39001 matches found
Modx Revolution < 2.6.4 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Modx Revolution ' if requests.get target + '/connectors/system/phpthumb.php', verify=verify.statuscode != 404: printFore.GREEN + '/connectors/system/phpthumb.php - found' url = target + '/connectors/system/phpthumb.php' payload ...
FTP2FTP 1.0 - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: FTP2FTP 1.0 - Arbitrary File Download Dork: N/A Date: 18.07.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ftp2ftp-server-to-server-file-transfer-php-script/21972395 Version: 1.0...
MyBB New Threads Plugin 1.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB New Threads Plugin - Cross-Site Scripting Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 Version: 1.1 Tested on: Ubuntu 18.04 CVE: CVE-2018-14392 ...
Linux Kernel < 4.14.8 Sign Extension Local Privilege Escalation Exploit
Linux kernel versions prior to 4.14.8 utilize the Berkeley Packet Filter BPF which contains a vulnerability where it may improperly perform signing for an extension. This can be utilized to escalate privileges. The target system must be compiled with BPF support and must not have...
WordPress All In One Favicon 4.6 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin All In One Favicon = 4.6 - Authenticated Multiple XSS Persistent Exploit Author: Javier Olmedo Website: https://hackpuntes.com/ Vendor Homepage: http://www.techotronic.de/ Software Link:...
Open-AudIT Community 2.1.1 - Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Open-AudIT Community - 2.1.1 - Cross Site Scripting Vulnerability Google Dork:NA Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://opmantek.com/ Software Link:http://dl-openaudit.opmantek.com/OAE-Win-x8664-...
Smart SMS & Email Manager 3.3 - contact_type_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Smart SMS & Email Manager v3.3 - SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/smart-sms-email-manager-ssem/14817919 Version: 3.3 Tested on: Kali linux...
HomeMatic Zentrale CCU2 Unauthenticated Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits Exploit Title: HomeMatic Zentrale CCU2 Unauthenticated RCE Software Link: https://www.homematic.com/ Exploit Author: Kacper Szurek - ESET Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ YouTube:...
PrestaShop < 1.6.1.19 - BlowFish ECD Privilege Escalation Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 PrestaShop = 1.6.1.19 Privilege Escalation Charles Fol 2018-07-10 See https://ambionics.io/blog/prestashop-privilege-escalation The condition for this exploit to work is for an employee to have the same password as a...
PrestaShop < 1.6.1.19 - AES CBC Privilege Escalation Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 PrestaShop = 1.6.1.19 AES Rijndael / opensslencrypt Cookie Read Charles Fol See https://ambionics.io/blog/prestashop-privilege-escalation This POC will reveal the content of an employee's cookie. By modifying it one can...
JavaScript Core - Arbitrary Code Execution Exploit
Exploit for multiple platform in category local exploits // Load Int library, thanks saelo! load'util.js'; load'int64.js'; // Helpers to convert from float to in a few random places var conva = new ArrayBuffer8; var convf = new Float64Arrayconva; var convi = new Uint32Arrayconva; var convi8 = new...
Nanopool Claymore Dual Miner APIs Remote Code Execution Exploit
Exploit for multiple platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Nanopool Claymore Dual Miner APIs RCE',...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Configuration Download Vulnerability
Exploit for hardware platform in category web applications Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1....
Linux/x64 - Reverse (::1:1337/TCP) + IPv6 + Password (pwnd) Shellcode (115 bytes)
/ ; Title : Reverse Shell IPv6 with Password - Shellcode ; Author : Hashim Jawad @ihack4falafel ; OS : Linux kali 4.15.0-kali2-amd64 1 SMP Debian 4.15.11-1kali1 2018-03-21 x8664 GNU/Linux ; Arch : x8664 ; Size : 115 bytes section .text global start start: ; int socketint domain, int type, int...
TPLink Archer C60 1.0 Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: UnAuthenticated Remote Code Execution at TP-Link Archer C60 Router Date: 16.07.2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.tp-link.com/ Hardware Link :...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Vulnerability
Exploit for hardware platform in category local exploits Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 buil...
