39001 matches found
CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure Vulnerability
Exploit for linux platform in category dos / poc Advisory: CyberArk Password Vault Memory Disclosure Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the...
WordPress Simple Fields Plugin 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution Vul
Exploit for php platform in category web applications Exploit Title: Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE Exploit Author: Graeme Robinson Contact: @Grasec Vendor Homepage: http://simple-fields.com Software Link: https://downloads.wordpress.org/plugin/simple-fields.0.3.5.zip Version: 0.2 - 0.3.5...
SSH / SSL RSA Private Key Passphrase Dictionary Enumerator Exploit
This is a script to perform SSH/SSL RSA private key passphrase enumeration with a dictionary attack. !/usr/bin/perl SSH/SSL RSA Private Key Passphrase dictionary enumerator Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg email protected$ ssh-keygen -...
H2Database - Alias Arbitrary Code Execution Exploit
Exploit for java platform in category local exploits ''' Exploit Title: H2 Database Alias Abuse Date: 05/04/2018 Exploit Author: gambler Vendor Homepage:www.h2database.com Software Link: http://www.h2database.com/html/download.html Version: all versions Tested on: Linux, Mac OS ''' import sys...
PMS 0.42 - Local Stack-Based Overflow (ROP) Exploit
Exploit for linux platform in category local exploits Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while readi...
MyBB Recent Threads On Index Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Recent threads Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads in the side bar on your MyB...
WebKit - WebAssembly Parsing Does not Correctly Check Section Order Vulnerability
Exploit for multiple platform in category dos / poc When a WebAssembly binary is parsed in ModuleParser::parse, it is expected to contain certain sections in a certain order, but can also contain custom sections that can appear anywhere in the binary. The ordering check validateOrder does not...
GoldWave 5.70 - Local Buffer Overflow (SEH Unicode) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: GoldWave 5.70 - Local Buffer Overflow SEH Unicode Date: 04-05-2018 Vulnerable Software: GoldWave 5.70 Vendor Homepage: https://www.goldwave.com/ Version: 5.70 Software Link:...
WolfCMS 0.8.3.1 - Cross Site Request Forgery / Open Redirection Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link:...
Yahei PHP Prober 0.4.7 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit title: Yahei-PHP Proberv0.4.7 - Cross-Site Scripting Google Dork: intitle:"Proberv0." | inurl:/proberv.php Date: 23/03/2018 Exploit Author: ManhNho Vendor Homepage: http://www.yahei.net/ Software Link: www.yahei.net/tz/tze.zip Version:...
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution Vulnerabili
The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web server. Versions prior to 9.9.5, prior to 10.1, and 10.1 are affected...
Cobub Razor 0.7.2 - Add New Superuser Account Vulnerability
Exploit for php platform in category web applications Exploit Title: Cobub Razor 0.7.2 Add New Superuser User Exploit Author: ppb(email protected) Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7745 There is a...
Cockpit CMS 0.13.0 Server Side Request Forgery Vulnerability
Cockpit CMS version 0.13.0 suffers from a server-side request forgery vulnerability. SSRFPS"Server Side Request ForgeryPSc in Cockpit CMS 0.13.0 CVE-2017-14611 The Cockpit CMS is awesome if you need a flexible content structure but don't want to be limited in how to use the content. Product...
Onethink CMS Server Side Request Forgery Vulnerability
Onethink CMS versions released up to date 2018/04/06 suffer from a server-side request forgery vulnerability. SSRFPS"Server Side Request ForgeryPSc in Onethink All version CVE-2017-14323 The Onethink is an open source CMSContent Management System.This system is based on the Thinkphp3.2 developmen...
Cobub Razor 0.7.2 - Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Cobub Razor 0.7.2 Cross Site Request Forgery Date: 2018-03-07 Exploit Author: ppb(email protected) Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7746...
Dell EMC Avamar / Integrated Data Protection Missing Access Control Vulnerability
The Dell EMC Avamar Installation Manager component, within Dell EMC Avamar Server and Integrated Data Protection Appliance, is affected by a missing access control vulnerability. Dell EMC Avamar Server versions 7.3.1, 7.4.1, 7.50 and Dell EMC Integrated Data Protection Appliance versions 2.0 and...
Video Downloader Universal Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Video Downloader Extension: Universal XSS Browsing through the list of most popular Chrome extensions, I noticed this extension with 4M users:...
LineageOS 14.1 Blueborne - Remote Code Execution Vulnerability
Exploit for Android platform in category remote exploits Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and testing...
