39001 matches found
Navigate CMS 2.8 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Title: Navigate CMS 2.8 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Vendor: https://www.navigatecms.com/en/home Software: Navigate CMS 2.8 CVE: CVE-2018-17255 Technical Details & Description: A Reflected Cross-Site Scripting web...
Joomla Auction Factory 4.5.5 Component - filter_order SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Auction Factory 4.5.5 - 'filterorder' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://thephpfactory.com/ Software Link:...
Linux/ARM - sigaction() Based Egghunter (PWN!) + execve Shellcode (52 Bytes)
/ Title: Linux/ARM - sigaction Based Egghunter PWN! + execve"/bin/sh", NULL, NULL Shellcode 52 Bytes Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara System Information pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.52-v7+ 1123 SMP Wed Jun 27 17:35:49 BST 2018 armv7l GNU/Linux...
Collectric CMU 1.0 - lang SQL injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Tested on: Linux CVE: N/A About...
WebRTC - FEC Out-of-Bounds Read Exploit
Exploit for multiple platform in category dos / poc There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer. This bug causes the following ASAN crash: ==109993==ERROR:...
WebRTC - VP9 Processing Use-After-Free Exploit
Exploit for multiple platform in category dos / poc There is a use-after-free in VP9 processing in WebRTC. In the method RtpFrameReferenceFinder::ManageFrameVp9 the following code occurs: auto gofinfoit = gofinfo.findcodecheader.temporalidx == 0 ? codecheader.tl0picidx - 1 : codecheader.tl0picidx...
Microsoft Windows ALPC Task Scheduler Local Privilege Elevation Exploit
On vulnerable versions of Windows the alpc endpoint method SchRpcSetSecurity implemented by the task scheduler service can be used to write arbitrary DACLs to .job files located in c:\windows\tasks because the scheduler does not use impersonation when checking this location. Since users can creat...
WordPress FV Flowplayer 7.2.0.727 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Reflected XSS in FV Flowplayer Wordpress plugin ================================================================ Author: Janek Vind "waraxe" Date: 20. September 2018 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-107.html Target...
Antidote 9.5.1 Code Execution Exploit
CVE-2018-13140 Antidote Remote Code Execution against the update component Description Antidote is a spell checker software for Windows, Linux macOS operating system. Threat The application is affected by a remote code execution against the update component. It leads to code execution with high...
MyBB Visual Editor 1.8.18 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications + Title: MyBB Visual Editor Stored XSS YLOADhttp://victim.com/video 4- Post the thread. While victim user replying your post, his browser will run JavaScript. Vulnerable pages: editpost.php newreply.php private.php and all Visual Editor embedd...
Staubli Jacquard Industrial System JC6 Shellshock Vulnerability
Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability. Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Exploit Author: t4rkd3vilz Vendor Homepage:...
HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write Vulnerabilities
Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are...
mgetty 1.2.0 Buffer Overflow / Privilege Escalation Vulnerabilities
mgetty version 1.2.0 suffers from buffer overflow, code execution, and various other privilege escalation related vulnerabilities. Multiple Vulnerabilities in mgetty ================================== Overview - -------- Confirmed Affected Versions: 1.2.0 Patched Versions: 1.2.1 Vendor: mgetty...
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: NICO-FTP 3.0.1.19 - Buffer Overflow SEH Author: Abdullah Alıç Software link: https://en.softonic.com/download/nico-ftp/windows/post-download Tested Version: 3.0.1.19 Vulnerability Type: Buffer Overflow SEH Tested on OS: Window...
ManageEngine SupportCenter Plus 8.1.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: ManageEngine SupportCenter Plus 8.1.0 - HTML Injection and Stored XSS Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/support-center/ Software ...
ManageEngine Desktop Central 10.0.271 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: ManageEngine Desktop Central 10 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/desktop-central/ Software : ZOHO Corp...
LimeSurvey 3.14.7 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: LimeSurvey 3.14.7 - HTML Injection and Stored XSS Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.limesurvey.org/ Software Link : https://github.com/LimeSurvey/LimeSurvey Software : LimeSurvey 3.14.7 Product Version...
Telegram Desktop 1.3.14 denial of service Vulnerability
Exploit for linux platform in category dos / poc Telegram Desktop aka tdesktop 1.3.14 might allow attackers to cause a denial of service assertion failure and application exit via an "Edit color palette" search that triggers an "index out of range" condition. NOTE: this issue is disputed by...
