39001 matches found
Libuser roothelper Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Red Hat based Linux systems, including RHEL, Fedora and CentOS, by exploiting a newline injection vulnerability in libuser and userhelper versions prior to 0.56.13-8 and version 0.60 before 0.60-7. This Metasploit module makes use of the...
WordPress WP ULike 2.8.1 / 3.1 Arbitrary Data Deletion Vulnerability
WordPress WP ULike plugin versions 2.8.1 and 3.1 suffer from an arbitrary data deletion vulnerability. Details ================ Software: WP ULike Version: 2.8.1,3.1 Homepage: https://wordpress.org/plugins/wp-ulike/ Advisory report: https://advisories.dxw.com/advisories/wp-ulike-delete-rows/ CVE:...
IBM Flashsystem / Storwize CSRF / Arbitrary File Read / Information Disclosure Vulnerabilities
Vulnerabilities were identified in the IBM Flashsystem 840, IBM Flashsystem 900 and IBM Storwize V7000. They include cross site request forgery, arbitrary file read, unauthenticated access, and various other vulnerabilities. Vulnerabilities in IBMs Flashsystems and Storwize Products...
XATABoost 1.0.0 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: XATABoost CMS Sql Injection Google Dork: inurl:php?id= Powered by XATABOOST Exploit Author: MgThuraMoeMyint Vendor Homepage: http://www2.xataboost.com Version: 1.0.0 Tested on: Kali Linux SQL Injection Type: Union Based Example...
Linux/x86 - Reverse TCP (127.0.0.1:4444/TCP) Shell Shellcode (96 Bytes)
/ ; Title: Linux/x86 - TCP reverse shell ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Blog post: https://codiceinsicuro.it/slae/assignment-2-create-a-reverse-shellcode/ ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: connect to a given IP and PORT and spawning a reverse shell if...
Monstra CMS 3.0.4 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037 Exploit Author: Jameel Nabbo Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested...
WUZHI CMS 4.1.0 - form[qq_10] Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Exploit Author: jiguang email protected Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10313 An issue was...
Microsoft Windows 2003 SP2 - RRAS SMB Remote Code Execution Exploit
Exploit for windows platform in category remote exploits !/usr/bin/env python -- coding: utf-8 -- Tested in Windows Server 2003 SP2 ES - Only works when RRAS service is enabled. The exploited vulnerability is an arbitraty pointer deference affecting the dwVarID field of the MIBOPAQUEQUERY...
MyBB 1.8.x Denial of Service Exploit
MyBB Denial of Service Attack - 1.8.x Usage Info MyBB DoS POC Requirements python requests pip install requests Usage; python3 mybbdos.py -t "http://target/" -u username -p password !/usr/bin/env python3 import sys import requests import argparse import random import time def mainargv: global...
WUZHI CMS 4.1.0 - tag[pinyin] Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Exploit Author: jiguang email protected Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10311 An issue was...
Open-AudIT Professional - 2.1.1 - Cross-Site Scripting Vulnerability
Exploit for windows platform in category web applications Exploit Title: Open-AudIT Professional 2.1.1 – Multiple Cross-Site Scripting Exploit Author: Tejesh Kolisetty Vendor Homepage: https://opmantek.com/ Software Link: https://opmantek.com/network-tools-download/ Affected Version: 2.1.1...
EMC RecoverPoint 4.3 - Admin CLI Command Injection Vulnerability
Exploit for windows platform in category local exploits Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoi...
Open-AudIT Community - 2.2.0 – Cross-Site Scripting Vulnerability
Exploit for windows platform in category web applications Exploit Title: Open-AudIT Community - 2.2.0 – Cross-Site Scripting Exploit Author: Tejesh Kolisetty Vendor Homepage: https://opmantek.com/ Software Link: https://opmantek.com/network-tools-download/ Affected Version: 2.2.0 Category: WebApp...
WordPress WP User Groups 2.0.0 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Details ================ Software: WP User Groups Version: 2.0.0 Homepage: https://wordpress.org/plugins/wp-user-groups/ Advisory report: https://advisories.dxw.com/advisories/csrf-wp-user-groups/ CVE: Awaiting assignment CVSS: 4.3 Medium;...
2345 Security Guard 3.7 - 2345BdPcSafe.sys Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: BSOD by IOCTL 0x002220e0 in 2345BdPcSafe.sys of 2345 Security Guard 3.7 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe Version: v3.7 REQUIRED Teste...
Linux/x86 - Read /etc/passwd Shellcode (62 bytes)
/ ; Title : Linux/x86 - Read /etc/passwd Shellcode 62 bytes ; Date : May, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-polymorphing-shellcodes/ ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 62 bytes ; Tested on : i686 GNU/Linux section .te...
Allok Video Splitter 3.1.12.17 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Allok Video Splitter 3.1.1217 Date: 2018-05-09 Exploit Author: Achilles Vendor Homepage: http://www.alloksoft.com/ Vulnerable Software: http://www.alloksoft.com/allokvsplitter.exe Tested on OS: Windows 7 64-bit DE Steps to reproduc...
