39001 matches found
WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
Exploit for php platform in category web applications Exploit Title: WampServer 3.1.1 XSS via CSRF Software Link: http://www.wampserver.com/en/ Version: 3.1.1 Tested On: Windows 10 Exploit Author: Vipin Chaudhary Contact: http://twitter.com/vipinxsec Website: http://medium.com/@vipinxsec CVE:...
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User) Vulnerability
Exploit for php platform in category web applications Exploit Title: Cross Site Request Forgery- Frog CMS Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Version: 0.9.5 CVE :...
IBM Virtual Security Operations Center (VSOC) Cross Site Scripting Vulnerability
Exploit for windows platform in category web applications Exploit Title: IBM Virtual Security Operations Center VSOC - Cross Site Scripting XSS Date: August 2, 2018 Portal Link: https://portal.sec.ibm.com Exploit Author: Kushal Jaisingh Contact: https://ca.linkedin.com/in/kushaljaisingh Category:...
OpenCMS 10.5.3 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/...
DotNetNuke DNNarticle Directory Traversal Vulnerability
Exploit for asp platform in category web applications 01. Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian 02. Vulnerability Information OVE-ID: CVE-2018-912...
D-Link DIR-601 - Admin Password Disclosure Vulnerability
Exploit for hardware platform in category web applications Exploit Title: DLink DIR-601 Unauthenticated Admin password disclosure Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windows 10 + Mozilla...
VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vulnerability
Exploit for hardware platform in category web applications VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is configured ...
glibc LD_AUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation Exploit
Exploit for linux platform in category local exploits require 'msf/core/exploit/local/linux' require 'msf/core/exploit/exe' class MetasploitModule 'glibc LDAUDIT libmemusage.so RHEL-Based Arbitrary DSO Load Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on...
VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution Vulnerability
Exploit for hardware platform in category web applications VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is...
Tenda FH303/A300 Firmware V5.07.68_EN - Remote DNS Change Vulnerability
Exploit for asp platform in category web applications Tenda FH303/A300 Firmware V5.07.68EN Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually...
D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass
Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Route Authentication Bypass CVE: CVE-2018-9032 Date: 24-03-2018 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: D-Li...
Systematic SitAware - NVG Denial of Service Exploit
Exploit for multiple platform in category dos / poc Exploit Title: SitAware NVG Denial of Service Date: 03/31/2018 Exploit Author: 2u53 Vendor Homepage: https://systematic.com/defence/products/c2/sitaware/ Version: 6.4 SP2 Tested on: Windows Server 2012 R2 CVE: CVE-2018-9115 Remarks: PoC needs...
Tenda W3002R/A302/w309r Wireless Router V5.07.64_en - Remote DNS Change Vulnerability
Exploit for asp platform in category web applications Tenda W3002R/A302/w309r Wireless Router V5.07.64en Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, whi...
Tenda W316R Wireless Router 5.07.50 - Remote DNS Change Vulnerability
Exploit for asp platform in category web applications Tenda W316R Wireless Router V5.07.50 Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually...
Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow Exploit
Exploit for windows platform in category local exploits ''' Faleemi Desktop Software for Windows- DDNS/IP Local Buffer Overflow Vuln Description: Faleemi Desktop Software for Windows and its Beta version Faleemi Plus Desktop Software for WindowsBeta are vulnerable to Buffer Overflow exploit. When...
Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload', 'Description' = %q Vtiger 6.3.0...
SysGauge 4.5.18 - Local Denial of Service Exploit
Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Title : SysGauge v4.5.18 - Local Denial of Service Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software :...
WampServer 3.1.2 CSRF to add or delete any virtual hosts remotely Vulnerability
Exploit for php platform in category web applications WampServer 3.1.2 CSRF to add or delete any virtual hosts remotely CVE-2018-8817 CSRF Cross site request forgery in WampServer 3.1.2 which allows a remote attacker to force any victim to add or delete virtual hosts...
osCommerce 2.3.4.1 - Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on:...
