39001 matches found
Android DRM Services - Buffer Overflow Exploit
Exploit for Android platform in category dos / poc include include include include include include include include include include using namespace android; static sp getCrypto sp sm = defaultServiceManager; sp binder = sm-getServiceString16"media.drm"; sp service = interfacecastbinder; if service...
MikroTik RouterOS < 6.41.3/6.42rc27 - SMB Buffer Overflow Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python import socket import struct import sys import telnetlib NETBIOSSESSIONMESSAGE = "\x00" NETBIOSSESSIONREQUEST = "\x81" NETBIOSSESSIONFLAGS = "\x00" trick from http://shell-storm.org/shellcode/files/shellcode-881.php wil...
WordPress Duplicator 1.2.32 Plugin - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title : Duplicator Wordpress Migration Plugin Reflected Cross Site Scripting XSS Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://snapcreek.com/ Software Link:...
SAP NetWeaver AS JAVA CRM - Log injection Remote Command Execution Exploit
Exploit for windows platform in category remote exploits !/usr/bin/env python import argparse import urllib import requests, random from bs4 import BeautifulSoup from requests.packages.urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disablewarningsInsecureRequestWarning...
WOOF WooCommerce Products Filter 1.1.9 LFI / Code Execution Exploit
WOOF WooCommerce Products Filter from PluginUs.Net version 1.1.9 suffers from shortcode execution and local file inclusion vulnerabilities. ======================================================================= title: Arbitrary Shortcode Execution & Local File Inclusion product: WOOF - WooCommer...
Samba 4.x Password Change Vulnerability
On a Samba 4 AD DC any authenticated user can change other users' passwords over LDAP, including the passwords of administrative users and service accounts. ==================================================================== == Subject: Authenticated users can change other users' password == ==...
Shopware 5.3.7 Cross Site Request Forgery Vulnerability
Shopware versions 4.0.1 through 5.3.7 suffer from a cross site request forgery vulnerability. Malicious, third-party websites may abuse this API to list, add or remove products from a user's cart. Shopware Cart Accessible by Third-Party Websites RedTeam Pentesting discovered that the shopping car...
MikroTik RouterOS < 6.38.4 (x86) - Chimay Red Stack Clash Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python2 Mikrotik Chimay Red Stack Clash Exploit by wsxarcher based on BigNerd95 POC tested on RouterOS 6.38.4 x86 ASLR enabled on libs only DEP enabled import socket, time, sys, struct from pwn import import ropgadget...
Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC) Exploit
Exploit for hardware platform in category local exploits window.didload = 0; window.didpost = 0; window.onload = function window.didload = 1; if window.didpost == 1 window.stage2; window.postExpl = function window.didpost = 1; if window.didload == 1 window.stage2; function makeid var text = ""; v...
Tuleap 9.17.99.189 - Blind SQL Injection Vulnerability
Exploit for php platform in category web applications =============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL injection - time based severity: High found:...
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution Exploit
Exploit for windows platform in category web applications Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on:...
MikroTik RouterOS < 6.38.4 (MIPSBE) - Chimay Red Stack Clash Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python3 Mikrotik Chimay Red Stack Clash Exploit by BigNerd95 Tested on RouterOS 6.38.4 mipsbe using a CRS109 Used tools: pwndbg, rasm2, mipsrop for IDA I used ropper only to automatically find gadgets ASLR enabled on libs onl...
SecurEnvoy SecurMail 9.1.501 - Multiple Vulnerabilities
Exploit for asp platform in category web applications ======================================================================= title: Multiple Critical Vulnerabilities product: SecurEnvoy SecurMail vulnerable version: 9.1.501 fixed version: 9.2.501 or hotfix patch "1012018" CVE number:...
SC 7.16 - Stack-Based Buffer Overflow Exploit
Exploit for linux platform in category local exploits Exploit Author: Juan Sacco - http://www.exploitpack.com Bug found using Exploit Pack - Local fuzzer feature. Tested on: GNU/Linux - Kali Linux Filename: pool/main/s/sc/sc7.16-4+b2i386.deb Description: SC v7.16 is prone to a basic stack-based...
DEWESoft X3 SP1 (64-bit) installer / Remote Internal Command Access Vulnerability
Exploit for windows platform in category remote exploits + Credits: John Page aka hyp3rlinx Vendor: ============= www.dewesoft.com Product: =========== DEWESoft X3 SP1 64-bit installer - X3 DEWESoftFULLX3SP164BIT.exe Vulnerability Type: =================== Remote Internal Command Access CVE...
Advantech WebAccess < 8.3 - Directory Traversal / Remote Code Execution Exploit
Exploit for windows platform in category web applications !/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.3 webvrpcs Directory Traversal RCE Vulnerability Date: 03-11-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
ManageEngine Applications Manager 13.5 - Remote Code Execution Exploit
Exploit for java platform in category web applications This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager Remote Code Execution", 'Description' = %q This module...
Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vulnerability
Exploit for multiple platform in category web applications Prisma Industriale Checkweigher PrismaWEB 1.21 Authentication Bypass Vendor: Prisma Industriale S.r.l. Product web page: https://www.prismaindustriale.com Affected version: 1.0 Rev 21, EPROM 202FWSAM ?? Summary: Web Administration of...
TextPattern 4.6.2 - qty SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...
Tuleap 9.17.99.189 SQL Injection Vulnerability
Exploit for php platform in category web applications =============================================================================== title: Tuleap SQL Injection case id: CM-2018-01 product: Tuleap version 9.17.99.189 vulnerability type: Blind SQL injection - time based severity: High found:...
WPS Office 10.2.0.5978 - NULL DACL grants full access Vulnerability
Exploit for multiple platform in category local exploits ===== Tempest Security Intelligence - ADV-16/2018 === WPS Free Office 10.2.0.5978 - NULL DACL grants full access ------------------------------------------------------- Author: - Filipe Xavier Oliveira: filipe.xavier tempest.com.br =====...
Hola VPN 1.79.859 - Insecure service permissions Vulnerability
Exploit for windows platform in category local exploits ===== Tempest Security Intelligence - ADV-22/2018 === Hola VPN 1.79.859 - Insecure service permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: ===== Table of Contents...
Chrome 35.0.1916.153 - Sandbox Escape / Command Execution Exploit
Exploit for windows platform in category local exploits Sandbox escape Chrome exploit. Allows the execution of local binaries, read/write functions and exfiltration of Chrome OAuth tokens to remote server. More info: https://bugs.chromium.org/p/chromium/issues/detail?id=386988 Download:...
Microsoft Office - Composite Moniker Remote Code Execution Exploit
Exploit for windows platform in category local exploits What? This repo contains a Proof of Concept exploit for CVE-2017-8570, a.k.a the "Composite Moniker" vulnerability. This demonstrates using the Packager.dll trick to drop an sct file into the %TEMP% directory, and then execute it using the...
Bacula-Web < 8.0.0-rc2 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Multiple SQL injection vulnerabilities in Bacula-Web Date: 2018-03-07 Software Link: http://bacula-web.org/ Exploit Author: Gustavo Sorondo Contact: http://twitter.com/iampuky Website: http://cintainfinita.com/ CVE: CVE-2017-153...
Tor Browser ( Firefox 41 < 50 ) - Code Execution 0day Exploit
Exploit for windows platform in category local exploits TOR Browser 0day : JavaScript Exploit ! Works on Firefox versions 41 - 50 The critical vulnerability is believed to affect multiple Windows versions of the open source Firefox web browser as far back as Firefox version 41, and up to Firefox...
Broadcom BCM43xx Wi-Fi - BroadPWN Denial of Service Exploit
Exploit for Android platform in category dos / poc This Exploit allows arbitrary memory writes and reads. Running the specified payload within this package will write to the device's main CPU kernel, causing it to crash. More information about its origins here: http://boosterok.com/blog/broadpwn2...
Memcached 1.5.5 - Memcrashed Insufficient Control of Network Message Volume Denial of Service
Exploit for linux platform in category dos / poc Memcached 1.5.5 - 'Memcrashed ' Insufficient Control of Network Message Volume Denial of Service With Shodan API -- coding: utf8 -- !/usr/bin/python Download:...
Mozilla Firefox - Address Bar Spoofing Exploit
Exploit for multiple platform in category local exploits location=URL.createObjectURLnew Blob'Not Googleiflocation.href.indexOf"google"==-1location.pathname="https://www.google.com/"elsedocument.title="Google Search"', type: 'text/html' 0day.today 2018-03-28...
WebLog Expert Web Server Enterprise 9.4 Weak Permissions Vulnerability
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ======== www.weblogexpert.com Product: ======== WebLog Expert Web Server Enterprise v9.4 WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's...
WebLog Expert Web Server Enterprise 9.4 Denial Of Service Exploit
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: ======= www.weblogexpert.com Product: ========= WebLog Expert Web Server Enterprise v9.4 WebLog Expert is a fast and powerful access log analyzer. It will give you information about your site's visitors:...
Eclipse Equinoxe OSGi Console Command Execution Exploit
This Metasploit module exploits the Eclipse Equinoxe OSGi Open Service Gateway initiative console fork command to execute arbitrary commands on the remote system.. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework requi...
Magento User Info Cross Site Scripting Vulnerability
Magento suffers from user information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3. Advisory Title: Magento Multiple Stored Cross-Site Scripting Vulnerabilities Advisory URL:...
Magento Product Attributes Cross Site Scripting Vulnerability
Magento suffers from product attribute information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3. Advisory Title: Magento Stored Cross-Site Scripting a Product Attributes Advisory UR...
