Lucene search
K

39001 matches found

0day.today
0day.today
added 2018/01/07 12:0 a.m.35 views

Linux/x86 chmod 777 /etc/sudoers Shellcode (36 bytes)

/ Description ; Title : chmod 777 /etc/sudoers - Shellcode ; Author : Hashim Jawad ; Website : ihack4falafel.com ; Twitter : @ihack4falafel ; SLAE ID : SLAE-1115 ; Purpose : chmod /etc/sudoers permissions ; OS : Linux ; Arch : x86 ; Size : 36 bytes chmod.nasm global start section .text start: ;...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.40 views

Joomla JHotelReservation 6.0.5 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla JHotelReservation 6.0.5 - SQL injection Credit: Bilal KARDADOU Vendor: http://www.cmsjunkie.com/joomlahotelreservation URL:...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.41 views

Joomla Ad Agency 6.0.9 SQL Injection Vulnerability

Exploit for php platform in category web applications Document Title: =============== iJoomla comadagency 6.0.9 - SQL Injection Vulnerabilities Product & Service Introduction: =============================== Ad Agency is the 1 advertising extension for Joomla! Start generating income from your...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.24 views

Joomla Real Estate 1.5 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla! CMS Real Estate 1.5 - SQL injection Credit: Bilal KARDADOU Vendor: http://www.cms-realestate.com URL: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/cms-real-estate/ Product: 'Joomla! CMS Real...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.105 views

Ayukov NFTP FTP Client 2.0 - Buffer Overflow Exploit

Exploit for windows platform in category remote exploits...

7.5CVSS9.2AI score0.60328EPSS
Exploits16
0day.today
0day.today
added 2018/01/07 12:0 a.m.22 views

Joomla vRestaurant 1.9.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla! vRestaurant 1.9.4 - SQL injection Credit: Bilal KARDADOU Vendor: https://www.wdmtech.com URL: https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/vrestaurant/ Product: 'Joomla! vRestaurant 1.9.4'...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.45 views

AMD PSP fTPM Remote Code Execution Vulnerability

AMD PSP suffers from an fTPM remote code execution vulnerability that can be performed through a crafted EK certificate. Introduction ============ AMD PSP 1 is a dedicated security processor built onto the main CPU die. ARM TrustZone provides an isolated execution environment for sensitive and...

0.5AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.467 views

Cisco IOS - Remote Code Execution Exploit

Exploit for hardware platform in category remote exploits !/usr/bin/env python if False: ''' CVE-2017-6736 / cisco-sa-20170629-snmp Cisco IOS remote code execution =================== This repository contains Proof-Of-Concept code for exploiting remote code execution vulnerability in SNMP service...

9CVSS0.70559EPSS
Exploits8
0day.today
0day.today
added 2018/01/07 12:0 a.m.38 views

Joomla JMultipleHotelReservation 6.0.5 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla JMultipleHotelReservation 6.0.5 - SQL injection Credit: Bilal KARDADOU Vendor: http://www.cmsjunkie.com/joomla-hotel-portal URL:...

0.1AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.30 views

Joomla J-BusinessDirectory 4.7.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla J-BusinessDirectory 4.7.3 -SQL injection Credit: Bilal KARDADOU Vendor: http://www.cmsjunkie.com/j-business-directory URL: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/j-businessdirectory...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.51 views

BarcodeWiz ActiveX Control Buffer Overflow Vulnerability

Exploit for windows platform in category dos / poc + Credits: John Page aka hyp3rlinx Vendor: ================= www.barcodewiz.com Product: ============= BarcodeWiz ActiveX Control 6.7 BarCodeWiz OnLabel. Generates dynamic barcodes from your imported Excel, CSV, or Access files. Print auto...

