39001 matches found
Nagios XI Chained Remote Code Execution Exploit
This Metasploit module exploits a few different vulnerabilities in Nagios XI 5.2.6-5.4.12 to gain remote root access. The steps are: 1. Issue a POST request to /nagiosql/admin/settings.php which sets the database user to root. 2. SQLi on /nagiosql/admin/helpedit.php allows us to enumerate API key...
FTPShell Client 6.70 Enterprise Edition Stack Buffer Overflow Exploit
This Metasploit module exploits a buffer overflow in the FTPShell client 6.70 Enterprise edition allowing remote code execution. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FTPShell client...
TP-Link TL-WR841N V13 Command Injection Vulnerability
Exploit for hardware platform in category web applications Vulnerability: Authenticated Blind Command Injection Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Patched Version: None Overview The ping and traceroute functionalities allow for OS...
TP-Link TL-WR841N V13 Insecure Direct Object Reference Vulnerability
Exploit for hardware platform in category web applications Vulnerability: Broken Authentication Affected Software: TP-Link TL-WR841N v13 Affected Version: 0.9.1 4.16 v0001.0 Build 171019 Rel.55346n Patched Version: 0.9.1 4.16 v0001.0 Build 180119 Rel.65243n Overview An attacker that can send HTTP...
Cisco Adaptive Security Appliance - Path Traversal Exploit
Exploit for hardware platform in category web applications ''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques...
Polaris Office 2017 8.1 Remote Code Execution Exploit
Polaris Office 2017 version 8.1 allows attackers to execute arbitrary code via a trojan horse "puiframeworkproresenu.dll" file in the current working directory, due to a search order flaw vulnerability. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W Category: Hardware Exploit...
HongCMS 3.0.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: HongCMS 3.0.0 - SQL Injection Google Dork: if applicable Exploit Author: Hzllaga Vendor Homepage: https://github.com/Neeke/HongCMS/ Software Link: https://github.com/Neeke/HongCMS/ Version: 3.0.0 Tested on: php5.4 mysql5 CVE :...
hycus CMS 1.0.4 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: hycus Content Management System v1.0.4 Login Page Bypass Exploit Author: Berk Dusunur Vendor Homepage: http://www.hycus.com/ Software Link: http://demosite.center/hycus/ Version: 1.0.4 Tested on: Pardus / Debian Web Server CVE :...
BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: A CSRF vulnerability exists in BEESCMSV4.0: The administrator can be added arbitrarily. Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9226389.html Software Link: http://www.beescms.com/ Version: BEESC...
HPE VAN SDN 2.7.18.0503 - Unauthenticated Remote Root Exploit
Exploit for linux platform in category web applications ''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.2...
Wordpress < 4.9.6 - Arbitrary File Deletion Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress = 4.9.6 Arbitrary File Deletion Vulnerability Date: 2018-06-27 Exploit Author: VulnSpy Vendor Homepage: http://www.wordpress.org Software Link: http://www.wordpress.org/download Version: = 4.9.6 Tested on: php7 mysql5...
Quest KACE Systems Management - Command Injection Exploit
Exploit for unix platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Quest KACE Systems Management Command Injection', 'Description' = %q This module exploits a...
Liferay Portal < 7.0.4 - Server-Side Request Forgery Vulnerability
Exploit for java platform in category web applications 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686 0day.today 2018-06-26...
WordPress Advanced Order Export For #WooCommerce CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Affected Version: 1.5.4 and before Category: Plugi...
PoDoFo 0.9.5 - Buffer Overflow Vulnerability
Exploit for irix platform in category dos / poc Exploit Title: PoDoFo 0.9.5 - Stack-Based Buffer Overflow PoC Software Link: https://sourceforge.net/projects/podofo/ Vuln Version: 0.9.5 CVE: cve-2018-8002 Vulnerability Details: https://bugzilla.redhat.com/showbug.cgi?id=1548930 Exploit Author:...
AsusWRT #RTAC750GF - Cross-Site Request Forgery (Change Admin Password) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: AsusWRT RT-AC750GF - Cross-Site Request Forgery Change Admin Password Exploit Author: Wadeek Vendor Homepage: https://www.asus.com/ Firmware Link:...
Intex Router N-150 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Intex Router N-150 - Cross-Site Request Forgery Add Admin Exploit Author: Navina Asrani Version: N-150 Category: Router Firmware 1. Description The firmware allows malicious request to be executed without verifying source...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...
Wordpress Advanced Order Export For WooCommerce Plugin < 1.5.4 - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/woo-order-export-lite/ Affected Version: 1.5.4 and before Category: Plugi...
DIGISOL DG-BR4000NG - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK Category: Hardware Exploit Author: Adipta...
Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit title: Ecessa WANWorx WVR-30 input type="hidden" name="userusername1" value=...
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24...
Wordpress Comments Import & Export Plugin < 2.0.4 - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugi...
Foxit Reader 9.0.1.1049 - Remote Code Execution Exploit
Exploit for windows platform in category remote exploits %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...
KVM (Nested Virtualization) - L1 Guest Privilege Escalation Vulnerability
Exploit for linux platform in category dos / poc When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode this is...
Travel Agency 1.1 - cid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Travel Agency 1.1 - 'cid' SQL Injection Exploit Author: Ashkan Moghaddas Vulnerable Page: /add.city.php Vulnerable Source: Line20:ifisset$GET'action' && $GET'action' == 'del' Line21:$delete = mysqlquery"DELETE FROM destination...