Dell Touchpad - ApMsgFwd.exe Denial of Service Exploit
Exploit for windows platform in category dos / poc...
MyBB Latest Posts on Profile Plugin 1.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Latest Posts on Profile Plugin v1.1 - Cross-Site Scripting Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=914 Version: 1.1 Tested on: Ubuntu...
Fastweb FASTGate 0.00.47 - Cross-site Request Forgery
Exploit for hardware platform in category web applications Exploit Title: Fastweb FASTgate 0.00.47 CSRF Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Fastweb Product Web Page: http://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/ Version: 0.00.4...
phpVirtualBox 5.2 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications Title: phpVirtualBox / CSRF - Stored XSS Discovered by: @codexlynx Software Version: //lib/ajax.php" name="csrf" " / 2Stored XSS -------------------------------- Many fields don't sanitize inputs. This vulnerability could allow a user role...
ModbusPal 1.6b - XML External Entity Injection Vulnerability
Exploit for java platform in category web applications + Exploit Title: ModbusPal XXE Injection + Exploit Author: Trent Gordon + Vendor Homepage: http://modbuspal.sourceforge.net/ + Software Link: https://sourceforge.net/projects/modbuspal/files/latest/download?source=files + Version: 1.6b + Test...
Mantis manage_proj_page PHP Code Execution Exploit
Mantis versions 1.1.3 and earlier are vulnerable to a post-authentication remote code execution vulnerability in the sort parameter of the manageprojpage.php page. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Linux/x86 - Bind TCP Shell + fork() Shellcode (113 bytes)
/ Title: Linux x86 TCP Bind Shell + fork - 113 bytes NULL Free Author: Amine Kanane Student-ID: SLAE - 1203 Desc: Listen for a connection on Local Port 9443 and spawn a command shell This version support multiple simultaneous connections using fork. Also this shellcode does not use the classic...
PlaySMS 1.4 - sendfromfile.php?Filename Authenticated Code Execution Exploit
This Metasploit module exploits a code injection vulnerability within an authenticated file upload feature in PlaySMS version 1.4. This issue is caused by improper file name handling in sendfromfile.php file. Authenticated Users can upload a file and rename the file with a malicious payload. This...
WebKitGTK+ Memory Corruption / Code Execution Vulnerability
Exploit for windows platform in category dos / poc ------------------------------------------------------------------------ WebKitGTK+ Security Advisory WSA-2018-0004 ------------------------------------------------------------------------ Date reported : May 07, 2018 Advisory ID : WSA-2018-0004...
FxCop 10/12 - XML External Entity Injection Vulnerability
Exploit for windows platform in category local exploits + Credits: hyp3rlinx Vendor: ======== www.microsoft.com Product: =========== Microsoft Windows "FxCop" v10-12 Vulnerability Type: =================== XML External Entity CVE Reference: ============== N/A Security Issue: ================ FxCo...
Palo Alto Networks - readSessionVarsFromFile() Session Corruption Exploit
This Metasploit module exploits a chain of vulnerabilities in Palo Alto Networks products running PAN-OS versions prior to 6.1.19, 7.0.19, 7.1.14, and 8.0.6. This chain starts by using an authentication bypass flaw to to exploit an XML injection issue, which is then abused to create an arbitrary...
GNU wget - Cookie Injection Vulnerability
Exploit for linux platform in category local exploits GNU Wget Cookie Injection CVE-2018-0494 ========================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt Overview -------- GNU Wget is susceptible to a...
2345 Security Guard 3.7 - Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: 2345 Security Guard 3.7 - Denial of Service Date: 2018-05-08 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe Version: v3.7 Tested on: Windows 7 x86...
PlaySMS 1.4 - import.php Authenticated CSV File Upload Code Execution Exploit
This Metasploit module exploits an authenticated file upload remote code execution vulnerability in PlaySMS version 1.4. This issue is caused by improper file contents handling in import.php aka the Phonebook import feature. Authenticated Users can upload a CSV file containing a malicious payload...
D-Link DIR-868L 1.12 Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications ======================================================================= title: Cross Site Request Forgery product: DIR-868L vulnerable version: 1.12 fixed version: 1.20B01 impact: Medium homepage: http://www.dlink.com/ found: 2018-02-18 b...
FTPShell Client 6.7 - Buffer Overflow Exploit
Exploit for windows platform in category remote exploits -- coding: utf-8 -- Exploit Title: FTPShell Client 6.7 - Remote Buffer Overflow Date: 2018-01-03 Exploit Author: Sebastián Castro @r4wd3r Vendor Homepage: http://www.ftpshell.com/index.htm Software Link: http://www.ftpshell.com/download.htm...
DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: DeviceLock Plug and Play Auditor 5.72 - Unicode Buffer Overflow SEH Exploit Author: Youssef mami Vendor Homepage: https://www.devicelock.com/freeware.html/ Version: 5.72 CVE : CVE-2018-10655 Security Issue: DeviceLock Plug and...
WordPress User Role Editor Plugin < 4.25 - Privilege Escalation Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress User Role Editor Plugin Privilege Escalation', 'Description' = %q The WordPress...
