQuery-File-Upload 9.22.0 Arbitrary File Upload Vulnerability
jQuery-File-Upload versions 9.22.0 and below suffer from an unauthenticated arbitrary file upload vulnerability that allows for remote command execution. Title: jQuery-File-Upload 0day.today 2018-10-11...
XMeye P2P Cloud Remote Code Execution / Integrity Issues Vulnerabilities
XMeye P2P Cloud used with Xiongmai IP Cameras, NVRs and DVRs suffer from predictable Cloud IDs, default admin password, and various other issues that can result in remote code execution. ======================================================================= title: Remote Code Execution via XMeye...
MicroTik RouterOS < 6.43rc3 - Remote Root Exploit
/ Exploit Title: RouterOS Remote Rooting Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By the Way is an...
Microsoft Edge Chakra JIT - BailOutOnInvalidatedArrayHeadSegment Check Bypass Exploit
Exploit for windows platform in category dos / poc / The BailOutOnInvalidatedArrayHeadSegment check uses the JavascriptArray::GetArrayForArrayOrObjectWithArray method to check whether the given object is an array. If it's not an array, it will decide to skip the check which means that no bailout...
FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation Exploit
Exploit for hardware platform in category web applications !/usr/bin/env python -- coding: utf-8 -- FLIR Systems FLIR Thermal Traffic Cameras Websocket Device Manipulation Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected firmware version: V1.01-0bb5b27 TrafiOne Codename:...
Free MP3 CD Ripper 2.8 - .wma Buffer Overflow (SEH) (DEP Bypass) Exploit
Exploit for windows platform in category local exploits Exploit Title: Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow SEH DEP Bypass Exploit Author: Matteo Malvica Vendor: Cleanersoft Software Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper Tested...
WhatsApp - RTP Processing Heap Corruption Exploit
Exploit for Android platform in category dos / poc Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet. 08-31 15:43:50.721 9428 9713 F libc : Fatal signal 11 SIGSEGV, code 1, fault addr 0x7104200000 in tid 9713 Thread-11 08-31 15:43:50.722 382 382 W :...
Sitepress Multilingual 3.6.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications FULL DISCLOSURE Product : Sitepress Multilingual CMS Plugin Exploit Author : Rahul Pratap Singh Version : 3.6.3 and Below Home page Link : https://wpml.org/ Website: https://0x62626262.wordpress.com Date : 08/10/2018 Unauthenticated Stored XSS...
Responsive Filemanager 9.8.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications I. VULNERABILITY ------------------------- Responsive Filemanager 9.8.1 Reflected Cross Site Scripting XSS II. CVE REFERENCE ------------------------- CVE-2018-18062 III. VENDOR ------------------------- https://www.responsivefilemanager.com I...
Virtualmin 6.03 Multiple Vulnerabilities
Exploit for cgi platform in category web applications Exploit Title: Virtualmin 6.03 Multiple Vulnerabilities Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: https://www.virtualmin.com/ Software Link: https://www.virtualmin.com/download.html Version: 6.03...
Microsoft Edge Chakra JIT - Type Confusion Exploit
Exploit for windows platform in category dos / poc / The switch statement only handles Js::TypeIdsArray but not Js::TypeIdsNativeIntArray and Js::TypeIdsNativeFloatArray. So for example, a native float array can be considered as of type ObjectType::Object under certain circumstances where...
FileZilla 3.33 - Buffer Overflow Exploit
Exploit for linux platform in category dos / poc Exploit Title: FileZilla 3.33 Buffer-Overflow PoC Author: Kağan Çapar Discovery Date: 2018-10-10 Software Link: https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/filezilla/3.33.0-1/filezilla3.33.0-1.debian.tar.xz Vendor Homepage :...
Wikidforum 2.20 Multiple SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wikidforum 2.20 Multiple SQL Injection Vulnerability Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...
Android - sdcardfs Changes current->fs Without Proper Locking Exploit
Exploit for Android platform in category dos / poc Tested on a Pixel 2 walleye: ro.build.abupdate: true ro.build.characteristics: nosdcard ro.build.date: Mon Jun 4 22:10:18 UTC 2018 ro.build.date.utc: 1528150218 ro.build.description: walleye-user 8.1.0 OPM2.171026.006.G1 4820017 release-keys...
Linux Kernel - Pointer Leak via BPF Exploit
Exploit for linux platform in category dos / poc / Commit 82abbf8d2fc46d79611ab58daa7c608df14bb3ee "bpf: do not allow root to mangle valid pointers", first in v4.15 included the following snippet: ========= @@ -2319,43 +2307,29 @@ static int adjustregminmaxvalsstruct bpfverifierenv env, if...
net-snmp 5.7.3 - Unauthenticated Denial of Service Exploit
Exploit for linux platform in category dos / poc Exploit Title: net-snmp 5.7.3 - Unauthenticated Denial of Service PoC Exploit Author: Magnus Klaaborg Stubman Website: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos Vendor Homepage: http://www.net-snmp.org/ Software Link:...
ifwatchd Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts,...
Imperva SecureSphere 13 - Remote Command Execution Exploit
Exploit for linux platform in category web applications Title: Imperva SecureSphere 13 - Remote Command Execution Author: rsp3ar Vendor: https://www.imperva.com/products/securesphere/ CVE: N/A Version: 13.0.10, 13.1.10, 13.2.10 Tested on: SecureSphere Virtual Appliance Description PWS is a...
net-snmp 5.7.3 - Authenticated Denial of Service Exploit
Exploit for linux platform in category dos / poc / | | | / / | | -| || -| | | . | ||/ ||||| ||||||| | || 2018-10-08 NET-SNMP REMOTE DOS =================== Second bug is remotely exploitable only with knowledge of the community string in this case "public" leading to Denial of Service: echo -n...
