39001 matches found
Joomla K2 2.8.0 Component - Arbitrary File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component K2 2.8.0 - Arbitrary File Download Dork: N/A Date: 26.02.2018 Vendor Homepage: http://www.joomlaworks.net/ Software Link:...
Microsoft Windows 8.1/2012 R2 - SMB Denial of Service Exploit
Exploit for windows platform in category dos / poc Exploit Title: Microsoft Windows SMB Client Null Pointer Dereference Denial of Service Exploit Author: Nabeel Ahmed Version: SMBv3 Tested on: Windows 8.1 x86, Windows Server 2012 R2 x64 CVE : CVE-2018-0833 import SocketServer from binascii import...
Chrome V8 PropertyArray Integer Overflow Exploit
Exploit for multiple platform in category dos / poc Chrome: V8: Integer overflow with PropertyArray There's a snippet of the MigrateFastToFast function which is used to create a new PropertyArray object. int numberoffields = newmap-NumberOfFields; int inobject = newmap-GetInObjectProperties; int...
GetGo Download Manager 5.3.0.2712 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: GetGo Download Manager 5.3.0.2712 - Remote Buffer Overflow SEH Date: 02-24-2018 Vulnerable Software: GetGo Download Manager 5.3.0.2712 Vendor Homepage:...
Microsoft Edge Chakra JIT CallRegExSymbolFunction Return Check Fail Exploit
Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: JIT: CallRegExSymbolFunction doesn't check the return type The "CallRegExSymbolFunction" method is used to call symbol functions in regexp objects. But it doesn't check the return value's type. Since the user can define th...
Asterisk 15.2.0 chan_pjsip SDP fmtp Denial Of Service Exploit
Asterisk version 15.2.0 running chanpjsip suffers from an SDP message related denial of service vulnerability. Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip -...
Chrome V8 TranslatedState::MaterializeCapturedObjectAt Caching Bug Exploit
Exploit for multiple platform in category dos / poc Chrome: V8: TranslatedState::MaterializeCapturedObjectAt caching bug Here'a snippet of TranslatedState::MaterializeCapturedObjectAt. case JSSETKEYVALUEITERATORTYPE: case JSSETVALUEITERATORTYPE: Handle object = Handle::cast...
Asterisk 15.2.0 chan_pjsip SDP Media Format Denial Of Service Exploit
Asterisk running chanpjsip suffers from an SDP message related denial of service vulnerability. Versions affected include 13.10.0, 15.1.3, 15.1.4, 15.1.5, and 15.2.0. Segmentation fault occurs in Asterisk with an invalid SDP media format description - Authors: - Alfred Farrugia - Sandro Gauci -...
Sony Playstation 4 (PS4) 4.55 - bpf Local Kernel (PoC) Exploit
Exploit for hardware platform in category local exploits function stage4 function mallocsz var backing = new Uint8Array1000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new Uint8Array0x1000+sz4;...
Asterisk 15.2.0 chan_pjsip SUBSCRIBE Stack Corruption Exploit
Asterisk running chanpjsip suffers from a SUBSCRIBE message stack corruption vulnerability. Vulnerable versions include 15.2.0, 13.19.0, 14.7.5, and 13.11.2. SUBSCRIBE message with a large Accept value causes stack corruption - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version...
Schools Alert Management Script 2.0.2 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Schools Alert Management Script - 2.0.2 - Authentication Bypass Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: W...
CMS Made Simple 2.1.6 Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip Versio...
Audio Cutter Software - Code Injection Vulnerability
Exploit for windows platform in category dos / poc Technical Details: ================= Vulnerability Title: Audio Cutter Software - Code Injection Vulnerability Tool Name: Weeny Audio Cutter Software v1.5 Critical Level: High Author: Ajay Gowtham aka AJOXR Blackhat forums Type: Software Security...
Disk Savvy Enterprise 10.4.18 Buffer Ovreflow Exploit
This Metasploit module exploits a stack-based buffer overflow vulnerability in Disk Savvy Enterprise version 10.4.18, caused by improper bounds checking of the request sent to the built-in server. This Metasploit module has been tested successfully on Windows 7 SP1 x86. This module requires...
Groupon Clone Script 3.0.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Slickdeals/DealNews/Groupon Clone Script 3.0.2 – Stored XSS Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/groupon-clone-script/ Category: Web Application Exploit Author:...
AsusWRT LAN Unauthenticated Remote Code Execution Exploit
The HTTP server in AsusWRT has a flaw where it allows an unauthenticated client to perform a POST in certain cases. This can be combined with another vulnerability in the VPN configuration upload routine that sets NVRAM configuration variables directly from the POST request to enable a special...
