macOS Dirty Cow Arbitrary File Write Local Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'macOS Dirty Cow Arbitrary File Write Local Privilege Escalation', 'Description' = %q An app may be able to execute arbitrary code with kernel...

Lenovo Diagnostics Driver Memory Access Exploit

This Metasploit module demonstrates how an incorrect access control for the Lenovo Diagnostics Driver allows a low-privileged user the ability to issue device IOCTLs to perform arbitrary physical/virtual memory reads and writes. This module requires Metasploit: https://metasploit.com/download...

F5 Big-IP Create Administrative User Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'unixcrypt' class MetasploitModule 'F5 Big-IP Create Admin User', 'Description' = %q This creates a local user with a username/password and root-level privileges...

Hikvision Remote Code Execution / XSS / SQL Injection Vulnerabilities

Some Hikvision Hybrid SAN products were vulnerable to multiple remote code execution command injection vulnerabilities, including reflected cross site scripting, Ruby code injection, classic and blind SQL injection resulting in remote code execution that allows an adversary to execute arbitrary...

Online Eyewear Shop 1.0 SQL Injection Vulnerability

Exploit Title: Online Eyewear Shop 1.0 - Product detail 'id' SQL Injection Unauthenticated Exploit Author: Muhammad Navaid Zafar Ansari Vendor Homepage: https://www.sourcecodester.com/php/16089/online-eyewear-shop-website-using-php-and-mysql-free-download.html Software Link:...

vmwgfx Driver File Descriptor Handling Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vmwgfx Driver File Descriptor Handling Priv Esc', 'Description' = %q If the vmwgfx driver fails to copy the 'fencerep' object to userland, it tri...

io_uring Same Type Object Reuse Privilege Escalation Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'iouring Same Type Object Reuse Priv Esc', 'Description' = %q This module exploits a bug in iouring leading to an additional putcred that can be...

Control Web Panel Unauthenticated Remote Command Execution Exploit

Control Web Panel versions prior to 0.9.8.1147 are vulnerable to unauthenticated OS command injection. Successful exploitation results in code execution as the root user. The results of the command are not contained within the HTTP response and the request will block while the command is running...

Zstore 6.6.0 Cross Site Scripting Vulnerability

Title: zstore-6.6.0 - XSS-Reflected Development: nu11secur1ty Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of manual insertion...

Micro Focus GroupWise Session ID Disclosure Vulnerability

Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the...

Razer Synapse 3.7.0731.072516 Local Privilege Escalation Vulnerability

Product: Razer Synapse Manufacturer: Razer Inc. Affected Versions: Versions before 3.7.0830.081906 Tested Versions: 3.7.0731.072516 Vulnerability Type: Improper Certificate Validation CWE-295 Risk Level: High Solution Status: Open Manufacturer Notification: 2022-08-02 Solution Date: 2022-09-06...

Secure Web Gateway 10.2.11 Cross Site Scripting Vulnerability

Secure Web Gateway version 10.2.11 suffers from a cross site scripting vulnerability. RedTeam Pentesting identified a vulnerability which allows attackers to craft URLs to any third-party website that result in arbitrary content to be injected into the response when accessed through the Secure We...

Cacti 1.2.22 Command Injection Exploit

This Metasploit module exploits an unauthenticated command injection vulnerability in Cacti versions through 1.2.22 in order to achieve unauthenticated remote code execution as the www-data user. This module requires Metasploit: https://metasploit.com/download Current source:...

Solaris 10 dtprintinfo Local Privilege Escalation Exploit

Solaris 10 CDE local privilege escalation exploit that achieves root by injecting a fake printer via lpstat and uses a buffer overflow in libXM ParseColors. / raptordtprintlibXmas.c - Solaris 10 CDE ForeverDay LPE Copyright c 2023 Marco Ivaldi "What has been will be again, what has been done will...

wolfSSL 5.5.2 WOLFSSL_CALLBACKS Heap Buffer Over-Read Vulnerability

wolfSSL before 5.5.2: Heap-buffer over-read with WOLFSSLCALLBACKS ==================================================================== INFO ======= The CVE project has assigned the id CVE-2022-42905 to this issue. Severity: 9.1 CRITICAL Affected version: before 5.5.2 End of embargo: Ended October...

