39001 matches found
Blog Master Pro v1.0 - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Blog Master Pro v1.0 - CSV Injection Exploit Author: 8bitsec CVE: CVE-2018-10255 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/blog-master-pro/21689781 Version: 1.0 Tested on: Kali Linux 2.0...
Shopy Point of Sale v1.0 - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Shopy Point of Sale v1.0 - CSV Injection Exploit Author: 8bitsec CVE: CVE-2018-10258 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/shopy-point-of-sales/21730225 Version: 1.0 Tested on: Kali...
WordPress Woo Import Export 1.0 Plugin - Arbitrary File Deletion Vulnerability
Exploit for php platform in category web applications 0day.today 2018-04-26...
Open-AudIT 2.1 - CSV Macro Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link: https://www.open-audit.org/downloads.php Affected...
Adobe Flash - Overflow in Slab Rendering Exploit
Exploit for multiple platform in category dos / poc The attached fuzzed swf file causes heap or stack corruption depending on platform when rendering a slab. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept:...
Adobe Flash - Info Leak in Image Inflation Exploit
Exploit for multiple platform in category dos / poc The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist:...
Adobe Flash - Out-of-Bounds Write in blur Filtering Exploit
Exploit for multiple platform in category dos / poc The attached swf file causes and out-of-bounds write in blur filtering. This PoC crashes reliably in Firefox for Linux. Proof of Concept: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44529.zip...
MyBB Threads To Link 1.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Threads to Link Plugin v1.3 - Persistent XSS Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=1065 Version: v1.3 Tested on: Ubuntu...
Zyxel ZyWALL ZLD 4.30 Cross Site Scripting Vulnerability
Exploit for hardware platform in category web applications ======================================================================= title: Reflected Cross-Site Scripting product: Zyxel ZyWALL: see "Vulnerable / tested version" vulnerable version: ZLD 4.30 and before fixed version: ZLD 4.31 CVE...
WordPress WD #Instagram Feed Premium 1.3.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications WD Instagram Feed 1.3.0aaaXSS Vulnerabilities Two cross-site scripting vulnerabilities in the WD Instagram Feed WordPress plugin allow attackers to inject arbitrary web script or HTML by passing payloads through the bio of an Instagram profile...
Adobe Flash - Overflow when Playing Sound Exploit
Exploit for multiple platform in category dos / poc The attached fuzzed swf file causes heap overflow when playing a sound. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept:...
WSO2 Identity Server 5.3.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server...
Easy File Sharing Web Server 7.2 - UserID Remote Buffer Overflow (DEP Bypass) Exploit
Exploit for windows platform in category remote exploits !/usr/bin/env python --------------------------------------------------------------------------------------------------- Exploit Title : Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow DEP Bypass Date : 04/24/2018 Exploit...
WordPress UK Cookie Consent - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: UK Cookie Consent v2.3.9 - Persistent Cross-Site Scripting Exploit Author: B0UG Vendor Homepage: https://catapultthemes.com/ Software Link: https://en-gb.wordpress.org/plugins/uk-cookie-consent/description Version: Tested on...
Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits Exploit Title: Buffer OverflowSEH on Allok Video to DVD Burner2.6.1217 Exploit Author:T3jv1l Vendor Homepage:http://www.alloksoft.com/ Software: www.alloksoft.com/allokdvdburner.exe Category:Local Contact:https://twitter.com/T3jv1l Version:...
Kaspersky KSN Remote Code Execution Exploit
Exploit for windows platform in category remote exploits Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 CVE: NotYet Exploit description: Kaspersky KSN is prone to a remote memory corruption because it fails to properly filter the input on the remote...
gif2apng 1.9 - .gif Stack Buffer Overflow Vulnerability
Exploit for linux platform in category dos / poc Exploit Title: gif2apng 1.9 '.gif' Stack-Buffer Overflow Date: 20 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: http://gif2apng.sourceforge.net/ Version: 1.9 Tested on: Ubuntu 16.04 CVE : gif2apng is vulnerable to a stack based buffer...