Atlassian Bamboo 6.x Code Execution Vulnerability
Atlassian Bamboo versions 2.7.0 through 6.3.2 and 6.4.0 suffer from a code execution vulnerability. This email refers to the advisory found at https://confluence.atlassian.com/x/PS9sO . CVE ID: CVE-2018-5224. Product: Bamboo. Affected Bamboo product versions: 2.7.0 = 2.7.0 but less than 6.3.3 the...
Atlassian Fisheye / Crucible 4.5.2 Code Execution Vulnerability
Atlassian Fisheye and Crucible versions 4.5.0 through 4.5.2 suffer from a code execution vulnerability. This email refers to the advisory found at https://confluence.atlassian.com/x/aS5sO and https://confluence.atlassian.com/x/Zi5sO . CVE ID: CVE-2018-5223. Product: Fisheye and Crucible. Affected...
Microsoft Windows Defender - mpengine.dll Memory Corruption Exploit
Exploit for windows platform in category dos / poc Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code;...
MyBB Downloads 2.0.3 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=854 Version: 2.0.3 Tested on: Ubuntu 17.10 ...
WebRTC - Private IP Leakage Exploit
Exploit for multiple platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Private IP Leakage to WebPage using WebRTC Function.", 'Description' = %q This module...
Z-Blog 1.5.1.1740 - Full Path Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Exploit Author: zzw email protected Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE :...
Z-Blog 1.5.1.1740 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Exploit Author: zzw email protected Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS...
YzmCMS 3.6 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: YzmCMS 3.6 XSS Vulnerability Exploit Author: zzw email protected Vendor Homepage: http://www.yzmcms.com/ Software Link: http://www.yzmcms.com/ Version: 3.6 CVE : CVE-2018-7653 This is a XSS vulnerability than can attack the user...
Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods Exploit
Exploit for windows platform in category dos / poc !-- There are multiple use-after-free issues in Array methods in jscript. When jscript executes an Array method such as Array.join, it first retrieves the length of an array. If the input is not an array but an object, then the length property of...
GetSimple CMS 3.3.13 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: GetSimple CMS 3.3.13 - Cross Site Scripting Vulnerability Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Affected...
Joomla JS Jobs 1.2.0 Component - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JS Jobs 1.2.0 - Cross Site Scripting Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com/products/js-jobs.html Software Link:...
Sophos Endpoint Protection 10.7 Insecure Cryptography Vulnerability
Sophos Endpoint Protection version 10.7 control panel authentication uses a weak unsalted unicoded cryptographic hash SHA1 function. Not using a salt allows attackers that gain access to hash ability to conduct faster cracking attacks using pre-computed dictionaries, e.g. rainbow tables. This can...
Adobe Flash 28.0.0.137 Remote Code Execution Exploit
Adobe Flash versions 28.0.0.137 and below remote code execution proof of concept exploit. !/usr/bin/env python coding: UTF-8 import BaseHTTPServer import sys from SimpleHTTPServer import SimpleHTTPRequestHandler print "@Syfi2k" print "+ CVE-2018-4878 poc " print "--------------------------------"...
KeePass Simple Dictionary Password Enumerator Exploit
This is a simple perl script to perform dictionary attacks against the KeePass password manager. !/usr/bin/perl KeePass simple dictionary password enumerator Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg KeePass is a free open source password...
ProcessMaker - Plugin Upload Exploit
This Metasploit module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code as the web server user. Credentials for a valid user account with Administrator roles is required to run this module. This Metasploit module has been tested successfully on ProcessMaker...
FiberHome VDSL2 Modem HG 150-UB Login Bypass Vulnerability
Exploit for hardware platform in category web applications Exploit Title: FiberHome VDSL2 Modem HG 150-UB Login Bypass Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ The vulnerability exists in plain text & hard coded cookie. Using any cookie manager extension, an attacke...
PMS 0.42 Stack-Based Buffer Overflow Exploit
Exploit for linux platform in category dos / poc Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer local module Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is...
Sophos Endpoint Protection 10.7 Tamper Protection Bypass Vulnerability
Sophos Endpoint Protection version 10.7 suffers from a tamper protection bypass vulnerability. + Credits: John Page aka hyp3rlinx Vendor: ============= www.sophos.com Product: =========== Sophos Endpoint Protection v10.7 Sophos Endpoint Protection helps secure your workstation by adding preventio...
