39001 matches found
Peel Shopping Cart 9.0.0 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities
Exploit for php platform in category web applications ================================================= Synopsis: Post XSS with dual CSRF via inproper sanitized user input. Product: Peel Shopping Cart Version: 9.0.0 Researcher: Matt Landers email protected twitter.com/matthewjland...
Adobe Reader PDF - Client Side Request Injection Exploit
Exploit for windows platform in category local exploits % a PDF file using an XFA % most whitespace can be removed truncated to 570 bytes or so... % Ange Albertini BSD Licence 2012 % modified by InsertScript %PDF-1. % can be truncated to %PDF-\0 1 0 obj stream 1 endstream endobj trailer /XFA 1 0 ...
Linux Kernel < 4.17-rc1 - AF_LLC Double Free Exploit
Exploit for linux platform in category dos / poc define GNUSOURCE include include include include include include include include include include include include include include include include include include include struct sockaddrllc short sllcfamily; short sllcarphrd; unsigned char sllctest;...
osCommerce Installer Unauthenticated Code Execution Exploit
If the /install/ directory was not removed, it is possible for an unauthenticated attacker to run the "install4.php" script, which will create the configuration file for the installation. This allows the attacker to inject PHP code into the configuration file and execute it. This module requires...
Norton Core Secure WiFi Router - BLE Command Injection Exploit
Exploit for hardware platform in category remote exploits PoC command injection in BLE service of Norton Core Secure WiFi Router CVE-2018-5234 For more information read paper. To demonstrate the exploitation, we will use: - OS GNU/Linux; - Bluetooth dongle adapter; - BlueZ utility for testing...
Schneider Electric InduSoft Web Studio and InTouch Machine Edition - Denial of Service Vulnerability
Exploit for windows platform in category dos / poc What do you need to know? Tenable Research has discovered a critical remote code execution vulnerability in Schneider Electric’s InduSoft Web Studio and InTouch Machine Edition. What's the attack vector? The vulnerability can be remotely exploite...
Call of Duty Modern Warefare 2 - Buffer Overflow Exploit
Exploit for windows platform in category remote exploits A few years ago, I became aware of a security issue in most Call of Duty games. Although I did not discover it myself, I thought it might be interesting to see what it could be used for. Without going into detail, this security issue allows...
GPON Routers - Authentication Bypass / Command Injection Exploit
Exploit for hardware platform in category remote exploits !/bin/bash echo "+ Sending the Command… " We send the commands with two modes backtick and semicolon ; because different models trigger on different devices curl -k -d "XWebPageName=diag&diagaction=ping&wanconlist=0&desthost=$2;$2&ipv=0"...
Apache Hadoop 2.7.3 Privilege Escalation Vulnerability
Exploit for multiple platform in category remote exploits CVE-2016-6811: Apache Hadoop Privilege escalation vulnerability Severity: Critical Vendor: The Apache Software Foundation Versions Affected: All the Apache Hadoop versions from 2.2.0 to 2.7.3 Description: A user who can escalate to yarn us...
xdebug Unauthenticated OS Command Execution Exploit
This Metasploit module exploits a vulnerability in the eval command present in Xdebug versions 2.5.5 and below. This allows the attacker to execute arbitrary php code as the context of the web user. This module requires Metasploit: https://metasploit.com/download Current source:...
Metasploit msfd Remote Code Execution Exploit
Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. If this socket is accessible on a remote interface, an attacker can execute commands on the victim's machine. If msfd is running with higher privileges than the current local user, this module can al...
Tpshop 2.0.8 Arbitrary File Download / SSRF Vulnerability
Tpshop versions 2.0.8 and below suffer from arbitrary file download and server-side request forgery vulnerabilities. Backdoor in Tpshop = 2.0.8 CVE-2018-9919 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based...
LibreOffice / Open Office - .odt Information Disclosure Exploit
Exploit for windows platform in category local exploits ! /usr/bin/python Exploit Title: Malicious ODF File Creator Date: 1st May 2018 Exploit Author: Richard Davy Vendor Homepage: https://www.libreoffice.org/ Software Link: https://www.libreoffice.org/ Version: LibreOffice 6.0.3, OpenOffice 4.1....
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Title: Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow Date: 2018-05-02 Exploit Author: Marwan Shamel Software Link: https://downloads.tomsguide.com/MPEG-Easy-Burner,0301-10418.html Version: 1.7.11 Tested on...
Cockpit CMS 0.4.4-0.5.5 - Server-Side Request Forgery Vulnerability
Exploit for php platform in category web applications SSRF(Server Side Request Forgery) in Cockpit 0.4.4-0.5.5 CVE-2018-9302 Cockpit CMS repairs CVE-2017-14611, but it can be bypassed, SSRF still exist, affecting the Cockpit CMS 0.4.4-0.5.5 versions.I've been tested success of "Cockpit CMS" laste...
WebKit WebCore::jsElementScrollHeightGette Use-After-Free Exploit
There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX. WebKit: use-after-free in WebCore::jsElementScrollHeightGetter CVE-2018-4200 There is a use-after-free security vulnerability in WebKit. The vulnerability was...