Wuzhi CMS 4.1.0 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: WUZHI CMS 4.1.0 - Cross-Site Request Forgery Exploit Author: jiguang email protected Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10312 An...
R 3.4.4 fow Windows - Local Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo CVE: CVE-2018-9060 Twitter: @bzyo Exploit Title: R 3.4.4 - Local Buffer Overflow Date: 03-27-2018 Vulnerable Software: R 3.4.4 Vendor Homepage: https://www.r-project.org/ Version: 3.4.4 Software Link:...
Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure Exploit
Exploit for php platform in category web applications -- coding: utf-8 -- Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump Vendor Notification: 03-03-2018 - No response Initial CVE: 04-04-2018 Disclosure: 21-04-2018 Exploit Author: Berk Cem Göksel Contact: twitter.com/berkcgoksel ||...
Apache CouchDB 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Exploit
Exploit for linux platform in category web applications Exploit Title: Apache CouchDB JSON 1.7.0 and 2.x before 2.1.1 - Remote Privilege Escalation Date: 2017-08-07 Exploit Author: Sebastián Castro @r4wd3r Vendor Homepage:...
Monstra cms 3.0.4 - Persitent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: php 5.6,...
PRTG Network Monitor < 18.1.39.1648 - Stack Overflow Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: PRTG 18.1.39.1648 - Stack Overflow Exploit Author: Lucas "luriel" Carmo Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/download/prtg-download Version: 18.1.39.1648 CVE : CVE-2018-10253 Post...
Ncomputing vSpace Pro v10 and v11 - Directory Traversal PoC
Exploit for windows platform in category web applications Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability Software Vendor: NComputing Software Link: Author: Javier Bernardo CVE: CVE-2018-10201 Category: Webapps Description It is possible to read arbitrary file...
phpMyAdmin 4.8.0 / 4.8.0-1 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188 0day.today 2018-04-23...
Interspire Email Marketer - Remote Admin Authentication Bypass Exploit
The function in charge of checking whether the user is already logged in init.php in Interspire Email Marketer IEM prior to 6.1.6 allows remote attackers to bypass authentication and obtain administrative access by using the IEMCookieLogin cookie with a specially crafted value. On top of that, if...
ASUS infosvr Authentication Bypass Command Execution Exploit
This Metasploit module exploits an authentication bypass vulnerability in the infosvr service running on UDP port 9999 on various ASUS routers to execute arbitrary commands as root. This Metasploit module launches the BusyBox Telnet daemon on the port specified in the TelnetPort option to gain an...
lastore-daemon D-Bus Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Deepin Linux systems by using lastore-daemon to install a package. The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary system packages without providing a password, resulting...
Microsoft Internet Explorer 11.371.16299.0 Denial Of Service Exploit
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: ======= www.microsoft.com Product: ======== Internet Explorer Windows 10 v11.371.16299.0 Internet Explorer is a series of graphical web browsers developed by Microsoft and included in the Microsoft Windo...
Chrome V8 JIT NodeProperties::InferReceiverMaps Type Confusion Exploit
Exploit for multiple platform in category dos / poc Chrome: V8: JIT: Type confusion in NodeProperties::InferReceiverMaps https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps...
Drupal Avatar Uploader 7.x-1.0-beta8 Arbitary File Download Vulnerability
Exploit for php platform in category web applications Title: Arbitrary file download vulnerability in Drupal module avataruploader v7.x-1.0-beta8 Author: Larry W. Cashdollar CVE-ID:CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzh...
Linux/x86 Reverse TCP 127.1.1.1:5555 #Shellcode (73 Bytes)
/ Linux x86 Reverse TCP shellcode 127.1.1.1/5555 Shellcode Author: Anurag Srivastava Shellcode Length: 73 Student-ID: SLAE-1219 Note http://www.theanuragsrivastava.in/2018/04/reverse-tcp-shellcode-x86-slae.html reverse: file format elf32-i386 Disassembly of section .text: 08048060 : 8048060: 6a 6...
