39001 matches found
Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service Exploit
Exploit for linux platform in category dos / poc Title: Gnome Web/Epiphany Browser libephymain.so in GNOME WEB/Epiphany PoC: b1tch3z = window.open"https://www.google.com", "bl1ngbl1ng", "width=250,height=250"; b1tch3z.document.write"ua b1tch3z"; // https://github.com/undergroundagency //...
Monstra CMS < 3.0.4 - Cross-Site Scripting Exploit
Exploit for php platform in category web applications Title: Monstra CMS www.target.com' url = input'Target : ' print' Required admin's PHPSESSID.' PHPSESSID = input'PHPSESSID : ' pagename = input'Pagename : ' script = input'Script : ' target = 'http://' + url +...
WordPress Form Maker Plugin 1.12.24 - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: WordPress Form Maker Plugin 1.12.24 - SQL Injection Author: Neven Biruski Software: WordPress Form Maker plugin https://wordpress.org/plugins/form-maker/ Version: 1.12.24 and below Vendor Status: Vendor contacted, update released The...
Ftp Server 1.32 - Credential Disclosure Vulnerability
Exploit for Android platform in category local exploits Exploit Title: Ftp Server 1.32 - Credential Disclosure Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver Version: 1.32 Android App Vendor: The Olive Tree Exploit Author: ManhNho CVE: N/A Category: Mobile...
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass Vulnerability
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Product: =========== OfficeScan XG v11.0 OfficeScan protects enterprise networks from malware, network viruses, web-based threats, spyware, and mixed threat attacks. An integrated solution, OfficeScan...
Microsoft Windows 10 #MicrosoftWindows #Windows10 scrrun.dll Active-X Creation / Deletion Issues
Exploit for windows platform in category dos / poc Title: Windows 10 'scrrun.dll' Multiple vulnerabilities Author: Nassim Asrir Contact: email protected / https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: https://www.microsoft.com/ Test ENV: ======== Browser : IE 11 OS: Windows 10 - x64...
Clone 2 GO Video Converter 2.8.2 Unicode Buffer Overflow Exploit
Exploit for linux platform in category local exploits !/usr/bin/python ---------------------------------------------------------------------------------------------------------------------- Exploit Title : Clone 2 GO Video converter 2.8.2 Unicode Buffer Overflow Remote Code Execution Exploit Auth...
macOS #Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver Exploit
Exploit for macOS platform in category dos / poc / nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when only one is held. Note that the repro...
macOS / #iOS #Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist Exploit
Exploit for multiple platform in category dos / poc / getvolattrlist takes a user controlled bufferSize argument via the fgetattrlist syscall. When allocating a kernel buffer to serialize the attr list to there's the following comment: / Allocate a target buffer for attribute results. Note that...
Canon LBP6650 / LBP3370 / LBP3460 / LBP7750C - Authenticaton Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Incorrect Access Control in Canon LBP6650, LBP3370, LBP3460, LBP7750C Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Software Link: Website Severity: High Version: LBP6650, LBP3370, LBP3460, LBP7750C Teste...
MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Recent Threads Plugin v1.0 - Cross-Site Scripting Date: 6/2/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=842 Version: 1.0 Tested on: Ubuntu 18.0...
WebKitGTK+ < 2.21.3 - pageURL Mishandling Crash (PoC) Exploit
webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unset pageURL, leading to an application crash. Title: WebKitGTK+ win = window.open"sleeponesecond.php...
Canon MF210 / MF220 - Authenticaton Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Incorrect Access Control in Canon MF210 & MF220 Series Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Software Link: Website Version: MF210 & MF20 Series Severity: High Tested on: Mozilla FireFox Descripti...
Jenkins Mailer Plugin < 1.20 - Cross-Site Request Forgery (Send Email) Vulnerability
Exploit for php platform in category web applications Exploit Title : Jenkins mailer plugin \ '+table'covermessage'+'' s = smtplib.SMTPtable'smtpserver' s.starttls s.logintable'lid', table'lpw' s.sendmailmsg'From', msg'To', msg.asstring...