6.8CVSS8.7AI score0.03914EPSS
Exploits6
0day.today
0day.today
added 2018/01/07 12:0 a.m.35 views

Joomla JUX Real Estate 3.3.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla! JUX Real Estate 3.3.0 - SQL injection Credit: Bilal KARDADOU Vendor: https://joomlaux.com URL: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jux-real-estate/ Product: 'Joomla! JUX Real Estate...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.46 views

WordPress WpJobBoard 4.4.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Document Title: =============== WpJobBoard v4.4.4 - Multiple SQL Injection Vulnerabilities Product & Service Introduction: =============================== WPJobBoard is bundled with 15+ shortcodes, allowing you to easily build completely uniqu...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.32 views

Western Digital WDMyCloud mydlinkBRionyg Backdoor Exploit

This Metasploit module exploits two issues. The first issue is that there is a hard coded backdoor within WDMyCloud devices. Using this backdoor access we can then reach buggy code which is vulnerable to command injection. A root shell will be spawned upon successful exploitation. This module...

7.5AI score
Exploits0
0day.today
0day.today
added 2018/01/07 12:0 a.m.45 views

Gespage 7.4.8 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications CVE-2017-7998 Gespage stored cross-site-scripting XSS vulnerability Description Gespage is web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent ...

6.5AI score0.0199EPSS
Exploits3
0day.today
0day.today
added 2018/01/07 12:0 a.m.55 views

Icyphoenix 2.2.0.105 SQL Injection Vulnerability

Exploit for php platform in category web applications Document Title: =============== Icyphoenix 2.2.0.105 - Multiple SQL Injection Vulnerabilities Product & Service Introduction: =============================== Icy Phoenix is a CMS based on phpBB engine a fully scalable and highly customisable...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/01/06 12:0 a.m.33 views

GetGo Download Manager 5.3.0.2712 - Proxy Buffer Overflow Exploit

Exploit for windows platform in category dos / poc Exploit Title: Buffer overflow vulnerability in GetGo Download Manager proxy options 5.3.0.2712 Date: 01-02-2018 Tested on Windows 8 64 bits Exploit Author: devcoinfet Contact: https://twitter.com/wabefet Software Link:...

7AI score
Exploits0
0day.today
0day.today
added 2018/01/06 12:0 a.m.49 views

gps-server.net GPS Tracking Software < 3.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your payload doesn't...

7.5CVSS0.1AI score0.06946EPSS
Exploits6
0day.today
0day.today
added 2018/01/06 12:0 a.m.121 views

Microsoft Windows win32k - Using SetClassLong to Switch Between CS_CLASSDC and CS_OWNDC Corrupts DC

Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1389&desc=6 Windows maintains a DC cache in win32kbase!gpDispInfo-pdceFirst. If you create multiple windows from a shared class while switching between CSOWNDC and CSCLASSDC, you c...

4.4CVSS6.1AI score0.15023EPSS
Exploits1
0day.today
0day.today
added 2018/01/06 12:0 a.m.25 views

Linux/x86 - Reverse TCP /bin/sh Shell (127.1.1.1:8888/TCP) Null-Free Shellcode (67/69 bytes)

/ Title: Linux/x86 - Reverse TCP Shell /bin/sh 127.1.1.1:8888/TCP Null-Free Shellcode 69 bytes Description: Smallest /bin/sh Reverse TCP ShellcodeNull Free, No Register Pollution Required Date : 4/Jan/2018 Author: Nipun Jaswal @nipunjaswal ; SLAE-1080 Details: Smallest /bin/sh based Null & Regist...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/01/06 12:0 a.m.53 views

VMware Workstation - ALSA Config File Local Privilege Escalation Exploit

This Metasploit module exploits a vulnerability in VMware Workstation Pro and Player on Linux which allows users to escalate their privileges by using an ALSA configuration file to load and execute a shared object as root when launching a virtual machine with an attached sound card. This Metasplo...

7.2CVSS7.6AI score0.05413EPSS
Exploits11
0day.today
0day.today
added 2018/01/06 12:0 a.m.51 views

Gespage 7.4.8 - SQL Injection Exploit

Exploit for jsp platform in category web applications CVE-2017-7997 Gespage SQL Injection vulnerability Description Gespage is a web solution providing a printer portal. Official Website: http://www.gespage.com/ The web application does not properly filter several parameters sent by users, allowi...

