39001 matches found
Joomla Joomanager 2.0.0 Component - com_Joomanager Arbitrary File Download Exploit
Exploit for php platform in category web applications !/usr/bin/python2 -- coding:utf-8 -- ''' GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright C 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it ...
Suricata < 4.0.4 - IDS Detection Bypass Vulnerability
Exploit for multiple platform in category dos / poc ----------------------------------------------------- Vulnerability Type: Detection Bypass Affected Product: Suricata Vulnerable version: SYN Seq=0 Ack= 0 - Evil Server Client ACK Seq=1 Ack= 84 - Evil Server Client - PSH, ACK Seq=1 Ack= 84 - Evi...
Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit
Exploit for windows platform in category local exploits !/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The “Venetian” Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original Advisory:...
Papenmeier WiFi Baby Monitor Free & Lite < 2.02.2 - Remote Audio Record Exploit
Exploit for Android platform in category remote exploits Whilst analysing a number of free communication based applications on the Google Play Store, I took a look at WiFi Baby Monitor: Free & Lite the free version of WiFi Baby Monitor. Although the premium version offered users the ability to...
ClipBucket < 4.0.0 - Release 4902 - Command Injection / File Upload / SQL Injection Vulnerabiliti
Exploit for php platform in category web applications ======================================================================= title: OS command injection, arbitrary file upload & SQL injection product: ClipBucket vulnerable version: 4.0.0 - Release 4902 fixed version: 4.0.0 - Release 4902 CVE...
NETGEAR Magic telnetd Enabler Exploit
This Metasploit module sends a magic packet to a NETGEAR device to enable telnetd. Upon successful connect, a root shell should be presented to the user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Samsung Display Solutions Application For Android Content Injection Vulnerability
Samsung Display Solutions Application for Android did not use encryption SSL for information transmission, thus allowing a man-in-the-middle attacker to inject their own content into the application. The vendor fixed this issue and users should install the latest version 3.02 or above. Original...
VideoLAN VLC Media Player 2.2.5 EphemeralCockroach Heap Overflow Exploit
Exploit for windows platform in category dos / poc ================================================== Date: 02/28/2018 Title: VideoLAN VLC Media Player = 2.2.5 'EphemeralCockroach' Heap Overflow CVE: CVE-2017-8311 Exploit and Writeup: Patrick Z. SivertPL email protected Vulnerability discovery:...
Parallels Remote Application Server 15.5 Path Traversal Vulnerability
Exploit for windows platform in category web applications Exploit Title: Parallels Remote Application Server RAS 15.5 Path Traversal Date: 22-02-2018 Exploit Author: Nicolas Markitanis - RUNESEC Reviewers: Simon Loizides and Marios Nicolaides - RUNESEC Vendor Homepage: https://www.parallels.com/...
Apple macOS Sierra 10.12.1 - IOFireWireFamily FireWire Port Denial of Service Exploit
Exploit for macOS platform in category dos / poc / IOFireWireFamily-overflow.c Brandon Azad Buffer overflow reachable from IOFireWireUserClient::localConfigDirectoryPublish. Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44235.zip / include...
Sony Playstation 4 (PS4) - NamedObj 4.05 Kernel Exploit Writeup Vulnerability
Exploit for hardware platform in category dos / poc Table of Contents - Table of Contents - Introduction - Changes since 1.76 - Stage 1 - Information Disclosure Helpful information Vector systhrgetucontext Implementation + Thread Creation + Thread Suspension + Setup Function + Leak! + kASLR Defea...
Apple macOS Sierra 10.12.1 - physmem Local Privilege Escalation Exploit
Exploit for macOS platform in category local exploits physmem physmem is a physical memory inspection tool and local privilege escalation targeting macOS up through 10.12.1. It exploits either CVE-2016-1825 or CVE-2016-7617 depending on the deployment target. These two vulnerabilities are nearly...