CloudMe Sync 1.10.9 Buffer Overflow Exploit
This Metasploit module exploits a stack-based buffer overflow vulnerability in the CloudMe Sync version 1.10.9 client application. This Metasploit module has been tested successfully on Windows 7 SP1 x86. This module requires Metasploit: https://metasploit.com/download Current source:...
Groupon Clone Script 3.0.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Slickdeals/DealNews/Groupon Clone Script 3.0.2 – Stored XSS Date: 09.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/groupon-clone-script/ Category: Web Application...
Alibaba Clone Script 1.0.2 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Alibaba Clone Script 1.0.2 – Stored XSS Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/alibaba-clone/ Category: Web Application Exploit Author: Prasenjit Kanti Paul Web:...
Trend Micro Email Encryption Gateway 5.5 (Build 1111.00) - Multiple Vulnerabilities
Exploit for jsp platform in category web applications Trend Micro Email Encryption Gateway Multiple Vulnerabilities 1. Advisory Information Title: Trend Micro Email Encryption Gateway Multiple Vulnerabilities Advisory ID: CORE-2017-0006 Advisory URL:...
Joomla CheckList 1.1.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component CheckList 1.1.1 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/ Version:...
Learning and Examination Management System - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Learning and Examination Management System Script 2.3.1 – Stored XSS Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/learning-examination-management-system/ Category: Web...
Joomla Ek Rishta 2.9 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Ek Rishta 2.9 - SQL Injection Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/ Version: 2.9 Categor...
Joomla Proclaim 9.1.1 Component - Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Vendor Homepage: https://www.christianwebministries.org/ Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/ Software Download:...
Armadito Antivirus 0.12.7.2 - Detection Bypass Vulnerability
Exploit for windows platform in category local exploits / Title: Armadito Antivirus - Malware Detection Bypass Date: 21/02/2018 Author: Souhail Hammou Author's website: http://rce4fun.blogspot.com Vendor Homepage: http://www.teclib-edition.com/en/ Version: 0.12.7.2 CVE: CVE-2018-7289 Details:...
Joomla Alexandria Book Library 3.1.2 Component - letter SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Alexandria Book Library 3.1.2 - SQL Injection Vendor Homepage: https://alexandriabooklibrary.org/ Software Link:...
Joomla PrayerCenter 3.0.2 Component - sessionid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component PrayerCenter 3.0.2 - SQL Injection Vendor Homepage: http://www.mlwebtechnologies.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/religion/prayercenter/ Software Download:...
Joomla Proclaim 9.1.1 Component - Backup File Download Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Proclaim 9.1.1 - Backup Download Vendor Homepage: https://www.christianwebministries.org/ Software Link: https://extensions.joomla.org/extensions/extension/living/religion/proclaim/ Software Download:...
Joomla OS Property Real Estate 3.12.7 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection Vendor Homepage: https://www.joomdonation.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/os-property/ Version:...
Joomla CW Tags 2.0.6 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component CW Tags 2.0.6 - SQL Injection Vendor Homepage: http://www.cwjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/search-a-indexing/tags-a-clouds/cw-tags/ Version: 2.0.6 Category: Webapp...
NoMachine x64 < 6.0.80 - nxfuse Privilege Escalation Exploit
Exploit for windows platform in category local exploits from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3...
NoMachine x86 < 6.0.80 - nxfuse Privilege Escalation Exploit
Exploit for windows platform in category local exploits include “stdafx.h” include define DEVICE L”\\.\nxfs-709fd562-36b5-48c6-9952-302da6218061″ define DEVICE2 L”\\.\nxfs-net-709fd562-36b5-48c6-9952-302da6218061709fd562-36b5-48c6-9952-302da6218061” define IOCTL 0x00222014 define IOCTL2...
Yab Quarx 2.4.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications 1. Introduction Vendor : Yab Affected Product : Quarx through 2.4.3 Fixed in : Quarx 2.4.5 and 2.4.6 Vendor Website : https://quarxcms.com/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7274 2...
EChat Server 3.1 - CHAT.ghp Buffer Overflow Exploit
Exploit for windows platform in category remote exploits Exploit Author: Juan Sacco Vulnerability found using Exploit Pack v10 - http://exploitpack.com Impact: An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will...
Radiant CMS 1.1.4 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications 1. Introduction Vendor : Radiant Affected Product : Radiant CMS 1.1.4 Fixed in : NA Vendor Website : http://radiantcms.org/ Vulnerability Type : Persistent XSS Remote Exploitable : Yes CVE External Identifier : CVE-2018-7261 2. Overview...