9.2AI score0.1934EPSS
Exploits5
0day.today
0day.today
added 2018/01/05 12:0 a.m.50 views

SonicWall SonicOS NSA UTM Firewall - Bypass & Persistent Vulnerability

Exploit for cgi platform in category web applications Document Title: =============== SonicWall SonicOS NSA - Bypass & Persistent Vulnerability Product & Service Introduction: =============================== Achieve a deeper level of security with the SonicWALL Network Security Appliance NSA Seri...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/05 12:0 a.m.490 views

Wowonder CMS - Privilege Escalation Vulnerability

Exploit for php platform in category web applications Today I will explain an exploit of Privilege Escalation in Wowonder CMS. First we need firefox v56.0.2 or earlier and then download hackbar: https://addons.mozilla.org/es/firefox/addon/hackbar/ Note: If the bar does not appear, press F9 to mak...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/04 12:0 a.m.214 views

Multiple CPUs - Spectre Information Disclosure (PoC) Exploit

Exploit for multiple platform in category local exploits include include include ifdef MSCVER include / for rdtscp and clflush / pragma optimize"gt",on else include / for rdtscp and clflush / endif / Victim code. / unsigned int array1size = 16; uint8t unused164; uint8t array1160 =...

4.7CVSS6.8AI score0.93838EPSS
Exploits12
0day.today
0day.today
added 2018/01/04 12:0 a.m.110 views

Xplico Remote Code Execution Exploit

This Metasploit module exploits a command injection vulnerability in Xplico. Unauthenticated users can register a new account and then execute a terminal command under the context of the root user. This module requires Metasploit: https://metasploit.com/download Current source:...

9CVSS0.1AI score0.80098EPSS
Exploits7
0day.today
0day.today
added 2018/01/04 12:0 a.m.27 views

Kingsoft Antivirus / Internet Security 9+ - Privilege Escalation Exploit

Exploit for windows platform in category local exploits """ Kingsoft Antivirus/Internet Security 9+ Kernel Stack Buffer Overflow Privilege Escalation Vulnerability Anti-Virus: http://www.kingsoft.co/downloads/kav/KAV100720ENUDOWN33102010.rar Internet Security:...

0.3AI score
Exploits0
0day.today
0day.today
added 2018/01/04 12:0 a.m.44 views

Iopsys Router - dhcp Remote Code Execution

Exploit for hardware platform in category remote exploits !/usr/bin/python import json import sys import subprocess import socket import os from time import sleep from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header =...

9CVSS8.7AI score0.11075EPSS
Exploits5
0day.today
0day.today
added 2018/01/04 12:0 a.m.211 views

Linksys WVBR0-25 User-Agent Command Execution Exploit

The Linksys WVBR0-25 Wireless Video Bridge, used by DirecTV to connect wireless Genie cable boxes to the Genie DVR, is vulnerable to OS command injection in versions prior to 1.0.41 of the web management portal via the User-Agent header. Authentication is not required to exploit this vulnerabilit...

10CVSS9.6AI score0.87929EPSS
Exploits9
0day.today
0day.today
added 2018/01/03 12:0 a.m.168 views

b2evolution CMS 6.8.10 PHP Code Execution Vulnerability

Exploit for php platform in category web applications b2evolution CMS 6.6.0 - 6.8.10 PHP code execution Information =========== Name: b2evolution CMS 6.8.10 Software: b2evolution CMS Homepage: http://b2evolution.net/ Vulnerability: PHP code execution Prerequisites: publicly accessible /install...