360 3.5.0.1033 - Sandbox Escape Exploit
Exploit for windows platform in category local exploits Exploit Title: 360 3.5.0.1033 - Sandbox Escape Exploit Author: vrsystem Vendor Homepage: https://www.360.cn/ Software Link: https://dl.360safe.com/360/inst.exe Version: 3.5.0.1033 Tested on: 3.5.0.1033 CVE : None 1、CMDtest.py import os...
Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow Exploit
This Metasploit module exploits a stack based buffer overflow in Delta Electronics Delta Industrial Automation COMMGR 1.08. The vulnerability exists in COMMGR.exe when handling specially crafted packets. This Metasploit module has been tested successfully on Delta Electronics Delta Industrial...
Linux Kernel < 4.11.8 - mq_notify: double sock_put() Local Privilege Escalation Exp
Exploit for linux platform in category local exploits / CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target, it requires...
Git Submodule - Arbitrary Code Execution Vulnerability
Exploit for linux platform in category local exploits These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git...
Cisco Prime Infrastructure - Unauthenticated Remote Code Execution Exploit
Cisco Prime Infrastructure CPI contains two basic flaws that when exploited allow an unauthenticated attacker to achieve remote code execution. The first flaw is a file upload vulnerability that allows the attacker to upload and execute files as the Apache Tomcat user; the second is a privilege...
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
/ Linux/MIPS Big Endian - execve/bin/sh + Reverse TCP 192.168.2.157/31337 Shellcode 181 bytes Author: cq674350529 - execve'/bin/sh', tcp - 192.168.2.157/31337 - used in HTTP Request - tested on D-Link dir-850l router, avoid bad chars '\x00', '\x20', '\x23', '\x0d\x0a' - based on rigan's shellcode...
Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Title: Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes Author: Kartik Durg Shellcode Length: 104 BYTES Student-ID: SLAE-1233 Write-up Link: https://iamroot.blog/2018/10/02/0x4-rot13xorencodermmxdecodershellcode-linux-x86/ Tested on: Ubuntu 16.0.4.1 i686...
Navigate CMS - Unauthenticated Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Navigate CMS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits insufficient sanitization in the database::protect...
Chamilo LMS 1.11.8 - firstname Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version:...
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic Vendor: https://www.flir.com Link: https://www.flir.com/security/best-practices-for-cybersecurity/ CVE: N/A Tested on:...
Windows Net-NTLMv2 Reflection DCOM/RPC Exploit
This Metasploit module utilizes the Net-NTLMv2 reflection between DCOM/RPC to achieve a SYSTEM handle for elevation of privilege. Currently the module does not spawn as SYSTEM, however once achieving a shell, one can easily use incognito to impersonate the token. This module requires Metasploit:...
Unitrends UEB HTTP API Remote Code Execution Exploit
It was discovered that the api/storage web interface in Unitrends Backup UB before 10.0.0 has an issue in which one of its input parameters was not validated. A remote attacker could use this flaw to bypass authentication and execute arbitrary commands with root privilege on the target system. UE...
Claromentis Discuss 1.2.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Issue: Stored Cross site Scripting XSS on Discuss Module v1.2.1 in Claromentis intranet application Reserved CVE: CVE-2018-15903 Vulnerability OverviewThe Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to Stored Cross Site Scripting...
Chamilo LMS 1.11.8 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting Author: Cakes Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5...
Chrome OS /sbin/crash_reporter Symlink Traversal Vulnerability
Exploit for windows platform in category dos / poc Chrome OS: symlink traversal issue in /sbin/crashreporter Tested on: Version 69.0.3473.0 Official Build dev 64-bit CreateDirectoryWithSettings in https://chromium.googlesource.com/chromiumos/platform2/+/master/crash-reporter/crashcollector.cc107 ...
Photo Nettoyeur 1.4.5 Insecure File Permission Vulnerability
Exploit for windows platform in category local exploits i?-------------------------------------------------------- Exploit Title: Photo Nettoyeur 1.4.5 - Insecure File Permission Exploit Author : ZwX Vendor Homepage : http://www.marseillesoft.com/ Link Software :...
D-Link Central WiFiManager Software Controller Code Execution / XSS Exploit
D-Link Central WiFiManager Software Controller suffers from hard-coded credential, code execution, and cross site scripting vulnerabilities. Version 1.03 is affected. D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager...
ISPConfig < 3.1.13 Remote Command Execution Exploit
ISPConfig versions prior to 3.1.13 remote command execution exploit. Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ...
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin) Vulnerabilities
Exploit for hardware platform in category web applications Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery Add Admin Author: Cakes Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK...
WordPress Pie Register 3.0.15 Cross Site Scripting Vulnerability
WordPress Pie Register plugin version 3.0.15 suffers from a cross site scripting vulnerability. ===================================================================================== Pie Register v3.0.15 WordPress Plugin - Cross-Site Scripting Vulnerability in Login...
Easy File Sharing Web Server 7.2 - Domain Name Buffer Overflow Exploit
Exploit for windows platform in category local exploits -------------------------------------------------------- Exploit Title: Easy File Sharing Web Server 7.2 - 'Domain Name' Buffer Overflow Exploit Exploit Author : ZwX Exploit Date: 2018-09-19 Vendor Homepage : http://www.sharing-file.com/ Lin...