Linux/x86 - Egghunter + sigaction-based Shellcode (27 bytes)
/ Title: Linux/x86 - Egghunter + sigaction-based Shellcode 27 bytes Author:Valbrux This exploit is a dirty-slow but small version of the sigaction-based egg hunter shellcode global start section .text ;zeroing ecx xor ecx,ecx start: ;increment inc ecx ;sigaction syscall number push byte 67 pop ea...
Moodle 3.x PHP Unserialize Remote Code Execution Exploit
Exploit for php platform in category web applications ======================================================================= title: Remote Code Execution via PHP unserialize product: Moodle - Open-source learning platform vulnerable version: 3.5 to 3.5.1, 3.4 to 3.4.4, 3.1 to 3.1.13 and earlier...
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege Exploit
Exploit for windows platform in category dos / poc Windows: Double Dereference in NtEnumerateKey Elevation of Privilege Platform: Windows 10 1803 not vulnerable in earlier versions Class: Elevation of Privilege Summary: A number of registry system calls do not correctly handle pre-defined keys...
WesternDigital #MyCloud Authentication Bypass Vulnerability
It was discovered that the Western Digital My Cloud is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the My Cloud device. This...
Microsoft Windows - CiSetFileCache WDAC Security Feature Bypass TOCTOU Exploit
Exploit for windows platform in category dos / poc Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against cache signing has been...
WordPress Wechat Broadcast 1.2.0 Plugin - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: N/A Description This bug was found in the file:...
LG SuperSign EZ CMS 2.5 - Local File Inclusion Vulnerability
Exploit for hardware platform in category web applications Exploit Title: LG SuperSign EZ CMS 2.5 - Local File Inclusion Exploit Author: Alejandro Fanjul Vendor Homepage: https://www.lg.com/ar/software-lg-supersign Version: SuperSign EZ CMS Tested on: Web OS 4.0 CVE : CVE-2018-16288 More info:...
WordPress Localize My Post 1.0 Plugin - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: N/A DESCRIPTION This bug was found in the file:...
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Vulnerability
Exploit for linux platform in category web applications Exploit Title: Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Exploit Author: Fahimeh Rezaei Vendor Homepage: https://plugins.roundcube.net/packages/eagle00789/rcfilters Software Link:...
Radan-http service for Linux remote code execute Exploit
Injection into a web application Hack all servers have webapp open port 8088 Ok so the web application attack has 2 steps. 1: Create a new application done with post request to /newappication, 2: Now once we done that we can execute commands inside of it. Usage Info 1 You need to scan ip list wit...
TeamViewer App 13.0.100.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: TeamViewer App 13.0.100.0 - Denial of Service PoC Exploit Author: Ali Alipour WebSite: http://Alipour.it Vendor Homepage: https://www.teamviewer.com Software Link...
Infiltrator Network Security Scanner 4.6 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Infiltrator Network Security Scanner 4.6 - Denial of Service PoC Author: Gionathan "John" Reale Software Link: https://www.infiltration-systems.com/download.shtml Tested Version: 4.6 Tested on OS: Windows 7 32-bit Steps to Reproduc...
Clone2Go Video to iPod Converter 2.5.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Clone2Go Video to iPod Converter 2.5.0 - Denial of Service PoC Exploit Author: ZwX Vendor Homepage : http://www.clone2go.com/ Software Link: http://www.clone2go.com/down/video-to-ipod-setup.exe Tested on OS: Windows 7 Proof of...
WordPress Arigato Autoresponder And Newsletter 2.5 SQL Injection / XSS Vulnerabilities
Exploit for php platform in category web applications Title: Blind SQL injection and multiple reflected XSS vulnerabilities in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5 Author: Larry W. Cashdollar, @larry0 Date: 2018-08-22...
Apple macOS 10.13.4 - Denial of Service Exploit
Exploit for macOS platform in category dos / poc Exploit Title: Apple MacOS 10.13.4 - Denial of Service PoC Exploit Author: Sriram @SriHxor Vendor Homepage: https://support.apple.com/en-in/HT208848 Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0 CVE : CVE-2018-4240 2018 P...
InfraRecorder 0.53 - (.txt) Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: InfraRecorder 0.53 - '.txt' Denial of Service PoC Exploit Author: Gionathan "John" Reale Version: version 0.53 Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download Tested on: Windows 7...
CA Release Automation NiMi 6.5 - Remote Command Execution Exploit
Exploit Title: CA Release Automation NiMi 6.5 - Remote Command Execution Exploit Authors: Jakub Palaczynski, Maciej Grabiec Vendor Homepage: http://www.ca.com/ Software Link: https://docops.ca.com/ca-release-automation/5-5-2/en/installation/deploy-agents/ Version: CA Release Automation NiMi 5.X,...