7.2CVSS7.1AI score0.02388EPSS
Exploits9
0day.today
0day.today
added 2018/01/03 12:0 a.m.23 views

Joomla VP Conversion Tracking 1.7 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: VP Conversion Tracking Plugin - SQL Injection Vulnerability Google Dork: N/A Date: 02.01.2018 Author: Abde Ouabala @AbdeOuabala url : https://www.virtueplanet.com/extensions/vp-conversion-tracking Version : 1.7 Tested on: BackBo...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/01/03 12:0 a.m.35 views

D-Link DSL-6850U Multiple Vulnerabilities

Exploit for hardware platform in category web applications Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in D-Link DSL-6850U versions BZ1.00.01 – BZ1.00.09. D-Link DSL-6850U is a router “manufactured by D-Link for Bezeq in Israel” The vulnerabilities found...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/03 12:0 a.m.45 views

EMC xPression 4.5SP1 Patch 13 SQL Injection Vulnerability

Exploit for multiple platform in category web applications Title: EMC xDashboard - SQL Injection Vulnerability Author: Pawel Gocyla Date: 02 January 2018 CVE: CVE-2017-14960 Affected Software: ================== EMC xPression v4.5SP1 Patch 13 Probably other versions are also vulnerable. SQL...

5CVSS7.6AI score0.03737EPSS
Exploits5
0day.today
0day.today
added 2018/01/03 12:0 a.m.62 views

Joomla VehicleManager 3.9.15 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla VehicleManager 3.9.15 - SQL injection Credit: Bilal KARDADOU Vendor: http://ordasoft.com/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/vehiclemanager-basic/ Product: 'Joomla VehicleManager...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/03 12:0 a.m.58 views

Joomla EXP Auto 4.2.3 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla EXP Auto 4.2.3 - SQL Injection Credit: Bilal KARDADOU Vendor: http://www.feellove.eu/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/exp-auto/ Product: 'Joomla EXP Auto 4.2.3' Developer: Grusha...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/03 12:0 a.m.58 views

Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS Vulnerabilities

Samsung Internet Browser version 6.2.01.12 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code. From: https://poctestblog.blogspot.co.uk/2017/12/samsung-internet-browser-sop-bypassuxss.html Samsung Internet Browser SOP Bypass/UXSS...

6.3AI score0.00942EPSS
Exploits2
0day.today
0day.today
added 2018/01/03 12:0 a.m.33 views

Joomla RealEstateManager 4.2.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla RealEstateManager 4.2.0 - SQL injection Credit: Bilal KARDADOU Vendor: http://ordasoft.com/ URL: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/realestatemanager/ Product: 'Joomla RealEstateManage...

0.2AI score
Exploits0
0day.today
0day.today
added 2018/01/03 12:0 a.m.59 views

Joomla Advertisement Board Classifieds 3.2.0 Shell Upload Vulnerability

Exploit for php platform in category web applications Title: Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability Credit: Bilal KARDADOU Vendor: http://ordasoft.com/ URL: http://ordasoft.com/advertisement-board-joomla-classifieds-extension Product:...

7.4AI score
Exploits0
0day.today
0day.today
added 2018/01/03 12:0 a.m.108 views

Atlassian Bamboo Code Execution / Argument Injection Vulnerabilities

Exploit for php platform in category web applications Atlassian Bamboo Code Execution / Argument Injection Vulnerabilities CVE ID: CVE-2017-14589. CVE-2017-14590. Product: Bamboo. Affected Bamboo product versions: version = 6.2.0 but less than 6.2.5 the fixed version for 6.2.x please upgrade your...

9CVSS0.4AI score0.02405EPSS
Exploits1
0day.today
0day.today
added 2018/01/03 12:0 a.m.112 views

WordPress Smart Google Code Inserter Plugin < 3.5 - Authentication Bypass / SQL Injection

Exploit for php platform in category web applications Exploit Title: Smart Google Code Inserter 3.5 - Auth Bypass/SQLi Google Dork: inurl:wp-content/plugins/smart-google-code-inserter/ Date: 26-Nov-17 Exploit Author: Benjamin Lim Vendor Homepage: http://oturia.com/ Software Link:...

7.5CVSS0.4AI score0.91477EPSS
Exploits6
0day.today
0day.today
added 2018/01/02 12:0 a.m.60 views

Linux Kernel < 4.4.0-83 / < 4.8.0-58 (Ubuntu 14.04/16.04) - Privilege Escalation Exploit

Linux Kernel 4.4.0-83 / 4.8.0-58 Ubuntu 14.04/16.04 - Local Privilege Escalation KASLR / SMEP // A proof-of-concept local root exploit for CVE-2017-1000112. // Includes KASLR and SMEP bypasses. No SMAP bypass. // Tested on Ubuntu trusty 4.4.0- and Ubuntu xenial 4-8-0- kernels. // // Usage: //...