HWiNFO 5.82-3410 - Denial of Service Exploit
Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: HWiNFO 5.82-3410 - Denial of Service Date: 05-04-18 Vulnerable Software: HWiNFO 5.82-3410 Vendor Homepage: https://www.hwinfo.com/ Version: 5.82-3410 Software Link:...
Linux/x86 - execve(/bin/sh) NOT Encoded Shellcode (27 bytes)
/ ; Title : Execve /bin/sh Shellcode encoded with NOT ; Author : Nuno Freitas ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 27 bytes ; Tested on : i686 GNU/Linux section .text global start start: xor ecx, ecx mul ecx push ecx ; instructions to avoid having the strings "nib/" and "hs//" push...
D-Link DIR-601 Failed Password Change Control Vulnerability
Exploit for hardware platform in category web applications Suggested description D-Link DIR-601 A1 1.02NA devices do not require the old password for a password change, which occurs in cleartext. ------------------------------------------ Additional Information Insecure Authentication Practices i...
CSP MySQL User Manager 2.3.1 SQL Injection Vulnerability
CSP MySQL User Manager version 2.3.1 suffers from a remote SQL injection vulnerability that allows for authentication bypass. Exploit Title: CSP MySQL User Manager v2.3.1 SQL Injection Authentication Bypass Google Dork: intitle:"CSP MySQL User Manager" Exploit Author: Youssef mami Vendor Homepage...
Oracle Access Manager 11.1.2.3.0 / 12.2.1.3.0 Authentication Bypass Vulnerability
Oracle Access Manager versions 11.1.2.3.0 and 12.2.1.3.0 suffer from an authentication bypass vulnerability. We have published an accompanying blog post to this technical advisory with further information: Blog: https://www.sec-consult.com/en/blog/2018/05/oracle-access-managers-identity-crisis/...
IceWarp Mail Server < 11.1.1 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Vendor: IceWarp http://www.icewarp.com Product: IceWarp Mail Server Version affected: 11.1.1 and below Product description: IceWarp WebMail provides web-based access to email, calendars, contacts, files and shared data from any computer with a...
TP-Link EAP Controller CSRF / Hard-Coded Key / XSS Vulnerabilities
TP-Link EAP suffers from hard-coded credential, cross site request forgery, cross site scripting, and other vulnerabilities. TP-Link EAP Controller Multiple Vulnerabilities 1. Advisory Information Title: TP-Link EAP Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0001 Advisory URL:...
Google Chrome V8 - Object Allocation Size Integer Overflow Exploit
Exploit for multiple platform in category dos / poc There's an integer overflow in computing the required allocation size when instantiating a new javascript object. See the following code in objects.cc // static bool JSFunction::CalculateInstanceSizeForDerivedClass Handle function, InstanceType...
MSTAR Set-Top BOX Command Injection Vulnerability
Exploit for hardware platform in category local exploits While I was working on diagnostic device for some of my clients I found command injections in MSTAR Set-Top box products. Diagnostic device is not specialy target this vendor but we used it in development phase and for testing. Vulnerable...
Windows WMI Recieve Notification Exploit
This Metasploit module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This Metasploit module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64. This module requires Metasploit: http://metasploit.com/download Current source:...
WordPress WF Cookie Consent 1.1.3 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: WF Cookie Consent - Authenticated Persistent Cross-Site Scripting Exploit Author: B0UG Vendor Homepage: http://www.wunderfarm.com/ Software Link: https://en-gb.wordpress.org/plugins/wf-cookie-consent/ Version: Tested on version...
Trovebox 4.0.0-rc6 SQL Injection / Bypss / SSRF Vulnerabilties
Trovebox versions 4.0.0-rc6 and below suffer from authentication bypass, server-side request forgery, unsafe token generation, nd remote SQL injection vulnerabilities. Advisory: Trovebox - Authentication Bypass, SQLi, SSRF Release Date: 2018/04/30 Author: Robin Verton email protected CVE: request...
TBK DVR4104 / DVR4216 - Credentials Leak Exploit
Exploit for hardware platform in category remote exploits -- coding: utf-8 -- import json import requests import argparse import tableprint as tp class Colors: BLUE = '\03394m' GREEN = '\03332m' RED = '\0330;31m' DEFAULT = '\0330m' ORANGE = '\03333m' WHITE = '\03397m' BOLD = '\0331m' BRCOLOUR =...
Watchguard Hard-Coded Credentials / Failed Controls Vulnerability
WatchGuard Access Points running firmware before version 1.2.9.15 suffer from hard-coded credential, hidden authentication, file upload, and incorrect validation vulnerabilities. Introduction ============ Multiple vulnerabilities can be chained together in a number of WatchGuard AP products which...
Windows - Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits include "stdafx.h" define PML4BASE 0xFFFFF6FB7DBED000 define PDPBASE 0xFFFFF6FB7DA00000 define PDBASE 0xFFFFF6FB40000000 define PTBASE 0xFFFFF68000000000 typedef LARGEINTEGER PHYSICALADDRESS, PPHYSICALADDRESS; pragma packpush,4 typedef struc...