WordPress WooCommerce 2.0 / 3.0 Directory Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: WordPress woocommerce directory traversal Date: 28-11-2017 Software Link: https://wordpress.org/plugins/woocommerce/ Exploit Author:fu2x2000 Contact: email protected CVE:2017-17058 Version:Tested on WordPress 4.8.3 woocommerce...
Cobub Razor 0.8.0 - Physical path Leakage Vulnerability
Exploit for php platform in category web applications Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL:...
Digital Guardian Management Console 7.1.2.0015 XXE Injection Vulnerability
Exploit for asp platform in category web applications Title: Digital Guardian Managment Console - XML External Entity Vulnerability Author: Pawel Gocyla Date: 18 April 2018 CVE: CVE-2018-10175 Affected software: ================== Digital Guardian Managment Console Version 7.1.2.0015 Description:...
Linux/x86 TCP Port 1337 Bindshell Shellcode
92 bytes small Linux x86 tcp/1337 bindshell shellcode. / Linux x86 Bind TCP shellcode This shellcode will listen on port 1337 and give you /bin/sh Shellcode Author: Anurag Srivastava Shellcode Length: 92 Student-ID: SLAE-1219 Note...
Digital Guardian Management Console 7.1.2.0015 Server Side Request Forgery Vulnerability
Exploit for asp platform in category web applications Title: Digital Guardian Managment Console - Server Side Request Forgery Vulnerability Author: Pawel Gocyla Date: 18 April 2018 CVE: CVE-2018-10174 Affected software: ================== Digital Guardian Managment Console Version 7.1.2.0015...
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
Exploit for multiple platform in category web applications Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage:...
Match Clone Script 1.0.4 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho Version: 1.0.4...
Kodi 17.6 - Persistent Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications ============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831...
Easy File Sharing Web Server 7.2 - Stack Buffer Overflow Exploit
Exploit for windows platform in category remote exploits Exploit Title: Easy File Sharing Web Server 7.2 stack buffer overflow Exploit Author: rebeyond - http://www.rebeyond.net Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe Version: 7.2 CVE:...
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications...
PDFunite 0.41.0 - .pdf Local Buffer Overflow Exploit
Exploit for windows platform in category dos / poc Exploit Title: PDFunite Malformed pdf buffer overflow Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/artful/+package/poppler-utils Software Link: https://launchpad.net/ubuntu/+source/poppler/0.57.0-2ubuntu4.2 Version:...
Joomla JS Jobs 1.2.0 Component - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities Google Dork: N/A Date: 17-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com...
VX Search 10.6.18 - directory Local Buffer Overflow Exploit
Exploit for windows platform in category dos / poc !/usr/bin/python Title: VX Search 10.6.18 Local Buffer Overflow Author: Kevin McGuigan Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: http://www.vxsearch.com Version: 10.6.18 Tested on: Windows 7 32-bit Vendor did...
RSVG 2.40.13 / 2.42.2 - .svg Buffer Overflow Exploit
Exploit for windows platform in category dos / poc Exploit Title: Buffer-overflow in RSVG while converting a malformed svg Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin Software Link: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin...
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure Exploit
Exploit for hardware platform in category web applications ''' Exploit Title: Login bypass and data leak - Lutron Quantum 2.0 - 3.2.243 firmware Date: 20-03-2018 Exploit Author: David Castro Contact: https://twitter.com/SadFud75 Vendor Homepage: http://www.lutron.com Software Link:...
Rvsitebuilder CMS - Database Backup Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Rvsitebuilder CMS Database Backup Download Exploit Author: Hesam Bazvand Contact: email protected Software Link: http://www.rvsitebuilder.com Version: All Version Tested on: Windows 7 / Kali Linux Category: WebApps Dork :...
WordPress Caldera Forms 1.5.9.1 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link: https://wordpress.org/plugins/caldera-forms/ Vulnerable App:...
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - Drupalgeddon2 Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env import sys import requests print '' print ' Proof-Of-Concept for CVE-2018-7600' print ' by Vitalii Rudnykh' print ' Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders' print ' https://github.com/a2u/CVE-2018-7600' print...