Microsoft Windows #MicrosoftWindows .library-ms Information Disclosure Vulnerability
Library description files are XML files that define libraries. Libraries aggregate items from local and remote storage locations into a single view in Windows Explorer. Library description files follow the Library Description schema and are saved as .library-ms files. The .library-ms filetype...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Default Credentials Vulnerability
Exploit for hardware platform in category remote exploits Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6...
LinkedIn account bypassed 2-Factor-Authentication Exploit
Exploit can reset any LinkedIn account while bypassing callphone authentication. This is private exploit. You can buy it at https://0day.today...
QNAP #QCenter change_passwd Command Execution Exploit
This Metasploit module exploits a command injection vulnerability in the changepasswd API method within the web interface of QNAP Q'Center virtual appliance versions prior to 1.7.1083. The vulnerability allows the 'admin' privileged user account to execute arbitrary commands as the 'admin'...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - File Manipulation Vulnerability
Exploit for hardware platform in category web applications Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1....
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service Vulnerability
Exploit for hardware platform in category dos / poc Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6 build...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Vulnerabil
Exploit for hardware platform in category web applications Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6...
Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Remote Root Vulnerability
Exploit for hardware platform in category web applications Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160 IPn4Gb 1.1.6...
Wordpress Job Manager 4.1.0 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Job Manager v4.1.0 Stored Cross Site Scripting Google Dork: N/A Date: 2018-07-15 Exploit Author: Berk Dusunur & Selimcan Ozdemir Vendor Homepage: https://wpjobmanager.com Software Link:...
Linux/ARM - Bind (/TCP) Shell Shellcode (104 bytes)
/ Copyright © 2017 Odzhan. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the...
VelotiSmart WiFi B-380 Camera - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Title: Vulnerability in VelotiSmart Wifi - Directory Traversal Date: 12-07-2018 Scope: Directory Traversal Platforms: Unix Author: Miguel Mendez Z Vendor: VelotiSmart Version: B380 CVE: CVE-2018–14064 Vulnerability description...
Microsoft Enterprise Mode Site List Manager - XML External Entity Injection Vulnerability
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor ============= www.microsoft Product =========== Enterprise Mode Site List Manager versions1/2 You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain...
Fortify Software Security Center (SSC) 17.x/18.1 - XML External Entity Injection Vulnerability
Exploit for java platform in category web applications Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at...
macOS / iOS - JavaScript Injection Bug in OfficeImporter Exploit
Exploit for multiple platform in category dos / poc QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code usi...
Linux Ubuntu - Other Users coredumps can be read via setgid Directory and killpriv Bypass Exploit
Exploit for linux platform in category dos / poc / Note: I am both sending this bug report to email protected and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug. You may wish to talk to each other to determine the best place to fix...
Linux #Ubuntu Coredump Reading Access Bypass Vulnerability
Linux/Ubuntu suffers from a vulnerability where other users' coredumps can be read via a setgid directory and killpriv bypass. Linux/Ubuntu: other users' coredumps can be read via setgid directory and killpriv bypass Note: I am both sending this bug report to email protected and filing it in the...
Apache #Hadoop YARN ResourceManager Unauthenticated Command Execution Exploit
This Metasploit module exploits an unauthenticated command execution vulnerability in Apache Hadoop through ResourceManager REST API. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Hadoop YARN...
Apache #CouchDB Arbitrary Command Execution Exploit
CouchDB administrative users can configure the database server via HTTPS. Some of the configuration options include paths for operating system-level binaries that are subsequently launched by CouchDB. This allows an admin user in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to execute arbitra...
phpMyAdmin Authenticated Remote Code Execution Exploit
phpMyAdmin v4.8.0 and v4.8.1 are vulnerable to local file inclusion, which can be exploited post-authentication to execute PHP code by application. The module has been tested with phpMyAdmin v4.8.1. This module requires Metasploit: https://metasploit.com/download Current source:...
OpenConext-EngineBlock 5.7.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications XSS vulnerabilities were found in multiple pages that allows an attacker to inject arbitrary web scripts. The Twig PHP extension configuration was not sanitizing user input before display it to the user. Issues fixed in version 5.7.4 and 5.8.0...