Exim < 4.90.1 - base64d Remote Code Execution Exploit
Exploit for linux platform in category remote exploits !/usr/bin/python import time import socket import struct s = None f = None def logo: print print " CVE-2018-6789 Poc Exploit" print "@straightblast ; email protected" print def connecthost, port: global s global f s =...
Metasploit msfd Remote Code Execution Via Browser Exploit
Metasploit's msfd-service makes it possible to get a msfconsole-like interface over a TCP socket. This Metasploit module connects to the msfd-socket through the victim's browser. To execute msfconsole-commands in JavaScript from a web application, this module places the payload in the POST-data...
Linux /dev/urandom RNG Flaws Exploit
There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and shortly after boot. Linux RNG flaws CVE-2018-1108 There are several issues in drivers/char/random.c, in particular related to the behavior of the /dev/urandom RNG during and...
macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rul
Exploit for macOS platform in category dos / poc Here's a kextd method exposed via MIG com.apple.KernelExtensionServer kernreturnt kextmanagerunlockkextload machportt server, machportt client kernreturnt migresult = KERNFAILURE; if gClientUID != 0 OSKextLog/ kext / NULL, kOSKextLogErrorLevel |...
Nagios XI 5.2.[6-9], 5.3, 5.4 - Chained Remote Root Exploit
Exploit for php platform in category web applications Exploit Title: Nagios XI 5.2.6-9, 5.3, 5.4 Chained Remote Root Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage:...
Navicat < 12.0.27 - Oracle Connection Overflow Exploit
Exploit for windows platform in category dos / poc !/usr/bin/python Title: Navicat Create new Oracle Connection paste contents of "navicatPOC.txt" into host field and test connection to trigger overflow. filename="navicatPOC.txt" junk = "A" 1502 nseh = "\x4C\x4C\x77\x04" seh= "\x75\x2a\x01\x10"...
macOS / iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules
Exploit for multiple platform in category dos / poc / ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports either task or host level. You would normally never send a message yourself to...
WordPress Form Maker 1.12.20 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version: 1.12.20 and...
Wordpress Responsive Cookie Consent v1.5 / v1.6 / v1.7 - Authenticated Persistent Cross-Site Scripti
Exploit for php platform in category web applications Exploit Title: Wordpress Responsive Cookie Consent v1.5 / v1.6 / v1.7 - Authenticated Persistent Cross-Site Scripting Exploit Author: B0UG Vendor Homepage: http://www.jameskoussertari.co.uk/ Software Link:...
Drupal < 7.58 - Drupalgeddon3 Authenticated Remote Code Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon3', 'Description' = %q CVE-2018-7602 / SA-CORE-2018-004 A remote code execution...
Android Bluetooth - Blueborne Information Leak (2) Exploit
Exploit for Android platform in category remote exploits from pwn import import bluetooth if not 'TARGET' in args: log.info"Usage: CVE-2017-0785.py TARGET=XX:XX:XX:XX:XX:XX" exit target = args'TARGET' servicelong = 0x0100 serviceshort = 0x0001 mtu = 50 n = 30 def packetservice, continuationstate:...
Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution Exploit
Exploit for multiple platform in category remote exploits import requests import sys from urllib import quote def exploiturl: res = requests.geturl, timeout=10 if res.statuscode == 200: print "+ Response: ".formatstrres.text print "\n+ Exploit Finished!" else: print "\n! Exploit Failed!" if name ...
Android Bluetooth - Blueborne Information Leak (1) Exploit
Exploit for Android platform in category remote exploits from pwn import import bluetooth if not 'TARGET' in args: log.info'Usage: python CVE-2017-0781.py TARGET=XX:XX:XX:XX:XX:XX' exit target = args'TARGET' count = 30 Amount of packets to send port = 0xf BTPSMBNEP context.arch = 'arm'...
Websphere / JBoss / OpenNMS / Symantec - Java Deserialization Remote Code Execution
Exploit for multiple platform in category remote exploits ! /bin/bash/env python3 / | | | | | \ \ / \ '| |/ | |/ | / | '| | / | | | | | | | | || | | |/ || ||,||,|\/|| By Nikhil Sreekumar @roo7break Websphere/JBoss/OpenNMS/Symantec Endpoint Protection Manager - Java Deserialization Remote Code...
Oracle Weblogic Server 10.3.6.0/12.1.3.0/12.2.1.2/12.2.1.3 Deserialization Remote Command Execution
Exploit for multiple platform in category remote exploits -- coding: utf-8 -- Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 Deserialization Remote Command Execution Vulnerability CVE-2018-2628 IMPORTANT: Is provided only for educational or information purposes. Credit: Thanks by...
HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross Site Scripting Exploit Author: 8bitsec CVE: CVE-2018-10259 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619...
phpLiteAdmin 1.9.7.1 Authorization Bypass Vulnerability
Exploit for php platform in category web applications I found a small issue in PHPLiteAdmin. It's an authorization bypass which works since version 1.9.5 from 2014 current is 1.9.7.1 because PLA uses '==' instead of '===' for the password comparison in 'attemptGrant' of the 'Authorization' class...