ASKEY RTF3505VW-N1 Privilege Escalation Vulnerability

Exploit Title: ASKEY RTF3505VW-N1 - Privilege escalation Exploit Author: Leonardo Nicolas Servalli Vendor Homepage: www.askey.com Platform: ASKEY router devices RTF3505VW-N1 Tested on: Firmware BRSVg000R3505VMN1001s327 Vulnerability analysis:...

NetChess 2.1 Buffer Overflow Exploit

Exploit Title: NetChess2.1 Buffer Overflow SEH Exploit Author: Ugur Eminli Vendor Homepage: https://sourceforge.net/projects/avmnetchess/ Software Link: https://sourceforge.net/projects/avmnetchess/ Version: 2.1 Tested on: WinXP SP2 Build 2600 !/usr/bin/perl my $file= "exploit.pgn"; my $junk=...

wolfSSL 5.3.0 Denial Of Service Vulnerability

In wolfSSL version 5.3.0, man-in-the-middle attackers or a malicious server can crash TLS 1.2 clients during a handshake. If an attacker injects a large ticket above 256 bytes into a NewSessionTicket message in a TLS 1.2 handshake, and the client has a non-empty session cache, the session cache...

wolfSSL 5.5.0 Session Resumption Denial Of Service Vulnerability

wolfSSL versions prior to 5.5.0 suffer from a denial of service condition related to session resumption. When a TLS 1.3 client connects to a wolfSSL server and SSLclear is called on its session, the server crashes with a segmentation fault. The bug occurs after a client performs a handshake again...

OpenText Extended ECM 22.3 cs.exe Remote Code Execution Vulnerability

======================================================================= title: Pre-authenticated Remote Code Execution in cs.exe product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 20.4 - 22.3 fixed version: 22.4 CVE number: CVE-2022-45923 impact: Critical...

OpenText Extended ECM 22.3 Java Frontend Remote Code Execution Vulnerability

======================================================================= title: Pre-authenticated Remote Code Execution via Java frontend and QDS endpoint product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 20.4 - 22.3 fixed version: 22.4 CVE number:...

OpenText Extended ECM 22.3 File Deletion / LFI / Privilege Escsalation Vulnerabilities

======================================================================= title: Multiple post-authentication vulnerabilities including RCE product: OpenText™ Content Server component of OpenText™ Extended ECM vulnerable version: 16.2.2 - 22.3 fixed version: 22.4 CVE number: CVE-2022-45924,...

Solaris 10 dtprintinfo / libXm / libXpm Security Issues Vulnerability

Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root. Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm...

Ivanti Cloud Services Appliance (CSA) Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the Ivanti Cloud Services Appliance CSA for Ivanti Endpoint Manager. A cookie based code injection vulnerability in the Cloud Services Appliance before 4.6.0-512 allows an unauthenticated user to execute arbitrary code with...

SLIMS 9.5.2 Cross Site Scripting Vulnerability

Title: SLIMS-9.5.2 - XSS Reflected - Account Exploit Development: nu11secur1ty Vendor: https://slims.web.id/web/ Software: https://github.com/slims/slims9bulian/releases/tag/v9.5.2 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/slims.web.id/SLIMS-9.5.2 Description:...

Zstore 6.5.4 Cross Site Scripting Vulnerability

Title: zstore-6.5.4 - XSS-Reflected Development: nu11secur1ty Vendor: https://zippy.com.ua/ Software: https://github.com/leon-mbs/zstore/releases/tag/6.5.4 Reproduce: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/zippy/zstore-6.5.4 Description: The value of manual insertion...