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title : 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - ihack4falafel Vendor Homepage : https://www.10-strike.com/ Vulnerable Software:...
10-Strike Network Scanner 3.0 Local Buffer Overflow Exploit
Exploit for linux platform in category local exploits !/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : 10-Strike Network Scanner v3.0 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - @ihack4falaf...
PHP 7.2.2 - php_stream_url_wrap_http_ex Buffer Overflow Exploit
Exploit for php platform in category dos / poc Description: ------------ The latest PHP distributions contain a memory corruption bug while parsing malformed HTTP response packets. Vulnerable code at: phpstreamurlwraphttpex /home/weilei/php-7.2.2/ext/standard/httpfopenwrapper.c:723 if...
10-Strike Network Inventory Explorer 8.54 - Registration Key Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow SEH Exploit Author: Hashim Jawad - ihack4falafelx Vendor Homepage: https://www.10-strike.com/ Vulnerable Software:...
Sint Wind PI 01.26.19 Authentication Bypass Vulnerability
Exploit for linux platform in category web applications Sint Wind PI v01.26.19 Authentication Bypass Vendor: Tonino Tarsi Product web page: https://github.com/ToninoTarsi/swpi Affected version: 01.26.19 Summary: A Meteo Station software for Raspberry PI. Capability include telephone answering,...
XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP Exploit
Exploit for multiple platform in category dos / poc mptcpusrconnectx is the handler for the connectx syscall for the APMULTIPATH socket family. The logic of this function fails to correctly handle source and destination sockaddrs which aren't AFINET or AFINET6: // verify salen for AFINET: if...
Pagekit < 1.0.13 - Cross-Site Scripting Code Generator Exploit
Exploit for php platform in category web applications Title: Pagekit ' + code + '' f = openname, 'w+' f.writecode f.close if name == 'main': print''' / \ \ / / | | \ / / | / / | | / / | || | | | \ \ / /| | | | | | |/ \ | | | | ' | || | | | \ V / | ||/ /| || | | || | | | | | | / || ||/||/...
Linux Kernel 4.16.11 #LinuxKernel - #ext4_read_inline_data() Memory Corruption Exploit
Exploit for linux platform in category dos / poc ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in the inode...
WebKit not_number defineProperties Use-After-Free Exploit
Exploit for multiple platform in category dos / poc This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebKit notnumber defineProperties UAF', 'Description' = %q This module exploits a UAF...
SearchBlox 8.6.7 - XML External Entity Injection Vulnerability
Exploit for java platform in category web applications Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE:...
CyberArk < 10 - Memory Disclosure Exploit
Exploit for linux platform in category remote exploits Exploit Title: CyberArk 10 - Memory Disclosure Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows...
Zip-n-Go 4.9 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : Zip-n-Go v4.9 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - @ihack4falafel Vendor...
EMS Master Calendar < 8.0.0.20180520 - Reflected Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: EMS Master Calendar alert'XSS'xyz 0day.today 2018-06-05...
Smartshop 1 - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Smartshop 1 - SQL Injection Exploit Author: L0RD or email protected Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-websi...
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability add admin Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11671 An issue wa...
Smartshop 1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Smartshop 1 - Cross site request forgery Exploit Author: L0RD or email protected Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage:...
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution Vulnerabilities
Exploit for php platform in category web applications Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11670 An issue...
Windows UAC Protection Bypass (Via Slui File Handler Hijack) Exploit
This Metasploit module will bypass UAC on Windows 8-10 by hijacking a special key in the Registry under the Current User hive, and inserting a custom command that will get invoked when any binary .exe application is launched. But slui.exe is an auto-elevated binary that is vulnerable to file...
Quest KACE System Management Appliance 8.0 - Multiple Vulnerabilities
Quest KACE System Management Appliance version 8.0 Build 8.0.318 suffers from code execution, cross site scripting, path traversal, remote SQL injection, and various other vulnerabilities. Quest KACE System Management Appliance Multiple Vulnerabilities 1. Advisory Information Title: Quest KACE...
