39001 matches found
WordPress mgl-instagram-gallery Plugin Cross Site Scripting Vulnerability
Exploit for php platform in category web applications + Title: WordPress mgl-instagram-gallery Plugin Cross Site Scripting XSS + Author: Mostafa Gharzi + Vendor Homepage: www.Wordpress.org , www.pluginu.com/mgl-instagram-gallery/ + Tested on: Windows 10 & Kali Linux + Vulnerable File:...
Technicolor DPC3928SL - SNMP Authentication Bypass Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/python -- coding: utf-8 -- StringBleed - CVE-2017-5135 author = "Nixawk" funcs = 'generatesnmpcommunitystr', 'generatesnmpprotopayload', 'sendsnmprequest', 'readsnmpcommunitystr', 'readsnmpvarbindstr', 'snmplogin',...
Netcore / Netis Routers - UDP Backdoor Exploit
Exploit for hardware platform in category remote exploits !/usr/bin/python -- coding: utf8 -- NETCORE / NETDIS UDP 53413 BACKDOOR https://netisscan.shadowserver.org/ http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/...
ServersCheck Monitoring Software Cross Site Scripting Vulnerability
ServersCheck Monitoring Software versions prior to 14.2.3 suffers from a cross site scripting vulnerability. Exploit Title: ServersCheck Monitoring Software before 14.2.3 Cross-site scripting vulnerability CVE: CVE-2017-17832 Date: 21-12-2017 Exploit Author: Aloyce J. Makalanga Contact:...
Oracle MySQL UDF Payload Execution Exploit
This Metasploit module creates and enables a custom UDF user defined function on the target host via the SELECT ... into DUMPFILE method of binary injection. On default Microsoft Windows installations of MySQL versions 5.5.9 and below, directory write permissions not enforced, and the MySQL servi...
Fortinet FortiGate 4.x < 5.0.7 - SSH Backdoor Exploit
Exploit for linux platform in category remote exploits !/usr/bin/env python SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 Usage: ./fgtsshbackdoor.py import socket import select import sys import paramiko from paramiko.py3compat import u import base64 import hashlib import termios import t...
Roommate And Real Estate Listing Classified Response 1.0 XSS Vulnerability
Roommate and Real Estate Listing Classified Response version 1.0 suffers from a cross site scripting vulnerability. Exploit Title: Roommate and Real Estate Listing Classified Responsive Web Application - Cross Site Scripting Google Dork: N/A Date: 2017/22/12 Exploit Author: ShanoWeb Author Mail :...
Ruby < 2.2.8 / < 2.3.5 / < 2.4.2 / < 2.5.0-preview1 - NET::Ftp Command Injection Exploit
Exploit for ruby platform in category local exploits While using NET::Ftp I realised you could get command execution through "malicious" file names. The problem lies in the gettextfileremotefile, localfile = File.basenameremotefile method. When looking at the source code, you'll note: def...
WordPress Grifus 4.0.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ====== Title: Grifus WordPress Themes XSS Vuln Version: 4.0.1 Homepage: https://mundothemes.com/grifus/ ======= Description ================ Grifus WordPress theme For movies Web POC: ======== 1. Go To Terget Web 2. Click Search box 3. Now Giv...
Conarc iChannel - Improper Access Restrictions Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Conarc iChannel - Unauthenticated Access/Default Webserver Misconfiguration allows for compromise of server Date: 2017-12-19 Exploit Author: Information Paradox CVE : CVE-2017-17759...
WordPress WebConnex Form Management 1.6.3 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable WebConnex Form Management 1.6.3 WebConnex Form Management is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this iss...
WordPress Itinerary 1.0.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Itinerary 1.0.0 Itinerary is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script...
WordPress Clean Up Optimizer 4.0.0 SQL Injection Vulnerability
WordPress Clean Up Optimizer plugin versions 4.0.0 and below suffer from a remote SQL injection vulnerability. Advisory Title: WordPress Clean Up Optimizer Plugin Security Vulnerability Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Clean Up Optimizer plugin Language:...
Samsung Internet Browser - SOP Bypass Exploit
Exploit for Android platform in category remote exploits This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of ...
TP-Link TL-SG108E XSS / Weak Access Control Vulnerability
TP-Link TL-SG108E with firmware 1.0.0 Build 20160722 Rel.50167 suffers from cross site scripting and weak access control vulnerabilities. Overview ------------- Three vulnerabilities have been discovered in the TP-Link TL-SG108E, firmware 1.0.0 Build 20160722 Rel.50167: CVE-2017-17745 - Cross Sit...
Ability Mail Server 3.3.2 - Cross-Site Scripting Exploit
Exploit for multiple platform in category web applications Exploit Title: Ability Mail Server 3.3.2 Persistent Cross Site Scripting XSS CVE: CVE-2017-17752 Date: 19-12-2017 Software Link: http://download.codecrafters.com/ams3.exe Exploit Author: Aloyce J. Makalanga Contact:...