Chrome JSNativeContextSpecialization::BuildElementAccess Bypass Exploit

Chrome: Copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess VULNERABILITY DETAILS Copy-on-write is one of V8's internal optimization features that allows multiple JavaScript objects to share the same element store. This feature is primarily used to optimize creation of...

Citrix Workspace App For Linux 2212 Credential Leak Vulnerability

The Citrix Linux client emits its session credentials when starting a Citrix session. These credentials end up being recorded in the client's system log. Citrix does not consider this to be a security vulnerability. Citrix Workspace App for Linux versions 2212 is affected. Citrix Linux client...

LISTSERV 17 Insecure Direct Object Reference Vulnerability

Exploit Title: LISTSERV 17 - Insecure Direct Object Reference IDOR Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-40319 Steps to replicate 1. Create two accounts on your LISTSERV 17 installation, logging into each one in ...

LISTSERV 17 Cross Site Scripting Vulnerability

Exploit Title: LISTSERV 17 - Reflected Cross Site Scripting XSS Exploit Author: Shaunt D Vendor Homepage: https://www.lsoft.com/ Version: 17 Tested on: Windows Server 2019 CVE : CVE-2022-39195 A reflected cross-site scripting XSS vulnerability in the LISTSERV 17 web interface allows remote...

MP3 Convert Lord V1.0 Local Seh Exploit

Exploit Title: MP3 Convert Lord V1.0 Local Seh Exploit Date: 06.01.2023 Vendor Homepage: http://www.avlord.com/ Software Link: https://www.softpedia.com/dyn-postdownload.php/baa965c6b5d22d62987a4638f33d5ec1/63b86eb2/3ecb/4/2 Exploit Author: Achilles Tested Version: 1.0 Tested on: Windows 7 x64 1....

WebKit CSSCrossfadeValue::crossfadeChanged Use-After-Free Vulnerability

WebKit: Use-after-free of RenderMathMLToken in CSSCrossfadeValue::crossfadeChanged There is a use-after-free of a RenderMathMLToken object in CSSCrossfadeValue::crossfadeChanged. CSSCrossfadeValue extends CSSImageGeneratorValue. CSSImageGeneratorValue keeps a HashCountedSet of clients mclients of...

ChiKoi 1.0 SQL Injection Vulnerability

Title: ChiKoi-1.0 SQLi Author: nu11secur1ty Vendor: https://chikoiquan.tanhongit.com/ Software: https://github.com/tanhongit/new-mvc-shop/releases/tag/v1.0 Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/tanhongit/2023/ChiKoi Description: The User-Agent HTTP header...

pimCore 5.4.18 - PHPSESSID cookie Session Exploit

Title: pimCore-5.4.18-skeleton Sensitive Cookie with Improper SameSite Attribute - PHPSESSID cookie Session vulnerability Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

Online Food Ordering System 2.0 Cross Site Scripting Vulnerability

Exploit Title: Online Food Ordering System v2 - Stored Cross Site Scripting XSS Exploit Author: Alaeddin Berksoy Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

Online Food Ordering System 2.0 SQL Injection Vulnerability

Exploit Title: Online Food Ordering System v2 - Sql Injection Time-Based Blind Exploit Author: Anıl Kızıltan Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection Vulnerability

---------------------------------------------------------------------------------------------------- Tiki Wiki CMS Groupware input type="fi...

Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery Vulnerability

------------------------------------------------------------------------------ Tiki Wiki CMS Groupware = 25.0 Two Cross-Site Request Forgery Vulnerabilities ------------------------------------------------------------------------------ - Software Link: https://tiki.org - Affected Versions: Versio...

Online Food Ordering System 2.0 Shell Upload Vulnerability

Exploit Title: Online Food Ordering System v2 - Remote Code Execution RCE Unauthenticated Exploit Author: Hakan Sonay Vendor Homepage: https://www.sourcecodester.com/php/16022/online-food-ordering-system-v2-using-php8-and-mysql-free-source-code.html Software Link:...