SonyPlaystation 4 ( #PS4 ) 5.1 - #Kernel Exploit
Exploit for hardware platform in category local exploits log"--- trying kernel exploit --"; function mallocsz var backing = new Uint8Array0x10000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new...
SonyPlaystation 3 ( #PS3 ) 4.82 - #Jailbreak (ROP) Exploit
Exploit for hardware platform in category local exploits EDB Note http://ps3xploit.com/help/dumper.html EDB Download https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44820.zip Dumper Help Warning: Due to the lack of proper checks after exiting the ROP chai...
SonyPlaystation 4 ( #PS4 ) 5.07 - #Jailbreak #WebKit / bpf v2 Kernel Loader Exploit
Exploit for hardware platform in category local exploits PS4 5.05 Kernel Exploit --- Summary In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and...
Epiphany 3.28.2.1 - Denial of Service Vulnerability
Exploit for multiple platform in category dos / poc Summary: ephy-session.c in libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted...
Git < 2.17.1 - Remote Code Execution Exploit
Exploit for linux platform in category remote exploits...
TAC Xenta 511/911 - Directory Traversal Vulnerability
Exploit for hardware platform in category web applications Exploit Title: TAC Xenta 511 and 911 Credentials Disclosure Exploit Author: Marek Cybul Vendor Homepage: https://download.schneider-electric.com/files?pFileName=TACXenta911SDS-XENTA911.pdf Version: 5.17 Schneider Electric TAC Xenta 911 an...
New STAR 2.1 - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: New STAR 2.1 - SQL Injection / Cross-Site Scripting Exploit Author: Kağan Çapar Contact: email protected Vendor Homepage: https://codecanyon.net/item/new-star-listen-youtube-music/7486113 Version: 2.1 Category: Webapps Tested on...
Grid Pro Big Data 1.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Exploit Author: Kağan Çapar Vendor Homepage: https://codecanyon.net/item/grid-pro-big-data-table-view-data-grid-with-sort-search-and-filter-for-large-mysql-tables/20395348 Version...
Quest DR Series Disk Backup Software 4.0.3 Code Execution Vulnerability
Exploit for windows platform in category remote exploits Quest DR Series Disk Backup Multiple Vulnerabilities 1. Advisory Information Title: Quest DR Series Disk Backup Multiple Vulnerabilities Advisory ID: CORE-2018-0002 Advisory URL:...
PHP Dashboards NEW 5.5 - (email) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP Dashboards NEW v5.5 - 'Login' SQL Injection Exploit Author: Kağan Çapar Contact: email protected Vendor Homepage: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104 Version: 5.5 Category:...
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
/ ; Filename: tcpbindshellcodelight.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: binds on TCP port 4444 and spawn a shell on incoming connections. global start section .text start: ; Creating the socket. ; ; int socketint domain...
CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Exploit Author: Kağan Çapar Contact: email protected Vendor Homepage: https://codecanyon.net/item/csv-import-export/21105509 Version: 1.1.0 Category: Webapps Test...
Linux/x86 - EggHunter + access() Shellcode (38 bytes)
/ ; Filename: egghunter.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Blog post: https://codiceinsicuro.it/slae/ ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: This is the first stage of our payload. An egg-hunter shellcode ; looping through memory and jumping on the payloa...
Microsoft Edge Chakra EntrySimpleObjectSlotGetter Type Confusion Exploit
Microsoft Edge Chakra suffers from an issue where EntrySimpleObjectSlotGetter can have side effects that cause a type confusion vulnerability. Microsoft Edge: Chakra: EntrySimpleObjectSlotGetter can have side effects CVE-2018-8133 function optw, arr arr0 = 1.1; let res = w.event; arr0 =...
Dolibarr 7.0.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...
Siemens SIMATIC S7-300 CPU - Remote Denial of Service
Exploit for linux platform in category dos / poc Exploit Title: Siemens SIMATIC S7-300 CPU - Remote Denial Of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-30 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-300 CPU family: all versions. Test...
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Vulnerabilities
Exploit for php platform in category web applications Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google...