Apple OS X Yosemite - flow_divert-heap-overflow Kernel Panic Exploit
Exploit for macOS platform in category dos / poc / flowdivert-heap-overflow.c Brandon Azad CVE-2016-1827: Kernel heap overflow in the function flowdiverthandleappmapcreate on OS X and iOS. Exploitation requires root privileges. The vulnerability was patched in OS X El Capitan 10.11.5 and iOS 9.3....
Sony Playstation 4 (PS4) - 4.0x WebKit Exploit Writeup Vulnerability
Exploit for hardware platform in category dos / poc Breaking down qwertyoruiopz's 4.0x userland exploit Edit: qwertyoruiopz tweeted at me helping me understand the bug better and I've corrected it. Not too long ago qwertyoruiopz released a functional and surprisingly stable exploit for 4.0x...
Apple macOS Sierra 10.12.3 - IOFireWireFamily-null-deref FireWire Port Denial of Service Exploit
Exploit for macOS platform in category dos / poc / IOFireWireFamily-null-deref.c Brandon Azad NULL pointer dereference in IOFireWireUserClient::setAsyncRefIsochChannelForceStop. Download: https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/44236.zip / include...
Apple macOS HighSierra 10.13 - ctl_ctloutput-leak Information Leak Exploit
Exploit for macOS platform in category local exploits / ctlctloutput-leak.c Brandon Azad CVE-2017-13868 While looking through the source code of XNU version 4570.1.46, I noticed that the function ctlctloutput in the file bsd/kern/kerncontrol.c does not check the return value of sooptcopyin, which...
OTRS Authenticated Command Injection Exploit
Exploit for multiple platform in category remote exploits Exploit Title: OTRS Authenticated Command Injection Exploit Author: Ali BawazeEer Vendor Homepage: https://www.otrs.com/ Software Link: http://ftp.otrs.org/pub/otrs/ Version:5.0.2, 5.0.0 - 5.0.24, 6.0.0 - 6.0.1 Tested on: OTRS 5.0.2/CentOS...
Sony Playstation 4 (PS4) - NamedObj Kernel Exploit Overview Vulnerability
Exploit for hardware platform in category dos / poc Introduction So fail0verflow released a writeup today on the namedobj exploit. I and a few others have had this exploit for some time but did not release as we received help indirectly from f0f, so it was not entirely ours to release. Now that i...
Apple OS X 10.10.5 - rootsh Local Privilege Escalation Exploit
Exploit for macOS platform in category local exploits rootsh rootsh is a local privilege escalation targeting OS X Yosemite 10.10.5 build 14F27. It exploits CVE-2016-1758 and CVE-2016-1828, two vulnerabilities in XNU that were patched in OS X El Capitan 10.11.4 and 10.11.5. rootsh will not work o...
Sony Playstation 4 (PS4) - WebKit setAttributeNodeNS User After Free Vulnerability
Exploit for hardware platform in category dos / poc Note: While I exploited this bug on the PS4, this bug can also be exploited on other unpatched platforms. As such, I've published it under the "WebKit" folder and not the "PS4" folder. Introduction In around October of 2017, a few others as well...
D-Link DIR-600M Wireless - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: D-Link DIR-600M Wireless - Persistent Cross Site Scripting Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=DIR-600M Category: Hardware Exploit Author: Prasenjit Kanti Paul Web:...
Joomla 3.7 - SQL Injection Vulnerability
Exploit for php platform in category web applications --==Mannu joomla SQL Injection exploiter by Team Indishell==-- body font-family: Tahoma; color: white; background: 333333; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDE...
uWSGI < 2.0.17 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: uWSGI PHP Plugin Directory Traversal Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://uwsgi-docs.readthedocs.io Affected Software: uWSGI PHP Plugin...
Posnic Stock Management System - SQL Injection Exploit
Exploit for php platform in category web applications --==IndiSh3LL==-- body font-family: Tahoma; color: white; background: 444444; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight 2px outset;...
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution Vulnerability
Exploit for php platform in category remote exploits Title: TestLink Open Source Test Management comment out skip-networking as well as bind-addre...