6CVSS0.8AI score0.20797EPSS
Exploits24
0day.today
0day.today
added 2018/01/02 12:0 a.m.44 views

PHP Melody 2.7.1 - playlist SQL Injection Vulnerability

Exploit for php platform in category web applications...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/02 12:0 a.m.48 views

Apple macOS - IOHIDSystem Kernel Read/Write Exploit

Exploit for macOS platform in category dos / poc Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid...

7AI score
Exploits0
0day.today
0day.today
added 2018/01/02 12:0 a.m.39 views

Huawei HG532 Router - Arbitrary Command Execution Exploit

Exploit for hardware platform in category web applications import threading, sys, time, random, socket, re, os, struct, array, requests from requests.auth import HTTPDigestAuth ips = opensys.argv1, "r".readlines cmd = "" Your MIPS SSHD rm = "\n \n \n $" + cmd + "\n$echo HUAWEIUPNP\n\n \n " class...

7.1AI score
Exploits0
0day.today
0day.today
added 2018/01/02 12:0 a.m.22 views

D3DGear 5.00 Build 2175 - Buffer Overflow Exploit

Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: D3DGear 5.00 Build 2175 - Buffer Overflow Date: 07-11-2017 Vulnerable Software: D3DGear 5.00 Build 2175 Vendor Homepage: http://www.d3dgear.com/ Version: 5.00 Build 2175 Software...

7AI score
Exploits0
0day.today
0day.today
added 2018/01/02 12:0 a.m.44 views

Joomla JomDirectory 4.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla JomDirectory 4.4 - SQL Injection Credit: Bilal KARDADOU Vendor: http://comdev.eu/jomdirectory/ URL: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/jomdirectory/ Product: 'Joomla JomDirector...

Exploits0
0day.today
0day.today
added 2017/12/30 12:0 a.m.38 views

Locations Multipurpose CMS Directory Theme 1.0 Cross Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Locations - Multipurpose CMS Directory Theme - xss Google Dork: N/A Date: 2017/27/12 Exploit Author: ShanoWeb Author Mail : MrdotNet2NetatGmaildotcom Vendor Homepage: https://themerig.com Software Buy:...

7.1AI score
Exploits0
0day.today
0day.today
added 2017/12/30 12:0 a.m.30 views

Joomla Varista Education 2.9 SQL Injection Vulnerability

Joomla Varista Education template version 2.9 suffers from a remote SQL injection vulnerability. Exploit Title: Varista Education Joomla Template - SQL Injection Vulnerability Google Dork: N/A Date: 30.12.2017 Author: Abdeljalil Nouiri @pwny url : https://www.joomshaper.com/joomla-templates/varsi...

0.5AI score
Exploits0
0day.today
0day.today
added 2017/12/30 12:0 a.m.33 views

Joomla Jtag Minicart 4.1.0 SQL Injection Vulnerability

Exploit for php platform in category web applications Title: Joomla Jtag Minicart 4.1.0 - SQL injection Credit: Bilal KARDADOU Vendor: https://joomlatag.com URL: https://extensions.joomla.org/extensions/extension/e-commerce/shopping-cart/jtag-minicart/ Product: 'Joomla Jtag Minicart 4.1.0'...

7.1AI score
Exploits0
0day.today
0day.today
added 2017/12/30 12:0 a.m.33 views

Joomla SP Movie Database 1.4 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: SP Movie Database - SQL Injection Vulnerability Google Dork: inurl:option=comspmoviedb Date: 29.12.2017 Author: pwny Source Component : https://extensions.joomla.org/extension/sp-movie-database/ Version : 1.4 Tested on: Kali Lin...

0.1AI score
Exploits0
Total number of security vulnerabilities39001