WordPress Custom Map 1.1 Cross Site Scripting Vulnerability
WordPress Custom Map plugin version 1.1 suffers from a cross site scripting vulnerability. Product: Custom Map WordPress Plugin - https://wordpress.org/plugins/custom-map/ Vendor: webdesi9 Tested version: 1.1 CVE ID: CVE-2017-17744 CVE description A cross-site scripting XSS vulnerability in the...
WordPress CSV Import-Export 1.1 Cross Site Scripting Vulnerability
WordPress CSV Import-Export plugin version 1.1 suffers from a cross site scripting vulnerability. Product: CSV Import-Export Wordpress Plugin - https://wordpress.org/plugins/csv-import-export/ Vendor: eSparkBiz Tested version: 1.1 CVE ID: CVE-2017-17753 CVE description Multiple cross-site scripti...
Microsoft Windows 10 Hello Face Authentication Bypass Vulnerability
Microsoft Windows 10 offers a biometric authentication mechanism using "near infrared" face recognition technology with specific Windows Hello compatible cameras. Due to an insecure implementation of the biometric face recognition in some Windows 10 versions, it is possible to bypass the Windows...
WordPress Concours 1.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Product: WordPress Concours Plugin - https://wordpress.org/plugins/wp-concours/ Vendor: Olyos Tested version: 1.1 CVE ID: CVE-2017-17719 CVE description A cross-site scripting XSS vulnerability in the wp-concours plugin through 1.1 for WordPre...
WordPress Booking Calendar 7.0 / 7.1 SQL Injection / Local File Inclusion Vulnerabilities
WordPress Booking Calendar plugin versions 7.1, 7.0, and below suffer from remote SQL injection and local file inclusion vulnerabilities. Advisory Title: WordPress Booking Calendar Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Booking...
BEIMS ContractorWeb 5.18.0.0 - SQL Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0...
Intel Content Protection HECI Service - Type Confusion Privilege Escalation Exploit
Exploit for windows platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1358 Intel Content Protection HECI Service Type Confusion EoP Platform: Tested on Windows 10, service version 9.0.2.117 Class: Elevation of Privilege Summary: The Intel Content...
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Chan
Exploit for windows platform in category local exploits --- A proof of concept injectable C++ DLL, that uses naked inline hooking and direct memory modification to change TeamViewer permissions. Features As the Server - Enables extra menu item options on the right side pop-up menu. Most useful so...
Microsoft Windows Kernel - NtQueryVirtualMemory(MemoryMappedFilenameInformation) Double-Write Ring-0
Exploit for windows platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1456 We have discovered that it is possible to disclose addresses of kernel-mode Paged Pool allocations via a race-condition in the implementation of the NtQueryVirtualMemory...
WordPress Yakadanda Google+ Hangout Events 0.3.7 XSS Vulnerability
WordPress Yakadanda Google+ Hangout Events plugin version 0.3.7 suffers from a cross site scripting vulnerability. Credit Ricardo Sanchez Vulnerable Yakadanda Google+ Hangout Events 0.3.7 Yakadanda Google+ Hangout Events is prone to a stored cross-site scripting vulnerability because it fails to...
WordPress Share This Image 1.03 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Credit Ricardo Sanchez Vulnerable Share This Image 1.03 Share This Image is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute...
Microsoft Windows Array.sort jscript.dll Heap Overflow Exploit
There is an heap overflow vulnerability in jscript.dll library used in IE, WPAD and other places. The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort. Windows: heap overflow in jscript.dll in Array.sort CVE-2017-11907 There is an heap overflow vulnerability in jscript.d...
Linksys WVBR0 - User-Agent Remote Command Injection Exploit
Exploit for hardware platform in category web applications -- coding: utf-8 -- Author: Nixawk CVE-2017-17411 Linksys WVBR0 25 Command Injection """ $ python2.7 exploit-CVE-2017-17411.py Usage: python exploit-CVE-2017-17411.py $ python2.7 exploit-CVE-2017-17411.py http://example.com/ + Target is...
Tuleap 9.6 Second-Order PHP Object Injection Exploit
This Metasploit module exploits a Second-Order PHP Object Injection vulnerability in Tuleap 'Tuleap 9.6 Second-Order PHP Object Injection', 'Description' = %q This module exploits a Second-Order PHP Object Injection vulnerability in Tuleap = 9.6 which could be abused by authenticated users to...
Microsoft Windows jscript!RegExpFncObj::LastParen Out-Of-Bounds Read Exploit
Exploit for windows platform in category dos / poc Windows: out-of-bounds read in jscript!RegExpFncObj::LastParen CVE-2017-11906 There is an out-of-bounds read in jscript.dll library used in IE, WPAD and other places: PoC for IE note: page heap might be required to obsorve the crash:...
Microsoft Windows jscript!RegExpComp::Compile Heap Overflow Exploit
There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors. Windows: Heap overflow in jscript!RegExpComp::Compile through IE or local network via WPAD CVE-2017-11890 There is a heap overflow in jscript.dll when compiling a...
Microsoft Windows jscript!JsArraySlice Uninitialized Variable Exploit
Exploit for windows platform in category dos / poc Windows: Uninitialized variable in jscript!JsArraySlice CVE-2017-11855 There is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - By opening a malicious web page in...