Control Web Panel 7 Remote Code Execution Vulnerability

Centos Web Panel 7 Unauthenticated Remote Code Execution + Centos Web Panel 7 - 0.9.8.1147 + Affected Component ip:2031/login/index.php?login=$whoami + Discoverer: Numan Türle @ Gais Cyber Security + Vendor: https://centos-webpanel.com/ -...

Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection Vulnerability

----------------------------------------------------------------------------- Tiki Wiki CMS Groupware const popChain = 'O:25:"SearchElasticConnection":1:S:31:"\00SearchElasticConnection\00bulk";O:28:"SearchElasticBulkOper...

Tiki Wiki CMS Groupware 24.0 structlib.php Code Execution Vulnerability

-------------------------------------------------------------------------------- Tiki Wiki CMS Groupware = 24.0 structlib.php PHP Code Injection Vulnerability -------------------------------------------------------------------------------- - Software Link: https://tiki.org - Affected Versions:...

Oracle Database Vault Metadata Exposure Vulnerability

Oracle Database versions 12.1.0.2, 12.2.0.1, 18c, and 19c suffer from a vault metadata exposure vulnerability. Title: CVE-2021-2175 – Oracle Database Vault Metadata Exposure Vulnerability Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 18c, 19c Tested Versions: 19c...

Linear eMerge E3-Series Access Controller Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the Linear eMerge E3-Series Access Controller. The Linear eMerge E3 versions 1.00-06 and below are vulnerable to unauthenticated command injection in cardscandecoder.php via the No and door HTTP GET parameter. Successful...

Nexxt Router Firmware 42.103.1.5095 Remote Code Execution Exploit

Exploit Title: Nexxt Router Firmware 42.103.1.5095 - Remote Code Execution RCE Authenticated Exploit Author: Yerodin Richards Vendor Homepage: https://www.nexxtsolutions.com/ Version: 42.103.1.5095 Tested on: ARN02304U8 CVE : CVE-2022-44149 import requests import base64 routerhost =...

CD MP3 Terminator V2.07 Local Seh Exploit

Exploit Title: CD MP3 Terminator V2.07 Local Seh Exploit Date: 31.12.2022 Vendor Homepage: http://www.cdmp3terminator.com Software Link: https://www.softpedia.com/dyn-postdownload.php/7a9b28e4e4800cd04331f2f3df26259a/63b031ec/7084/4/2 Exploit Author: Achilles Tested Version: 2.07 Tested on: Windo...

Oracle Unified Audit Policy Bypass Vulnerability

Title: CVE-2021-35576 – Oracle database system Unified Audit Policy ByPass Product: Database Manufacturer: Oracle Affected Versions: 12.1.0.2, 12.2.0.1, 19c Tested Versions: 19c Risk Level: low Solution Status: Fixed Manufacturer Notification: 2021-03-17 Solution Date: 2021-10-17 Public Disclosur...

SugarCRM Shell Upload Exploit

!/usr/bin/env python SugarCRM 0-day Auth Bypass + RCE Exploit Dorks: https://www.google.com/search?q=site:sugarondemand.com&filter=0 https://www.google.com/search?q=intitle:"SugarCRM"+inurl:index.php https://www.shodan.io/search?query=http.title:"SugarCRM"...

Oracle DBMS_REDACT Dynamic Data Masking Bypass Vulnerability

Proof of concept overview on how the DBMSREDACT Dynamic Data Masking security feature in Oracle can be bypassed. Affected versions include 19c and 21c. Title: ByPassing DBMSREDACT Dynamic Data Masking security feature in Oracle database system Product: Database Manufacturer: Oracle Affected...

AimOne Video Converter V2.04 Build 103 Denial of Service Exploit

Exploit Title: AimOne Video Converter V2.04 Build 103 Denial of Service Exploit Date: 30.12.2022 Vendor Homepage:www.aimonesoft.com Software Link: https://aimone-video-converter.software.informer.com/download/downloading Exploit Author: Achilles Tested Version: v2.04 Tested on: Windows 7 x64 1.-...