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
Exploit for windows platform in category remote exploits !/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.1 webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow RCE Date: 03-29-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
Wordpress Contact Form 7 to Database Extension 2.10.32 Plugin - CSV Injection Vulnerability
Exploit for php platform in category web applications Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: None Software Link:...
Wordpress Relevanssi 4.0.4 Plugin - Reflected Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title : Relevanssi Wordpress Search Plugin Reflected Cross Site Scripting XSS Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://www.relevanssi.com Software Link:...
WordPress WP Security Audit Log 3.1.1 Plugin - Sensitive Information Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: WP Security Audit Log Plugin, Sensitive Information Disclosure CheckDirectory $useruploadpath wpmkdirp $useruploadpath ; 0day.today 2018-04-02...
Homematic CCU2 2.29.23 - Arbitrary File Write Exploit
Exploit for cgi platform in category web applications !/usr/bin/ruby Exploit Title: Homematic CCU2 Arbitrary File Write Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 C...
MiniCMS 1.10 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications test document.forms0.submit; 0day.today 2018-04-08...
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow Exploit
Exploit for windows platform in category local exploits SWAMI KARUPASAMI THUNAI Exploit Title: Allok soft WMV to AVI MPEG DVD WMV Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions...
Joomla Acymailing Starter 5.9.5 Component - CSV Macro Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extension/acymailing-starter/ Affected...
Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/env python Exploit Title : Allok AVI DivX MPEG to DVD Converter - Buffer Overflow SEH Date : 3/27/18 Exploit Author : wetw0rk Vulnerable Software : Allok AVI DivX MPEG to DVD Converter Vendor Homepage : http://alloksoft.com/ Versio...
Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow Exploit
Exploit for windows platform in category local exploits SWAMI KARUPASAMI THUNAI Exploit Title: Alloksoft Video joiner 4.6.1217 - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Vulnerable...
Joomla AcySMS 3.5.0 Component - CSV Macro Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extensions/extension/communication/phone-a-sms/acysms/...
Homematic CCU2 2.29.23 - Remote Command Execution Exploit
Exploit for cgi platform in category web applications !/usr/bin/ruby Exploit Title: Homematic CCU2 Remote Command Execution Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29....
Open-AuditIT Professional 2.1 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Open-AuditIT Professional 2.1 - Stored Cross site scripting XSS Exploit Author: Nilesh Sapariya Contact: https://twitter.com/nileshloganx Website: https://nileshsapariya.blogspot.com Vendor Homepage: https://www.open-audit.org/...
Joomla Fields Component - SQL Injection Remote Code Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla Component Fields SQLi Remote Code Execution', 'Description' = %q This module exploit...
Square 9 GlobalForms 6.2.x Blind SQL Injection Exploit
Exploit for php platform in category web applications Blind SQL Injection in Square 9 GlobalForms = 6.2.x CVE-2018-8820 Product Description GlobalFormsAr is Square 9as powerful web forms product. GlobalForms can live separate of GlobalSearch and runs on a separate Web Engine. Vulnerability Type...
ManageEngine Application Manager Remote Code Execution Exploit
This Metasploit module exploits a command injection vulnerability in the ManageEngine Application Manager product. An unauthenticated user can execute an operating system command under the context of privileged user. The publicly accessible testCredential.do endpoint takes multiple user inputs an...
Exodus Wallet (ElectronJS Framework) - Remote Code Execution Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Exodus Wallet ElectronJS Framework remote Code...
GitStack - Unsanitized Argument Remote Code Execution Exploit
Exploit for windows platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unsanitized Argument RCE', 'Description' = %q This module exploits a remote cod...
RSA Authentication Agent For Web XSS / Buffer Overflow Vulnerability
RSA Authentication Agent for Web for both IIS and Apache Web Server version 8.0. 1 and earlier contain multiple vulnerabilities that could potentially be exploit ed by malicious users to compromise affected systems. These issues include cross site scripting, buffer overflow, and information...