Magento Backups Cross Site Request Forgery Vulnerability
Magento Backups suffer from a cross site request forgery vulnerability. Versions affected include Magento Open Source prior to 1.9.3.8, Magento Commerce prior to 1.14.3.8, Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3. Advisory Title: Magento Backups...
Rapid Scada 5.5.0 Insecure Permissions Vulnerability
Exploit for windows platform in category local exploits Rapid Scada - 5.5.0 - Insecure Permissions ------------------------------------------------------- Author: - Filipe Xavier Oliveira: icacls SCADA SCADA BUILTIN\Administrators:IF BUILTIN\Administrators:IOICIIOF NT AUTHORITY\SYSTEM:IF NT...
Magento Downloadable Products Cross Site Scripting Vulnerability
Magento suffers from downloadable product information related cross site scripting vulnerabilities. Versions affected include Magento 2.0 prior to 2.0.18, Magento 2.1 prior to 2.1.12, and Magento 2.2 prior to 2.2.3. Advisory Title: Magento Stored Cross-Site Scripting a Downloadable Products...
Redaxo CMS Addon MyEvents 2.2.1 - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Redaxo CMS Addon MyEvents SQL Injection Backend Exploit Author: h0n1gsp3cht Vendor Homepage: http://www.github.com/wende60/myevents Version: 2.2.1 Last Version Tested on: LinuxMint More: Login Required GET Vuln Code +...
antMan 0.9.0c - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: antMan and the password to a url-encoded linefeed %0a, we can force the authentication script to produce return values not anticipated by the developer. To exploit these defects, use a web proxy to intercept the login attempt an...
CloudMe Sync 1.9.2 Remote Buffer Overflow Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python CloudMe Sync 1.9.2 Remote Exploit Written by r00tpgp @ http://www.r00tpgp.com Usage: python CloudMe-1.9.2-Exploit.py Spawns reverse meterpreter LHOST=192.168.0.68 LPORT=1990 CVE: CVE-2018-6892 CloudMe Installer:...
Chrome V8 Out-Of-Bounds Read Exploit
Exploit for windows platform in category dos / poc Chrome: V8: Empty BytecodeJumpTable may lead to OOB read In the current implementation, the bytecode generator also emits empty jump tables...
Bravo Tejari Web Portal - Cross-Site Request Forgery Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Bravo Tejari Web Portal-CSRF CVE-ID: CVE-2018-7216 Vulnerability Type: Cross Site Request Forgery CSRF Vendor of Product: Tejari Affected Product Code Base: Bravo Solution Affected Component: Web Interface Management. Attac...
Chrome V8 JIT JSBuiltinReducer::ReduceObjectCreate NULL Check Fail Exploit
Exploit for multiple platform in category dos / poc Chrome: V8: JIT: JSBuiltinReducer::ReduceObjectCreate fails to ensure that the prototype is "null" I think this commit has introduced the bug. https://chromium.googlesource.com/v8/v8/+/ff7063c7d5d8ad8eafcce3da59e65d7fe2b4f915%5E%21/F2 According ...
Memcached - memcrashed Denial of Service Exploit
Exploit for linux platform in category dos / poc Written by Alex Conrey Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44254.zip This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public...
Chrome V8 JIT Optmization Bug Exploit
Chrome V8 JIT suffers from a simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement optimization bug. Chrome: V8: JIT: Simplified-lowererer IrOpcode::kStoreField, IrOpcode::kStoreElement optimization bug I think this commit has introduced the bugs:...
Chrome V8 JIT GetSpecializationContext Type Confusion Exploit
Exploit for multiple platform in category dos / poc Chrome: V8: JIT: Type confusion in GetSpecializationContext PoC: function optarg = = arg let tmp = opt.x; // LdaNamedProperty for ;; arg; yield; function inner tmp; break; for let i = 0; i arg; this; , opt let tmp = arg.x; for ;; arg; yield; tmp...
Softros Network Time System Server 2.3.4 - Denial of Service Exploit
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: ============= www.softros.com https://nts.softros.com/downloads/ Product: =========== Network Time System Server v2.3.4 Both x86/x64 versions Network Time System provides a solution to system time...
Tenda AC15 Router - Pe-authenticated Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python EDB Note Source: https://www.fidusinfosec.com/remote-code-execution-cve-2018-5767/ import urllib2 import struct import time import socket from optparse import import SimpleHTTPServer import SocketServer import threadin...
Sophos UTM 9.410 - (loginuser) (confd) Service Privilege Escalation Vulnerability
Exploit for linux platform in category local exploits Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Publication Date: 2018.03.02 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-007.txt 1. Vulnerability Details Affected Vendor: Sophos Affected...
Dup Scout Enterprise 10.5.12 - Share Username Local Buffer Overflow Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Dup Scout Enterprise 10.5.12 - Local Buffer Overflow Date: 02-22-2018 Vulnerable Software: Dup Scout Enterprise v10.5.12 Vendor Homepage: http://www.dupscout.com Version:...