Joomla NextGen Editor 2.1.0 Component - plname SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component NextGen Editor 2.1.0 - SQL Injection Dork: N/A Date: 19.12.2017 Vendor Homepage: hhttp://nextgeneditor.com/ Software Link: https://extensions.joomla.org/extension/nextgen-editor/ Software Download:...
Microsoft Internet Explorer 11 jscript!JSONStringifyObject Use-After-Free Exploit
There is a use-after-free in jscript.dll library that can be exploited in IE11. IE11: use-after-free in jscript!JSONStringifyObject CVE-2017-11793 There is a use-after-free in jscript.dll library that can be exploited in IE11. PoC: ========================================= var o1 = toJSON:functio...
BrightSign Digital Signage - Multiple Vulnerablities
Exploit for hardware platform in category web applications Exploit Title: BrightSign Digital Signage Multiple Vulnerabilities Date: 12/15/17 Exploit Author: email protected Vectors: XSS, Directory Traversal, File Modification, Information Leakage The BrightSign Digital Signage 4k242 device Firmwa...
Microsoft Windows jscript!NameTbl::GetValDef Use-After-Free Exploit
Exploit for windows platform in category dos / poc Windows: use-after-free in jscript!NameTbl::GetValDef CVE-2017-11903 There is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors: - An attacker on the local network could exploit this...
Jenkins XStream Groovy classpath Deserialization Exploit
This Metasploit module exploits CVE-2016-0792 a vulnerability in Jenkins versions older than 1.650 and Jenkins LTS versions older than 1.642.2 which is caused by unsafe deserialization in XStream with Groovy in the classpath, which allows remote arbitrary code execution. The issue affects default...
CDex 1.96 - Buffer Overflow Exploit
Exploit for windows platform in category dos / poc !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: CDex 1.96 - Local Stack Buffer Overflow Date: 17-12-2017 Vulnerable Software: CDex 1.96 Unicode Build Vendor Homepage: http://cdex.mu/ Version: v1.96 Software Link:...
Joomla User Bench 1.0 Component - userid SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component User Bench 1.0 - SQL Injection Dork: N/A Date: 18.12.2017 Vendor Homepage: http://www.gegabyte.org/ Software Link:...
Linux kernel < 4.10.15 - Race Condition Privilege Escalation Exploit
Exploit for linux platform in category local exploits PoC for CVE-2017-10661, triggers UAF with KASan enabled in kernel 4.10 / include include include include include include include include include include include include include include include include include define RACETIME 1000000 int fd; in...
Joomla Guru Pro Component - promocode SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component Guru Pro 'promocode'- SQL Injection Dork: N/A Date: 17.12.2017 Vendor Homepage: https://www.ijoomla.com/ Software Link:...
Joomla JB Visa 1.0 Component - visatype SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JB Visa 1.0 - SQL Injection Dork: N/A Date: 17.12.2017 Vendor Homepage: http://joombooking.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jb-visa/...
GoAhead httpd 2.5 < 3.6.5 - LD_PRELOAD Remote Code Execution Exploit
Exploit for linux platform in category remote exploits !/usr/bin/python GoAhead httpd/2.5 to 3.6.5 LDPRELOAD remote code execution exploit EDB Note: Payloads https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/43360.zip EDB Note: Source...
Outlook for Android - Attachment Download Directory Traversal Exploit
Exploit for Android platform in category remote exploits ''' There is a directory traversal issue in attachment downloads in Outlook for Android. There is no path sanitization on the attachment filename in the app. If the email account is a Hotmail account, this will be sanitized by the server, b...
Joomla My Projects 2.0 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component My Projects 2.0 - SQL Injection Dork: N/A Date: 18.12.2017 Vendor Homepage: http://www.gegabyte.org/ Software Link:...
Zoom Linux Client 2.0.106600.0904 Command Injection Vulnerability
The binary /opt/zoom/ZoomLauncher is vulnerable to command injection because it uses user input to construct a shell command without proper sanitization. The client registers a scheme handler zoommtg:// and this makes possible to trigger the vulnerability remotely. Version 2.0.106600.0904 is...
Zoom Linux Client 2.0.106600.0904 Buffer Overflow Vulnerability
The binary /opt/zoom/ZoomLauncher is vulnerable to a buffer overflow because it concatenates a overly long user input to a stack variable without checking if the destination buffer is long enough to hold the data. The binary also has important security features like canary turned off. The client...
WordPress Sagepay Server Gateway For WooCommerce 1.0.7 XSS Vulnerability
WordPress Sagepay Server Gateway For WooCommerce plugin version 1.0.7 suffers from a persistent cross site scripting vulnerability. Credit Ricardo Sanchez Vulnerable SagePay Server Gateway for WooCommerce 1.0.7 SagePay Server Gateway for WooCommerce is prone to a stored cross-site scripting...
WordPress Placemarks 2.0.0 Cross Site Scripting Vulnerability
WordPress Placemarks plugin version 2.0.0 suffers from a persistent cross site scripting vulnerability. Credit Ricardo Sanchez Vulnerable Placemarks 2.0.0 Placemarks is prone to a stored cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker m...