DIGISOL DG-BR4000NG - Buffer Overflow Vulnerability
Exploit for hardware platform in category web applications Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow PoC Vendor Homepage† http://www.digisol.com Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK Version: DIGISOL DG-BR4000NG Wireless Router...
WordPress iThemes Security Plugin < 7.0.3 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin iThemes Securitybetter-wp-security = 7.0.2 - Authenticated SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com/ Vendor Homepage: https://ithemes.com/ Software Link:...
Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution Vulnerability
Exploit for linux platform in category remote exploits Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Vendor KB: https://support.emc.com/kb/521234 Github:...
phpMyAdmin 4.8.1 Code Execution / Local File Inclusion Vulnerabilities
Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0...
Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution Vulnerability
Exploit for linux platform in category local exploits Exploit Title: Dell EMC RecoverPoint &2 email protected:/ id uid=0root gid=0root groups=0root email protected:/ 0day.today 2018-06-22...
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion Vulnerability
Exploit for php platform in category web applications The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long ...
Opencart < 3.0.2.0 - Denial of Service Exploit
Exploit for php platform in category dos / poc !/usr/bin/perl -w Opencart https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Tested store with added more than 1000 products email protected cartkiller torsocks perl killcart.pl example.com Opencart = 3.0.2.0 googlesitemap Remote Deni...
GreenCMS 2.3.0603 - Information Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: GreenCMS 2.3.0603 - remote obtain sensitive information Exploit Author: vrsystem Vendor Homepage: https://github.com/GreenCMS/GreenCMS/ Software Link: https://github.com/GreenCMS/GreenCMS/ Version: GreenCMS 2.3.0603 Tested on:...
phpLDAPadmin 1.2.2 LDAP Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: phpLDAPadmin 1.2.2 - 'serverid' LDAP Injection Username Exploit Author: Berk Dusunur Vendor Homepage: http://phpldapadmin.sourceforge.net Software Link: http://phpldapadmin.sourceforge.net Version: 1.2.2 Tested on: Pardus / Debi...
QEMU Guest Agent 2.12.50 - Denial of Service Vulnerability
Exploit for linux platform in category dos / poc Exploit Title: QEMU Guest Agent 2.12.50 - Denial of Service Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.qemu.org/ Software Link: https://www.qemu.org/download/ Version: 2.12.50 and earlier Tested on: 2.12.50 CVE :...
VideoInsight WebClient 5 - SQL Injection Vulnerability
Exploit for windows platform in category web applications Title: VideoInsight WebClient 5 - SQL Injection Author: vosec Vendor Homepage: https://www.security.us.panasonic.com/ Software Link: https://www.security.us.panasonic.com/video-management-software/web-client/ Version: 5 Tested on: Windows...
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure Exploit
Exploit for multiple platform in category web applications require 'msf/core' class MetasploitModule 'IPConfigure Orchid VMS %q Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send...
LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: administrator account can be added arbitrarily. Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203899.html Software Link:...
LFCMS 3.7.0 - Cross-Site Request Forgery (Add User) Vulnerability
Exploit for php platform in category web applications Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: users can be added arbitrarily. Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203740.html Software Link: http://www.lfdycms.com/home/down/index/id/26.html...
MaDDash 2.0.2 - Directory Listing Vulnerability
Exploit for java platform in category local exploits Exploit Title: MaDDash 2.0.2 - Directory Listing Vendor: perfSONAR Download Link: https://github.com/esnet/maddash/archive/master.zip Version: 2.0.2 Exploit Author: ManhNho CVE: CVE-2018-12522,CVE-2018-12523,CVE-2018-12524,CVE-2018-12525...
Mirasys DVMS Workstation 5.12.6 - Path Traversal Vulnerability
Exploit for windows platform in category web applications Exploit Title: Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6 0day.today 2018-06-20...
Windows 10 - #Windows10 Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Exploit for windows platform in category dos / poc Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge applications calls CreateAppContainerToken while running as...
TP-Link TL-WA850RE - Remote Command Execution Exploit
Exploit for hardware platform in category web applications !/usr/bin/env python Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Command Execution Date: 19/06/2018 Exploit Author: yoresongo - Advisability S.A.S Colombia www.advisability.co Vendor Homepage:...
Apache CouchDB < 2.1.0 - Remote Code Execution Exploit
Exploit for linux platform in category web applications Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1....
NewMark CMS 2.1 - sec_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: NewMark CMS 2.1 - SQL Injection secid Google Dork: /catalog/?sectid= Exploit Author: Berk Dusunur Vendor Homepage: https://nmark.ru/ Software Link: https://nmark.ru/razrabotka/korporativniy-sayt/ Version: v2.1 Tested on: Pardus...
Windows 10 - #Windows10 Desktop Bridge Virtual Registry Incomplete Fix Privilege Escalation
Exploit for windows platform in category dos / poc Windows: Windows: Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the virtual registry for desktop bridge applications can...
ntp 4.2.8p11 - Local Buffer Overflow (PoC) Vulnerability
Exploit for linux platform in category dos / poc Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: http://www.ntp.org/ Software Link: http://www.ntp.org/downloads.html Version: 4.2.8p11 and earlier Tested on: 4.2.8p11 CVE :...