Tenda W308R V2 Wireless Router 5.07.48 DNS Changer Exploit
Tenda W308R V2 wireless router version 5.07.48 remote DNS changer proof of concept exploit. Tenda W308R v2 Wireless Router V5.07.48 Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems u...
Crea8Social Social Network Script - Multiple Cross-Site Scripting Vulnerabilities
Exploit for php platform in category web applications - Title: Multiple Cross-Site Scripting Vulnerabilities in Crea8Social Social Network Script - Product Description: Crea8Social is the leading social networking software that helps you build your own custom online community. - Vulnerability Typ...
Dell EMC ScaleIO Buffer Overflow / Command Injection Vulnerability
Dell EMC ScaleIO customers are encouraged to update to ScaleIO version 2.5, which contains fixes for multiple security vulnerabilities in earlier ScaleIO software versions that could potentially be exploited by malicious users to compromise the affected system. Dell EMC Identifier: DSA-2018-058 C...
Drupal 7.0 < 7.31 - Drupalgeddon SQL Injection (Admin Session) Exploit
Exploit for php platform in category web applications //· include 'common.inc'; include 'password.inc'; // set values $username = 'admin'; $url = isset$argv1?$argv1:''; $userid = isset$argv2?intval$argv2:1; if $url == '-h' echo "usage:\n"; echo $argv0.' $url $userid'."\n"; die; if empty$url ||...
Microsoft Windows Remote Assistance - XML External Entity Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: Microsoft Windows Remote Assistance XXE Date: 27/03/2018 Exploit Author: Nabeel Ahmed Tested on: Windows 7 x64, Windows 10 x64 CVE : CVE-2018-0878 Category: Remote Exploits Invitation.msrcincident ------------------------...
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting Vulnerability
Exploit for multiple platform in category web applications --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Persistent XSS Date: 2018-03-27 Exploit...
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal Exploit
Exploit for multiple platform in category web applications ''' --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Directory Traversal Date: 2018-03-27...
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Exploit
Exploit for linux platform in category remote exploits Title: TestLink Open Source Test Management comment out skip-networking as well as bind-add...
Linux/x86 - EggHunter + Null-Free Shellcode (11 Bytes)
/ Title: Linux/x86 - EggHunter Shellcode 11 Bytes Author: Anurag Srivastava Tested on: i686 GNU/Linux Shellcode Length: 11 Description: Smallest Null-Free Egg Hunter Shellcode - 11 Bytes Details: 1. Works with an executable EGG 2. Make sure you clear EDX, EAX registers in the shellcode before any...
Acrolinx Server < 5.2.5 - Directory Traversal Vulnerability
Exploit for windows platform in category remote exploits Exploit Title: Acrolinx Dashboard Directory Traversal CVE: CVE 2018-7719 Exploit Author: Berk Dusunur Vendor Homepage: www.acrolinx.com Version:Before 5.2.5 PoC Acrolinx dashboard windows works on the server...
LabF nfsAxe 3.7 - Privilege Escalation Exploit
Exploit for windows platform in category local exploits Exploit Author: bzyo Twitter: @bzyo Exploit Title: LabF nfsAxe 3.7 - Privilege Escalation Date: 03-24-2018 Vulnerable Software: LabF nfsAxe 3.7 Vendor Homepage: http://www.labf.com/ Version: 3.7 Software Link:...
Dell EMC NetWorker - Denial of Service Exploit
Exploit for linux platform in category dos / poc ''' Exploit Title: Dell EMC NetWorker DoS PoC Date: 18.03.2018 Exploit Author: Marek Cybul Vendor Homepage: https://www.emc.com/data-protection/networker.htm Versions: Dell EMC NetWorker versions prior to 9.2.1.1 Dell EMC NetWorker versions prior t...