WordPress Polls 1.2.4 Plugin - SQL Injection (PoC) Exploit
Exploit for php platform in category web applications Exploit Title :WordPress Polls plugin1.2.4 SQL Injection vulnerability Vulnerable version:Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip //////////////////////// /// Overview: //////////////////////// WordPress...
IrfanView 4.44 Email Plugin - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: IrfanView 4.44 Email PlugIn - Local Buffer Overflow SEH Date: 02-07-2018 Vulnerable Software: IrfanView 4.44 Email PlugIn Vendor Homepage: http://www.irfanview.com/ Version:...
IrfanView 4.50 Email Plugin - Buffer Overflow (SEH Unicode) Exploit
Exploit for windows platform in category local exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: IrfanView 4.50 Email PlugIn - Local Buffer Overflow SEH Unicode Date: 02-07-2018 Vulnerable Software: IrfanView 4.50 Email PlugIn Vendor Homepage: http://www.irfanview.com/...
DualDesk 20 - Proxy.exe Denial of Service Vulnerability
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: =============== www.dualdesk.com Product: =========== DualDesk v20 DualDesk is powerful, easy to use remote support software that is a one-time purchase and lets your technical support staff remote assis...
SEGGER embOS/IP FTP Server 3.22 - Denial of Service Vulnerability
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: ============= www.segger.com Product: =========== embOS/IP FTP Server v3.22 Vulnerability Type: =================== FTP Commands Denial Of Service CVE Reference: ============== CVE-2018-7449 Security...
Linux Kernel _sctp_make_chunk() Denial Of Service Vulnerability
Secunia Research has discovered a vulnerability in Linux Kernel, which can be exploited by malicious, local users to cause a DoS Denial of Service. An error in the "sctpmakechunk" function net/sctp/smmakechunk.c when handling SCTP packets length can be exploited to cause a kernel crash. The...
Linux Kernel - BadIRET Local Privilege Escalation Exploit
Exploit for linux platform in category local exploits CVE-2014-9322 PoC for Linux kernel CVE-2014-9322 a.k.a BadIRET proof of concept for Linux kernel. This PoC uses only syscalls not any libraries, like pthread. Threads are implemented using raw Linux syscalls. Raw Linux Threads via System Calls...
Sony Playstation 4 (PS4) 1.76 - dlclose Linux Loader Exploit
Exploit for hardware platform in category local exploits / Code written based on info available here http://cturt.github.io/dlclose-overflow.html See attached LICENCE file Thanks to CTurt and qwertyoruiop - @kr105rlz Download:...
FreeBSD Kernel (FreeBSD 10.2 < 10.3 x64) - SETFKEY (PoC) Exploit
Exploit for freebsd platform in category dos / poc / Code written based on info available here http://cturt.github.io/dlclose-overflow.html See attached LICENCE file Thanks to CTurt and qwertyoruiop - @kr105rlz Download:...
WebKitGTK 2.1.2 (Ubuntu 14.04) - Heap based Buffer Overflow Exploit
Exploit for linux platform in category local exploits CVE-2014-1303 PoC for Linux CVE-2014-1303 WebKit Heap based BOF proof of concept for Linux. This repository demonstrates the WebKit heap based buffer overflow vulnerability CVE-2014-1303 on Linux. NOTE: Original exploit is written for Mac OS X...
Nintendo Switch - WebKit Code Execution (PoC) Exploit
Exploit for hardware platform in category dos / poc CVE-2016-4657 Switch PoC body font-size: 2em; a text-decoration: none; color: 000; a:hover color: f00; font-weight: bold; CVE-2016-4657 Nintendo Switch PoC go! reload waiting... click go. // display JS errors as alerts. Helps debugging...
FreeBSD Kernel (FreeBSD 10.2 x64) - sendmsg Kernel Heap Overflow (PoC) Exploit
Exploit for freebsd platform in category dos / poc include include include include include include include include include include void atagetxportvoid; int kprintfconst char fmt, ...; char ostype; void resolvechar name struct kldsymlookup ksym; ksym.version = sizeofksym; ksym.symname = name;...