Disk Savvy Enterprise 10.4.18 - Buffer Overflow (SEH) Exploit
Exploit for windows platform in category remote exploits Exploit Title: Disk Savvy Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Exploit Author: Daniel Teixeira Vendor Homepage: http://www.disksavvy.com/ Software Link:...
Disk Pulse Enterprise 10.4.18 - Import Command Buffer Overflow (SEH) Exploit
Exploit for windows platform in category remote exploits !/usr/bin/env python Exploit Title: Disk Pulse Enterprise v10.4.18 - 'Import Command' Buffer Overflow SEH Date: 2018-01-22 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.diskpulse.com...
Wavpack 5.1.0 - Denial of Service Exploit
Exploit for multiple platform in category dos / poc Exploit title: Wavpack 5.1.0 - Denial of Service Date: 20.02.2018 Exploit Author: r4xis https://github.com/r4xis Vendor Homepage: http://www.wavpack.com/ Software Links: http://www.wavpack.com/downloads.html https://github.com/dbry/WavPack...
Microsoft Windows - NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior E
Exploit for windows platform in category local exploits Windows: NPFS Symlink Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Platform: Windows 10 1709 functionality not present prior to this version Class: Security Feature Bypass/Elevation of Privilege/Dangerous Behavior Summar...
Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation
Exploit for windows platform in category local exploits Windows: StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation EoP Platform: Windows 10 1709 not tested earlier versions Class: Elevation of Privilege Summary: The SvcMoveFileInheritSecurity RPC method in StorSvc can be used to move an...
Microsoft Internet Explorer 11 - Js::RegexHelper::RegexReplace Use-After-Free Exploit
Exploit for windows platform in category dos / poc...
Microsoft Windows - Constrained Impersonation Capability Privilege Escalation Exploit
Exploit for windows platform in category local exploits Windows: Constrained Impersonation Capability EoP Platform: Windows 10 1703/1709 not tested earlier versions Class: Elevation of Privilege Summary: It’s possible to use the constrained impersonation capability added in Windows 10 to...
MagniComp SysInfo - mcsiwrapper Privilege Escalation Exploit
Exploit for multiple platform in category local exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MagniComp SysInfo mcsiwrapper Privilege Escalation', 'Description' = %q This module...
Kentico CMS 11 Arbitrary Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Kentico CMS version 9 through 11 - Arbitrary Code Execution Software Link: https://www.kentico.com Exploit Author: Keerati T. CVE: CVE-2018-7046 Category: webapps 1. Description Kentico is the only fully integrated ASP.NET CMS,...
Aastra 6755i SIP SP4 - Denial of Service Vulnerability
Exploit for hardware platform in category dos / poc Exploit Title: Aastra 6755i SIP SP4 | Unauthorized Remote Reboot Date: 17/02/2018 Exploit Author: Wadeek Hardware Version: 6755i Firmware Version: 3.3.1.4053 SP4 Vendor Homepage: http://www.aastra.sg/ Firmware Link:...
Linux/ARM - Bind TCP (4444/TCP) Shell (/bin/sh) + IP Controlled (192.168.1.190) + Null-Free Shellcod
/ Title: Linux/ARM - IP Controlled Bind Shell TCP /bin/sh. Null free shellcode 168 bytes Date: 2018-02-17 Tested: armv7l Raspberry Pi v3 and armv6l Raspberry Pi Zero W Author: rtmcx - twitter: @rtmcx Description: The shellcode will only allow the connection to execute the shell if originating fro...
utorrent - JSON-RPC Remote Code Execution / Information Disclosure Vulnerabilities
Exploit for multiple platform in category remote exploits By default, utorrent create an HTTP RPC server on port 10000 uTorrent classic or 19575 uTorrent web. There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest. To be clear, visiting any...
Microsoft Windows Kernel - nt!RtlpCopyLegacyContextX86 Stack Memory Disclosure Exploit
Exploit for windows platform in category dos / poc / We have discovered a new Windows kernel memory disclosure vulnerability in the creation and copying of a CONTEXT structure to user-mode memory. Two previous bugs in the nearby code area were reported in issues 1177 and 1311 ; in fact, the probl...
October CMS < 1.0.431 - Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: October CMS Stored Code Injection Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://octobercms.com/ Version: All versions till date from...
Kentico CMS 11 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Kentico CMS version 9 through 11 - Cross-Site Scripting Reflect Software Link: https://www.kentico.com Exploit Author: Keerati T. CVE: CVE-2018-7205 Category: webapps 1. Description Kentico is the only fully integrated ASP.NET...