Microsoft Sharepoint 14.x Cross Site Scripting Vulnerability
Exploit for asp platform in category web applications + Title: Microsoft-sharepoint FilterValue Cross Site Scripting XSS + Date: 2018/04/04 + Author: Mostafa Gharzi + Team: Maher - CertCC.ir + Vendor Homepage: https://products.office.com/en-us/sharepoint/collaboration + Tested on: Windows 10 & Ka...
Moxa AWK-3131A 1.4 < 1.7 - Username OS Command Injection Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python2 import telnetlib import re import random import string Split string into chunks, of which each is /var/a' - 1 completed = temp = re.split'\n', script for content in temp: if lencontent != 0: for s in re.split' ',...
ShoprLynx 9.2.3 Insecure File Permissions Vulnerability
ShoprLynx version 9.2.3 suffers from an insecure file permissions vulnerability. ShaprLynx v9.2.3 Insecure File Permissions Vendor: Lynx Software Pty Ltd. Product web page: https://www.sharplynx.com Affected version: 9.02.0003 Summary: Back Office Software for Sharp POS Terminals. Catering for th...
Tpshop <= 2.0.6 Server Side Request Forgery Vulnerability
Exploit for php platform in category web applications SSRF(Server Side Request Forgery) in Tpshop = 2.0.6 CVE-2017-16614 The Tpshop open source mall system is a multi-merchant mode mall system developed by Shenzhen Leopard Network Co., Ltd.This system is based on the Thinkphp development framewor...
Google Chrome V8 - ElementsAccessorBase::CollectValuesOrEntriesImpl Type Confusion
Exploit for multiple platform in category dos / poc / Here's a snippet of the method. https://cs.chromium.org/chromium/src/v8/src/elements.cc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051 static Maybe CollectValuesOrEntriesImpl Isolate isolate, Handle object, Handle valuesorentries, bool...
Google Chrome V8 - Genesis::InitializeGlobal Out-of-Bounds Read/Write Exploit
Exploit for multiple platform in category dos / poc / Bug: The Genesis::InitializeGlobal method initializes the constructor of RegExp as follows: // Builtin functions for RegExp.prototype. Handle regexpfun = InstallFunction global, "RegExp", JSREGEXPTYPE, JSRegExp::kSize +...
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) Exploit
Exploit for windows platform in category dos / poc / Here's a snippet of JavascriptArray::BoxStackInstance. To fix issue 1420 , "deepCopy" was introduced. But it only deep-copies the array when "instance-head" is on the stack. So simply by adding a single line of code that allocates "head" to the...
Bomgar Remote Support Portal JavaStart Applet <= 52970 - Path Traversal Vulnerability
Exploit for java platform in category web applications The Path Traversal vulnerability was found in the component of the Bomgar Remote Support Portal RSP 1. The affected component is a JavaStart.jar applet that is hosted at https://TARGET/api/content/JavaStart.jar on the vulnerable RSP...
ModSecurity WAF 3.0 for Nginx - Denial of Service Vulnerability
Exploit for linux platform in category dos / poc / 1. Use-After-Free UAF / During one of the engagements my team tested a WAF running in production Nginx + ModSecurity + OWASP Core Rule Set 123. In the system logs I found information about the Nginx worker processes being terminated due to memory...
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix 2) Exploit
Exploit for windows platform in category dos / poc / Here's a snippet of JavascriptArray::BoxStackInstance. template T JavascriptArray::BoxStackInstanceT instance, bool deepCopy AssertThreadContext::IsOnStackinstance; // On the stack, the we reserved a pointer before the object as to store the...
OpenCMS 10.5.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...
Secutech RiS-11/RiS-22/RiS-33 5.07.52_es_FRI01 Remote DNS Changer Vulnerability
Exploit for hardware platform in category web applications Secutech RiS-11/RiS-22/RiS-33 V5.07.52esFRI01 Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by...
WebLog Expert Enterprise 9.4 - Privilege Escalation Vulnerability
Exploit for windows platform in category local exploits Exploit Author: bzyo Twitter: @bzyo Exploit Title: WebLog Expert Enterprise 9.4 - Privilege Escalation Vulnerable Software: WebLog Expert Enterprise 9.4 Vendor Homepage: https://www.weblogexpert.com/ Version: 9.4 Software Link:...
Nginx 1.13.10 Accept-Encoding Line Feed Injection Exploit
Exploit for linux platform in category remote exploits // UndergroundAgency UA - koa, bacL, g3kko, Dostoyevsky // trigger nginx 1.13.10 latest logic flaw / bug // 2018 // Tested on Ubuntu 17.10 x86 4.13.0-21-generic include include include include include include include int mainint argc, char ar...