WordPress WP with Spritz 1.0 Plugin - Remote File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress Plugin WP with Spritz 1.0 - Remote File Inclusion Exploit Author: Wadeek Software Link: https://downloads.wordpress.org/plugin/wp-with-spritz.zip Software Version: 1.0 Google Dork: intitle:"Spritz Login Success" AND...
HRSALE The Ultimate HRM v1.0.2 - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: HRSALE The Ultimate HRM 1.0.2 - CSV Injection Exploit Author: 8bitsec CVE: CVE-2018-10257 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0.2 Tested...
HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion Vulnerability
Exploit for php platform in category web applications Exploit Title: HRSALE The Ultimate HRM v1.0.2 - Local File Inclusion Exploit Author: 8bitsec CVE: CVE-2018-10260 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version: 1.0....
Jfrog Artifactory < 4.16 - Unauthenticated Arbitrary File Upload / Remote Command Execution Vulne
Exploit for linux platform in category web applications Exploit Title: Jfrog Artifactory alert/Vulnerable/" within the file app.html : POST /artifactory/ui/artifact/upload HTTP/1.1 Host: removed User-Agent: removed Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8...
HRSALE The Ultimate HRM v1.0.2 - award_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: HRSALE The Ultimate HRM v1.0.2 - 'awardid' SQL Injection Exploit Author: 8bitsec CVE: CVE-2018-10256 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/hrsale-the-ultimate-hrm/21665619 Version:...
Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Allok AVI to DVD SVCD VCD Converter 4.0.1217 - Buffer Overflow SEH Exploit Author:T3jv1l Vendor Homepage:http://www.alloksoft.com/ Software: www.alloksoft.com/allokavi2dvd.exe Category:Local Contact:https://twitter.com/T3jv1l...
SickRage < v2018.03.09 - Clear-Text Credentials HTTP Response Exploit
Exploit for linux platform in category web applications Exploit Title: SickRage v2018.03.09 - Clear-Text Credentials HTTP Response Exploit Author: Sven Fassbender Vendor Homepage: https://sickrage.github.io Software Link: https://github.com/SickRage/SickRage Version: v2018.03.09-1 CVE :...
TP-Link TL-WA850RE Wi-Fi Range Extender - Unauthenticated Remote Reboot Vulnerability
Exploit for hardware platform in category web applications Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender | Unauthorized Remote Reboot Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Firmware Link: https://www.tp-link.com/en/download/TL-WA850RE.html Category:...
October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: October CMS User Plugin v1.4.5 - Persistent Cross-Site Scripting Author: 0xB9 Software Link: https://octobercms.com/plugin/rainlab-user Version: 1.4.5 Tested on: Ubuntu 17.10 CVE: CVE-2018-10366 1. Description: Front-end user...
Frog CMS 0.9.5 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via "Admin Site title" in Settings Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/philippe/FrogCMS Software Link:...
GitList 0.6 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications ''' Exploit Title: GitList 0.6 Unauthenticated RCE Software Link: https://github.com/klaussilveira/gitlist Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...
Drupal < 7.58 - drupalgeddon3 Authenticated Remote Code Execution (PoC) Exploit
Exploit for php platform in category web applications This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602. You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms that is in 2-step form th...
Drupal Drupalgeddon 2 Forms API Property Injection Exploit
This Metasploit module exploits a Drupal property injection in the Forms API. Drupal versions 6.x, less than 7.58, 8.2.x, less than 8.3.9, less than 8.4.6, and less than 8.5.1 are vulnerable. This module requires Metasploit: https://metasploit.com/download Current source:...
Linux/x86 execve /bin/sh Encoded Shellcode (44 bytes)
/ ; Title : Execve /bin/sh Shellcode encoded with ROT-13 + RShift-2 + XOR ; Date : April, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com/slae32/slae-32-shellcode-encoder/ ; Twitter : @nunof11 ; SLAE ID : SLAE-1112 ; Size : 44 bytes ; Tested on : i686 GNU/Linux...
Chrome V8 JIT - Arrow Function Scope Fixing Bug Exploit
Exploit for multiple platform in category dos / poc / When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=" token. So it first...
Chrome V8 JIT - AwaitedPromise Update Bug Exploit
Exploit for multiple platform in category dos / poc / Here's a snippet of AsyncGeneratorReturn. https://cs.chromium.org/chromium/src/v8/src/builtins/builtins-async-generator-gen.cc?rcl=bcd1365cf7fac0d7897c43b377c143aae2d22f92&l=650 Node const context = ParameterDescriptor::kContext; Node const...
Quixplorer 2.4.1 Beta Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Reflected XSS in quixplorer-2.4.1beta Google Dork: intitle:"My Download Server" Exploit Author: Adriano Marcio Monteiro @adrianomarcmont Exploit Author Site: https://www.brztec.com Exploit Author E-mail: email protected Vendor...