XAMPP Control Panel 3.2.2 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Author: Gionathan "John" Reale Software: XAMPP Version: 3.2.2 / 7.2.9 Newest version at time of writing Download:...
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit
Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software Link: https://uplay.ubi.com/ Version: 63.0.5699.0 Tested on: Windows, Microsoft...
CdBurnerXP 4.5.8.6795 - File Name Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: CdBurnerXP 4.5.8.6795 - 'File Name' Denial of Service PoC Discovery by: Alan Baeza Vendor Homepage: https://cdburnerxp.se/ Software Link: https://cdburnerxp.se/downloadsetup.exe Tested Version: 4.5.8.6795 Tested on OS : Windows 10...
Solaris libnspr NSPR_LOG_FILE Privilege Escalation Exploit
This Metasploit module exploits an arbitrary file write vulnerability in the Netscape Portable Runtime library libnspr on unpatched Solaris systems prior to Solaris 10u3 which allows users to gain root privileges. libnspr versions prior to 4.6.3 allow users to specify a log file with the...
NUUO NVRMini2 3.8 - cgi_system Buffer Overflow (Enable Telnet) Exploit
Exploit Title: NUUO NVRMini2 3.8 - 'cgisystem' Buffer Overflow Enable Telnet Exploit Author: Jacob Baines Vendor Homepage: https://www.nuuo.com/ Device: NRVMini2 Software Link: https://www.nuuo.com/ProductNode.php?node=2 Versions: 3.8.0 and below Tested Against: 03.07.0000.0011 and 03.08.0000.000...
jiNa OCR Image to Text 1.0 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: jiNa OCR Image to Text 1.0 - Denial of Service PoC Author: Gionathan "John" Reale Software Link: http://www.convertimagetotext.net/downloadsoftware.php Tested Version: 1.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the...
RoboImport 1.2.0.72 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: RoboImport 1.2.0.72 - Denial of Service PoC Author: Gionathan "John" Reale Software Link: http://www.picajet.com/download/RoboImportInstall.exe Tested Version: 1.2.0.72 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the...
PixGPS 1.1.8 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: PixGPS 1.1.8 - Denial of Service PoC Author: Gionathan "John" Reale Software Link: http://www.br-software.com/pixgps11setup.exe Tested Version: 1.1.8 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script,...
Microsoft Edge Chakra JIT localeCompare Type Confusion Exploit
Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: Type confusion with localeCompare CVE-2018-8355 A call to the String.prototype.localeCompare method can be inlineed when it only takes one argument. There are two versions of String.prototype.localeCompare, one 1 is...
iCash 7.6.5 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: iCash 7.6.5 - Denial of Service PoC Author: Gionathan "John" Reale Software Link: https://www.maxprog.com/site/misc/downloadsus.php Tested Version: 7.6.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit...
Linux/ARM - Jump Back Shellcode + execve("/bin/sh", NULL, NULL) Shellcode (4 Bytes)
/ Title: Linux/ARM - Jump Back Shellcode + execve"/bin/sh", NULL, NULL Shellcode 4 Bytes Author: Ken Kitahara Tested: armv7l Raspberry Pi 3 Model B+ System Information pi@raspberrypi: $ uname -a Linux raspberrypi 4.14.52-v7+ 1123 SMP Wed Jun 27 17:35:49 BST 2018 armv7l GNU/Linux pi@raspberrypi: $...
Faleemi Plus 1.0.2 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Faleemi Plus 1.0.2 - Denial of Service PoC Author: Gionathan "John" Reale Software Link: http://support.faleemi.com/fsc776/FaleemiPlusv1.0.2.exe Tested Version: 1.0.2 Tested on OS: Windows 10 Steps to Reproduce: Run the python...
Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion Exploit
Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: Type confusion with PathTypeHandlerBase::SetAttributesHelper CVE-2018-8384 Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType =...
PicaJet FX 2.6.5 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: PicaJet FX 2.6.5 - Denial of Service PoC Author: Gionathan "John" Reale Software Link: http://www.picajet.com/download/PicaJetFXInstall.exe Tested Version: 2.6.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python...
Notebook Pro 2.0 - Denial Of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title : Notebook Pro 2.0 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : http://Alipour.it Vendor Homepage : http://www.stokedonit.com/apps/notebook-pro/ Software Link Download :...