Chrome V8 KeyAccumulator Bug Exploit
Chrome V8 suffers from a bug in KeyAccumulator that can cause a crash. Chrome: V8: A bug with KeyAccumulator PoC: for let i = 0; i https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=a2ca1996873f3ffa79d9495fb2cf4e7c0e51d9e9&l=18369. The new table is directly used as the backing store of th...
Microsoft Windows #MicrosoftWindows POP/MOV SS Local Privilege Elevation Exploit
This Metasploit module exploits a vulnerability in a statement in the system programming guide of the Intel 64 and IA-32 architectures software developer's manual being mishandled in various operating system kernels, resulting in unexpected behavior for DB exceptions that are deferred by MOV SS o...
Zeta Producer Desktop CMS 14.2.0 Code Execution / File Disclosure Vulnerabilities
Zeta Producer Desktop CMS versions 14.2.0 and below suffers from code execution and file disclosure vulnerabilities. ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable version:...
Grundig Smart [email protected] 3.0 - Cross-Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Grundig Smart email protected 3.0 - Cross-Site Request Forgery Exploit Author: Ahmethan-Gultekin - t4rkd3vilz Vendor Homepage: https://www.grundig.com/ Software Link: https://play.google.com/store/apps/details?id=arcelik...
ISS For Business 14.0.1400.2029 Blue Screen Of Death Vulnerability
In MicroWorld eScan Internet Security Suite ISS for Business version 14.0.1400.2029, the driver econceal.sys allows a non-privileged user to send a 0x830020E0 IOCTL request to \.\econceal to cause a denial of service BSOD. ===== Tempest Security Intelligence - ADV-24/2018 === eScan ISS for...
G DATA Total Security 25.4.0.3 - Activex Buffer Overflow Exploit
Exploit for windows platform in category dos / poc 'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackL...
#ManageEngine Exchange Reporter Plus Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits a remote code execution vulnerability that exists in Exchange Reporter Plus versions 5310 and below, caused by execution of bcp.exe file inside ADSHACluster servlet This module requires Metasploit: https://metasploit.com/download Current source:...
QNAP Qcenter Virtual Appliance 1.6.x Information Disclosure / Command Injection Vulnerabilities
QNAP Qcenter Virtual Appliance versions 1.6.1056 20170825 and 1.6.1075 20171123 suffer from information disclosure and command injection vulnerabilities. QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 1. Advisory Information Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities...
MonstraCMS Authenticated Arbitrary File Upload Exploit
Monstra CMS 3.0.4 allows users to upload arbitrary files which leads to remote command execution on the remote server. An attacker may choose to upload a file containing PHP code and run this code by accessing the resulting PHP file. This Metasploit module was tested against Monstra CMS 3.0.4. Th...
Linux Kernel < 4.13.9 (Ubuntu 16.04/Fedora 27) - Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits / Credit @bleidl, this is a slight modification to his original POC https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c For details on how the exploit works, please visit...
Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions Exploit
Exploit for windows platform in category dos / poc / Here's a PoC: / function optstr for let i = 0; i .var s9.var = LdSlot s32s18l53.var s7.var = LdSlot s20s18l51.var s8.var = LdSlot s19s18l52.var s1Object.var = LdA 0x7FFFF47A0000 GlobalObjectObject.var s2.var = LdCAI4 0 0x0.i32 s3.var = LdCAI4 2...
Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read Exploit
Exploit for windows platform in category dos / poc / BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual function. The problem is, it...
WAGO e!DISPLAY 7300T XSS / File Upload / Code Execution Vulnerabilities
WAGO e!DISPLAY 7300T WP 4.3 480x272 PIO1 version FW 01 - 01.01.1001 suffer from code execution, cross site scripting, weak permission, and remote file upload vulnerabilities. ======================================================================= title: Remote code execution via multiple attack...
Dicoogle PACS 2.5.0 - Directory Traversal Vulnerability
Exploit for windows platform in category web applications Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal Software Link: http://www.dicoogle.com/home Version: Dicoogle PACS 2.5.0-201712291522 Category: webapps Tested on: Windows 2012 R2 Exploit Author: Carlos Avila Contact:...