39001 matches found
Linux/x86 chmod 777 /etc/sudoers Shellcode (36 bytes)
/ Description ; Title : chmod 777 /etc/sudoers - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : chmod /etc/sudoers permissions ; OS : Linux ; Arch : x86 ; Size : 36 bytes chmod.nasm global start section .text start: ;...
Joomla JHotelReservation 6.0.5 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla JHotelReservation 6.0.5 - SQL injection Credit: Bilal KARDADOU Vendor: http://www.cmsjunkie.com/joomlahotelreservation URL:...
Joomla Ad Agency 6.0.9 SQL Injection Vulnerability
Exploit for php platform in category web applications Document Title: =============== iJoomla comadagency 6.0.9 - SQL Injection Vulnerabilities Product & Service Introduction: =============================== Ad Agency is the 1 advertising extension for Joomla! Start generating income from your...
Joomla Real Estate 1.5 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla! CMS Real Estate 1.5 - SQL injection Credit: Bilal KARDADOU Vendor: http://www.cms-realestate.com URL: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/cms-real-estate/ Product: 'Joomla! CMS Real...
Ayukov NFTP FTP Client 2.0 - Buffer Overflow Exploit
Exploit for windows platform in category remote exploits...
Joomla vRestaurant 1.9.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla! vRestaurant 1.9.4 - SQL injection Credit: Bilal KARDADOU Vendor: https://www.wdmtech.com URL: https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/vrestaurant/ Product: 'Joomla! vRestaurant 1.9.4'...
AMD PSP fTPM Remote Code Execution Vulnerability
AMD PSP suffers from an fTPM remote code execution vulnerability that can be performed through a crafted EK certificate. Introduction ============ AMD PSP 1 is a dedicated security processor built onto the main CPU die. ARM TrustZone provides an isolated execution environment for sensitive and...
Cisco IOS - Remote Code Execution Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service...
Joomla JMultipleHotelReservation 6.0.5 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla JMultipleHotelReservation 6.0.5 - SQL injection Credit: Bilal KARDADOU Vendor: http://www.cmsjunkie.com/joomla-hotel-portal URL:...
Joomla J-BusinessDirectory 4.7.3 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla J-BusinessDirectory 4.7.3 -SQL injection Credit: Bilal KARDADOU Vendor: http://www.cmsjunkie.com/j-business-directory URL: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/j-businessdirectory...
BarcodeWiz ActiveX Control Buffer Overflow Vulnerability
Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: ================= www.barcodewiz.com Product: ============= BarcodeWiz ActiveX Control 6.7 BarCodeWiz OnLabel. Generates dynamic barcodes from your imported Excel, CSV, or Access files. Print auto...
Joomla JUX Real Estate 3.3.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla! JUX Real Estate 3.3.0 - SQL injection Credit: Bilal KARDADOU Vendor: https://joomlaux.com URL: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jux-real-estate/ Product: 'Joomla! JUX Real Estate...
WordPress WpJobBoard 4.4.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Product & Service Introduction: =============================== WPJobBoard is bundled with 15+ shortcodes, allowing you to easily build completely uniqu...
Western Digital WDMyCloud mydlinkBRionyg Backdoor Exploit
This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within WDMyCloud devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. A root shell will be spawned upon successful exploitation. This module...
Gespage 7.4.8 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications CVE-2017-7998 Gespage stored cross-site-scripting XSS vulnerability Description Gespage is web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent ...
Icyphoenix 2.2.0.105 SQL Injection Vulnerability
Exploit for php platform in category web applications Document Title: =============== Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities Product & Service Introduction: =============================== Icy Phoenix is a CMS based on phpBB engine a fully scalable and highly customisable...
GetGo Download Manager 5.3.0.2712 - Proxy Buffer Overflow Exploit
Exploit for windows platform in category dos / poc Exploit Title: Buffer overflow vulnerability in GetGo Download Manager proxy options 5.3.0.2712 Date: 01-02-2018 Tested on Windows 8 64 bits Exploit Author: devcoinfet Contact: https://twitter.com/wabefet Software Link:...
gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't...
Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1389&desc=6 Windows maintains a DC cache in win32kbase!gpDispInfo-pdceFirst. If you create multiple windows from a shared class while switching between CSOWNDC and CSCLASSDC, you c...
Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)
/ Title: Linux/x86 - Reverse TCP Shell /bin/sh 127.1.1.1:8888/TCP Null-Free Shellcode 69 bytes Description: Smallest /bin/sh Reverse TCP ShellcodeNull Free, No Register Pollution Required Date : 4/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: Smallest /bin/sh based Null & Regist...
VMware Workstation - ALSA Config File Local Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card. This Metasplo...
Gespage 7.4.8 - SQL Injection Exploit
Exploit for jsp platform in category web applications CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowi...
SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability
Exploit for cgi platform in category web applications Document Title: =============== SonicWall SonicOS NSA - Bypass & Persistent Vulnerability Product & Service Introduction: =============================== Achieve a deeper level of security with the SonicWALL Network Security Appliance NSA Seri...
Wowonder CMS - Privilege Escalation Vulnerability
Exploit for php platform in category web applications Today I will explain an exploit of Privilege Escalation in Wowonder CMS. First we need firefox v56.0.2 or earlier and then download hackbar: https://addons.mozilla.org/es/firefox/addon/hackbar/ Note: If the bar does not appear, press F9 to mak...
Multiple CPUs - Spectre Information Disclosure (PoC) Exploit
Exploit for multiple platform in category local exploits include include include ifdef MSCVER include / for rdtscp and clflush / pragma optimize"gt",on else include / for rdtscp and clflush / endif / Victim code. / unsigned int array1size = 16; uint8t unused164; uint8t array1160 =...
Xplico Remote Code Execution Exploit
This Metasploit module exploits a command injection vulnerability in Xplico. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user. This module requires Metasploit: https://metasploit.com/download Current source:...
Kingsoft Antivirus / Internet Security 9+ - Privilege Escalation Exploit
Exploit for windows platform in category local exploits """ Kingsoft Antivirus/Internet Security 9+ Kernel Stack Buffer Overflow Privilege Escalation Vulnerability Anti-Virus: http://www.kingsoft.co/downloads/kav/KAV100720ENUDOWN33102010.rar Internet Security:...
Iopsys Router - dhcp Remote Code Execution
Exploit for hardware platform in category remote exploits !/usr/bin/python import json import sys import subprocess import socket import os from time import sleep from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header =...
Linksys WVBR0-25 User-Agent Command Execution Exploit
The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerabilit...
b2evolution CMS 6.8.10 PHP Code Execution Vulnerability
Exploit for php platform in category web applications b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Information =========== Name: b2evolution CMS 6.8.10 Software: b2evolution CMS Homepage: http://b2evolution.net/ Vulnerability: PHP code execution Prerequisites: publicly accessible /install...
Joomla VP Conversion Tracking 1.7 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: VP Conversion Tracking Plugin - SQL Injection Vulnerability Google Dork: N/A Date: 02.01.2018 Author: Abde Ouabala @AbdeOuabala url : https://www.virtueplanet.com/extensions/vp-conversion-tracking Version : 1.7 Tested on: BackBo...
D-Link DSL-6850U Multiple Vulnerabilities
Exploit for hardware platform in category web applications Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in D-Link DSL-6850U versions BZ1.00.01 – BZ1.00.09. D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities found...
EMC xPression 4.5SP1 Patch 13 SQL Injection Vulnerability
Exploit for multiple platform in category web applications Title: EMC xDashboard - SQL Injection Vulnerability Author: Pawel Gocyla Date: 02 January 2018 CVE: CVE-2017-14960 Affected Software: ================== EMC xPression v4.5SP1 Patch 13 Probably other versions are also vulnerable. SQL...
Joomla VehicleManager 3.9.15 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla VehicleManager 3.9.15 - SQL injection Credit: Bilal KARDADOU Vendor: http://ordasoft.com/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/vehiclemanager-basic/ Product: 'Joomla VehicleManager...
Joomla EXP Auto 4.2.3 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla EXP Auto 4.2.3 - SQL Injection Credit: Bilal KARDADOU Vendor: http://www.feellove.eu/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/exp-auto/ Product: 'Joomla EXP Auto 4.2.3' Developer: Grusha...
Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS Vulnerabilities
Samsung Internet Browser version 6.2.01.12 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code. From: https://poctestblog.blogspot.co.uk/2017/12/samsung-internet-browser-sop-bypassuxss.html Samsung Internet Browser SOP Bypass/UXSS...
Joomla RealEstateManager 4.2.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla RealEstateManager 4.2.0 - SQL injection Credit: Bilal KARDADOU Vendor: http://ordasoft.com/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/realestatemanager/ Product: 'Joomla RealEstateManage...
Joomla Advertisement Board Classifieds 3.2.0 Shell Upload Vulnerability
Exploit for php platform in category web applications Title: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability Credit: Bilal KARDADOU Vendor: http://ordasoft.com/ URL: http://ordasoft.com/advertisement-board-joomla-classifieds-extension Product:...
Atlassian Bamboo Code Execution / Argument Injection Vulnerabilities
Exploit for php platform in category web applications Atlassian Bamboo Code Execution / Argument Injection Vulnerabilities CVE ID: CVE-2017-14589. CVE-2017-14590. Product: Bamboo. Affected Bamboo product versions: version = 6.2.0 but less than 6.2.5 the fixed version for 6.2.x please upgrade your...
WordPress Smart Google Code Inserter Plugin < 3.5 - Authentication Bypass / SQL Injection
Exploit for php platform in category web applications Exploit Title: Smart Google Code Inserter 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: http://oturia.com/ Software Link:...
Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Privilege Escalation Exploit
Linux Kernel 4.4.0-83 / 4.8.0-58 Ubuntu 14.04/16.04 - Local Privilege Escalation KASLR / SMEP // A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on Ubuntu trusty 4.4.0- and Ubuntu xenial 4-8-0- kernels. // // Usage: //...
PHP Melody 2.7.1 - playlist SQL Injection Vulnerability
Exploit for php platform in category web applications...
Apple macOS - IOHIDSystem Kernel Read/Write Exploit
Exploit for macOS platform in category dos / poc Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid...
Huawei HG532 Router - Arbitrary Command Execution Exploit
Exploit for hardware platform in category web applications import threading, sys, time, random, socket, re, os, struct, array, requests from requests.auth import HTTPDigestAuth ips = opensys.argv1, "r".readlines cmd = "" Your MIPS SSHD rm = "\n \n \n $" + cmd + "\n$echo HUAWEIUPNP\n\n \n " class...
D3DGear 5.00 Build 2175 - Buffer Overflow Exploit
Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: D3DGear 5.00 Build 2175 - Buffer Overflow Date: 07-11-2017 Vulnerable Software: D3DGear 5.00 Build 2175 Vendor Homepage: http://www.d3dgear.com/ Version: 5.00 Build 2175 Software...
Joomla JomDirectory 4.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla JomDirectory 4.4 - SQL Injection Credit: Bilal KARDADOU Vendor: http://comdev.eu/jomdirectory/ URL: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/jomdirectory/ Product: 'Joomla JomDirector...
Locations Multipurpose CMS Directory Theme 1.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Locations - Multipurpose CMS Directory Theme - xss Google Dork: N/A Date: 2017/27/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://themerig.com Software Buy:...
Joomla Varista Education 2.9 SQL Injection Vulnerability
Joomla Varista Education template version 2.9 suffers from a remote SQL injection vulnerability. Exploit Title: Varista Education Joomla Template - SQL Injection Vulnerability Google Dork: N/A Date: 30.12.2017 Author: Abdeljalil Nouiri @pwny url : https://www.joomshaper.com/joomla-templates/varsi...
Joomla Jtag Minicart 4.1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Title: Joomla Jtag Minicart 4.1.0 - SQL injection Credit: Bilal KARDADOU Vendor: https://joomlatag.com URL: https://extensions.joomla.org/extensions/extension/e-commerce/shopping-cart/jtag-minicart/ Product: 'Joomla Jtag Minicart 4.1.0'...
Joomla SP Movie Database 1.4 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: SP Movie Database - SQL Injection Vulnerability Google Dork: inurl:option=comspmoviedb Date: 29.12.2017 Author: pwny Source Component : https://extensions.joomla.org/extension/sp-movie-database/ Version : 1.4 Tested on: Kali Lin...