Sony Playstation 4 (PS4) 5.01 - WebKit (PoC) Exploit
Exploit for hardware platform in category dos / poc PS4 5.01 WebKit Exploit PoC =========================== Based on: - CVE-2017-7005 - PegaSwitch Copyright 2017 ReSwitched Team - 4.0x exploit by qwertyoruiopz This exploit supports 5.01 maybe others! Installation ============ 1. Install the lates...
TestLink Open Source Test Management Insecure Direct Object Reference Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Insecure Direct Object Reference product: TestLink Open Source Test Management vulnerable version: 1.9.17 fixed version: 1.9.17 after November 2017, and the current...
Routers2 2.24 - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Routers2 2.24 - Reflected Cross-Site Scripting Date: 18-01-18 Vendor Homepage: http://www.steveshipway.org/software/ Software Link: https://github.com/sshipway/routers2 Version: 2.24 CVE: CVE-2018-6193 Platform: Perl...
AxxonSoft Axxon Next Directory Traversal Vulnerability
Exploit for windows platform in category remote exploits Title AxxonSoft Axxon Next - AxxonSoft Client Directory Traversal via an initial /css//..%2f substring in a URI. CVE-2018-7467 Vulnerability Type Directory Traversal via an initial /css//..%2f substring in a URI Vendor of Product AxxonSoft...
ClipBucket SQL Injection / Command Injection / File Upload Vulnerabilities
ClipBucket versions prior to 4.0.0 Release 4902 suffer from OS command injection, arbitrary file upload, and remote SQL injection vulnerabilities. ======================================================================= title: OS command injection, arbitrary file upload & SQL injection product:...
Apple iOS 11.2.5 / watchOS 4.2.2 / tvOS 11.2.5 - bluetoothd Memory Corruption Exploit
Exploit for iOS platform in category dos / poc // // main.m // bluetoothdPoC // // Created by Rani Idan. // Copyright © 2018 zLabs. All rights reserved. // import "AppDelegate.h" include extern kernreturnt bootstraplookupmachportt bs, const char servicename, machportt service; / When hijacking...
Concrete5 < 8.3.0 - Username / Comments Enumeration Exploit
Exploit for php platform in category web applications !/usr/bin/env python3 Concrete5 8.3 vulnerable to Authorization Bypass Through User-Controlled Key IDOR CVE-2017-18195 Chapman R3naissance Schleiss from queue import Queue from threading import Thread from bs4 import BeautifulSoup from tabulat...
Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / bpf Kernel Loader 4.55) Exploit
Exploit for hardware platform in category remote exploits PS4 4.55 Kernel Exploit --- Summary In this project you will find a full implementation of the "bpf" kernel exploit for the PlayStation 4 on 4.55. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level...
ActivePDF Toolkit < 8.1.0.19023 - Multiple Memory Corruptions Exploit
Exploit for windows platform in category dos / poc ActivePDF Toolkit 8.1.0 multiple RCE Introduction ============ The ActivePDF Toolkit is a Windows library which enhances business processes to stamp, stitch, merge, form-fill, add digital signatures, barcodes to PDF. Both .NET and native APIs are...
School Management Script 3.0.4 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4. Exploit Author: Samiran Santra Vendor Homepage: https://www.phpscriptsmall.com Software Link: https://www.phpscriptsmall.com/product/school-management-syst...
MyBB My Arcade Plugin 1.3 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: MyBB My Arcade Plugin v1.3 - Persistent XSS Date: 2/21/2018 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=411 Version: 1.3 Tested on:...
Transmission Torrent Parsing Integer Overflows Exploit
Exploit for multiple platform in category dos / poc transmission: various integer overflow parsing torrent files I took a look at torrent file parsing in libtransmission, there are a few integer overflows because the trnew/trnew0 allocation wrappers don't handle overflow. define trnewstructtype,...
Asterisk 15.2.0 chan_pjsip SDP Media Format Denial Of Service Exploit
Asterisk running chanpjsip suffers from an SDP message related denial of service vulnerability. Versions affected include 13.10.0, 15.1.3, 15.1.4, 15.1.5, and 15.2.0. Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci -...