39001 matches found
Tasks 9.7.3 - Insecure Permissions Vulnerability
Exploit Title: Tasks 9.7.3 - Insecure Permissions Exploit Author: Lyhin's Lab Detailed Bug Description: https://lyhinslab.org/index.php/2020/07/18/how-the-white-box-hacking-works-ok-google-i-wanna-pwn-this-app/ Vendor Homepage: https://tasks.org/ Software Link: https://github.com/tasks/tasks...
PDFCOMPLETE Corporate Edition 4.1.45 - (pdfcDispatcher) Unquoted Service Path Vulnerability
Exploit Title: PDFCOMPLETE Corporate Edition 4.1.45 - 'pdfcDispatcher' Unquoted Service Path Discovery by: Ismael Nava Discovery Date: 02-11-2020 Vendor Homepage: https://www.pdfcomplete.com/cms/dpl/tabid/111/Default.aspx?r=du2vH8r Software Links : https://pdf-complete.informer.com/download/ Test...
Micro Focus Operations Bridge Manager Remote Code Execution Exploit
This Metasploit module exploits an authenticated Java deserialization that affects a truckload of Micro Focus products: Operations Bridge Manager, Application Performance Management, Data Center Automation, Universal CMDB, Hybrid Cloud Management and Service Management Automation. However, this...
AnyTXT Searcher 1.2.394 - (ATService) Unquoted Service Path Vulnerability
Exploit Title: AnyTXT Searcher 1.2.394 - 'ATService' Unquoted Service Path Exploit Author: Mohammed Alshehri Vendor Homepage: Anytxt.net Software Link: https://sourceforge.net/projects/anytxt/files/AnyTXT.Searcher.1.2.394.exe Version: Version 1.2.394 Tested on: Microsoft Windows 10 Education -...
Epson USB Display 1.6.0.0 - (EMP_UDSA) Unquote Service Path Vulnerability
Exploit Title: Epson USB Display 1.6.0.0 - 'EMPUDSA' Unquote Service Path Discovery by: Hector Gerbacio Vendor Homepage: https://epson.com.mx/ Tested Version: 1.6.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 con Bing Step to discover Unquoted Service Path: C:\wmic servi...
Linux/x64 - execve (cat /etc/shadow) Shellcode (66 bytes)
Exploit Title: Linux/x64 - execve "cat /etc/shadow" Shellcode 66 bytes Author: Felipe Winsnes Tested on: Debian x64 Shellcode Length: 66 / global start start: xor rax, rax ; Zeroes out RAX. xor rbp, rbp ; Zeroes out RBP. push rax ; Pushes RAX's NULL-DWORD. mov rbp, 0x776f646168732f63 ; Moves valu...
Microsoft Internet Explorer 11 32-bit - Use-After-Free Exploit
Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free Exploit Author: deadlock Forrest Orr Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7 x64 and Windows 7...
SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution Exploit
Exploit Title: SmartFoxServer 2X 2.17.0 - God Mode Console Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.smartfoxserver.com Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote Admin: 3.2.6 SmartFoxServer 2X,...
Millewin 13.39.146.1 - Local Privilege Escalation Vulnerability
Exploit Title: Millewin 13.39.146.1 - Local Privilege Escalation Author: Andrea Intilangelo Vendor Homepage: https://www.millewin.it Software Homepage: https://www.millewin.it/index.php/prodotti/millewin Software Link: https://download.millewin.it/files/Millewin/setup/InstMilleDemo13.392019PS.exe...
SmartFoxServer 2X 2.17.0 - Credentials Disclosure Vulnerability
Exploit Title: SmartFoxServer 2X 2.17.0 - Credentials Disclosure Exploit Author: LiquidWorm Vendor Homepage: https://www.smartfoxserver.com SmartFoxServer 2X 2.17.0 Credentials Disclosure Vendor: gotoAndPlay Product web page: https://www.smartfoxserver.com Affected version: Server: 2.17.0 Remote...
AMD Fuel Service - (Fuel.service) Unquote Service Path Vulnerability
Exploit Title: AMD Fuel Service - 'Fuel.service' Unquote Service Path Discovery by: Hector Gerbacio Vendor Homepage: https://www.amd.com/ Tested Version: 1.0.0.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 8.1 con Bing Step to discover Unquoted Service Path: C:\wmic service ge...
Sudo 1.8.31p2 / 1.9.5p1 Buffer Overflow Exploit
A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations...
Solaris 10 1/13 (Intel) - (dtprintinfo) Local Privilege Escalation Exploit (2)
Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 2 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel.c - Solaris/Intel 0day? LPE Copyright c 2020...
Solaris 10 1/13 (Intel) - (dtprintinfo) Local Privilege Escalation Exploit(3)
Exploit Title: Solaris 10 1/13 Intel - 'dtprintinfo' Local Privilege Escalation 3 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 Intel / raptordtprintcheckdirintel2.c - Solaris/Intel FMT LPE Copyright c 2020...
Solaris 10 1/13 (SPARC) - (dtprintinfo) Local Privilege Escalation Exploit (3)
Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 3 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintnamesparc3.c - dtprintinfo on Solaris 10 SPARC Copyright c...
Solaris 10 1/13 (SPARC) - (dtprintinfo) Local Privilege Escalation Exploit (2)
Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation 2 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc2.c - Solaris/SPARC FMT LPE Copyright c 2020...
Solaris 10 1/13 (SPARC) - (dtprintinfo) Local Privilege Escalation Exploit (1)
Exploit Title: Solaris 10 1/13 SPARC - 'dtprintinfo' Local Privilege Escalation Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/solaris/solaris10/ Version: Solaris 10 Tested on: Solaris 10 1/13 SPARC / raptordtprintcheckdirsparc.c - Solaris/SPARC FMT PoC Copyright c 2020 Marc...
Sudo 1.9.5p1 - (Baron Samedit) Heap-Based Buffer Overflow Privilege Escalation Exploit (1)
Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 1 Exploit Author: West Shepherd Version: Sudo legacy versions from 1.8.2 to 1.8.31p2, stable versions from 1.9.0 to 1.9.5p1. Tested on: Ubuntu 20.04.1 LTS Sudo version 1.8.31 CVE : CVE-2021-3156 Credit...
Sudo 1.9.5p1 - (Baron Samedit) Heap-Based Buffer Overflow Privilege Escalation Exploit (2)
Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities. Exploit Title: Sudo 1.9.5p1 - 'Baron Samedit ' Heap-Based Buffer Overflow Privilege Escalation 2 Authors and Contributors: cts, help from r4j, debug by nu11secur1ty Vendor: https://www.sudo.ws/...
jQuery UI 1.12.1 - Denial of Service Exploit
Exploit Title: jQuery UI 1.12.1 - Denial of Service DoS Exploit Author: Rafael Cintra Lopes Vendor Homepage: https://jqueryui.com/ Software Link: https://jqueryui.com/download/ Version: DoS - jQuery UI 1.12.1 DoS - jQuery UI 1.12.1 Exploit PoC by Rafael Cintra Lopes function exploit for var i = 0...
Metasploit Framework 6.0.11 - msfvenom APK template command injection Exploit
Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template command injection Exploit Author: Justin Steven Vendor Homepage: https://www.metasploit.com/ Software Link: https://www.metasploit.com/ Version: Metasploit Framework 6.0.11 and Metasploit Pro 4.18.0 CVE : CVE-2020-7384 !/usr/bin/e...
PRTG Network Monitor Remote Code Execution Exploit
This Metasploit module exploits an authenticated remote code execution vulnerability in PRTG Network Monitor. Notifications can be created by an authenticated user and can execute scripts when triggered. Due to a poorly validated input on the script name, it is possible to chain it with a...
Micro Focus UCMDB Remote Code Execution Exploit
This Metasploit module exploits two vulnerabilities, that when chained allow an attacker to achieve unauthenticated remote code execution in Micro Focus UCMDB. UCMDB included in versions 2020.05 and below of Operations Bridge Manager are affected, but this module can probably also be used to...
MobileIron MDM Hessian-Based Java Deserialization Remote Code Execution Exploit
This Metasploit module exploits an ACL bypass in MobileIron MDM products to execute a Groovy gadget against a Hessian-based Java deserialization endpoint. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
Sudo version 1.8.2 to 1.8.31p2 Heap-Based Buffer Overflow Vulnerability
Qualys has released extensive research details regarding a heap-based buffer overflow vulnerability in sudo. The issue was introduced in July 2011 commit 8255ed69, and affects all legacy versions from 1.8.2 to 1.8.31p2 and all stable versions from 1.9.0 to 1.9.5p1, in their default configuration...
Linux/x64 - Bind_tcp (0.0.0.0:4444) + Password (12345678) + Shell (/bin/sh) Shellcode (142 bytes)
/ Exploit Title: Linux/x64 - Bindtcp 0.0.0.0:4444 + Password 12345678 + Shell /bin/sh Shellcode 142 bytes Author: Guillem Alminyana Platform: GNU Linux x64 ===================================== Compile: gcc -fno-stack-protector -z execstack shellcode.c -o shellcode / include include unsigned char...
Windows/x86 - Stager Generic MSHTA Shellcode (143 bytes)
Exploit Title: Windows/x86 - Stager Generic MSHTA Shellcode 143 bytes Exploit Author: Armando Huesca Prida Date: 11-01-2021 Tested on: Windows 7 Professional 6.1.7601 SP1 Build 7601 x86 Windows Vista Ultimate 6.0.6002 SP2 Build 6002 x86 Windows Server 2003 Enterprise Edition 5.2.3790 SP1 Build 37...
Selea CarPlateServer (CPS) 4.0.1.6 - Local Privilege Escalation Vulnerability
Exploit Title: Selea CarPlateServer CPS 4.0.1.6 - Local Privilege Escalation Exploit Author: LiquidWorm Vendor Homepage: https://www.selea.com Selea CarPlateServer CPS v4.0.1.6 Local Privilege Escalation Vendor: Selea s.r.l. Product web page: https://www.selea.com Affected version: 4.0.1.6210120...
Linux/x86 - Socat Bind Shellcode (113 bytes)
/ Exploit Title: Linux/x86 - Socat Bind Shellcode 113 bytes Author: Felipe Winsnes Tested on: Debian x86 Shellcode Length: 113 global start section .text start: xor eax, eax push eax PUSH 0x30303030 ; "tcp-listen:10000" PUSH 0x313a6e65 PUSH 0x7473696c PUSH 0x2d706374 mov esi, esp push eax PUSH...
Linux/x64 - Reverse (127.1.1.1:4444) Shell (/bin/sh) Shellcode (123 Bytes)
/ Exploit Title: Linux/x64 - Reverse Shell Author: Guillem Alminyana Date: 2021-01-18 Platform: GNU Linux x64 ===================================== This shellcode connects back to 127.1.1.1 address on port 4444 Listener needs to be opened before execute: nc -lvp 4444 Compile: gcc...
Microsoft Spooler Local Privilege Elevation Exploit
This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...
IBM Spectrum LSF 10.1 / 10.2 Hardcoded Eauth Key / Eauth Key Exposure Vulnerability
================================================================================ Multiple IBM Spectrum LSF Authentication Vulnerabilities Eauth - CVE-2020-4983 ================================================================================ Software: Spectrum LSF Vendor: IBM Affected Versions:...
Cisco RV110W 1.2.1.7 - (vpn_account) Denial of Service Exploit
Exploit Title: Cisco RV110W 1.2.1.7 - 'vpnaccount' Denial of Service PoC Exploit Author: Shizhi He Vendor Homepage: https://www.cisco.com/ Software Link: https://software.cisco.com/download/home/283879340/type/282487380/release/1.2.1.7 Version: V1.2.1.7 Tested on: RV110W V1.2.1.7 CVE :...
Erlang Cookie - Remote Code Execution Exploit
Exploit Title: Erlang Cookie - Remote Code Execution Exploit Author: 1F98D Original Author: Milton Valencia wetw0rk Software Link: https://www.erlang.org/ Version: N/A Tested on: Debian 9.11 x64 References: https://insinuator.net/2017/10/erlang-distribution-rce-and-a-cookie-bruteforcer/ Erlang...
Cloud Filter Arbitrary File Creation / Privilege Escalation Exploit
This Metasploit module exploits a vulnerability in cldflt.sys. The Cloud Filter driver on Windows 10 v1803 and later, prior to the December 2020 updates, did not set the IOFORCEACCESSCHECK or OBJFORCEACCESSCHECK flags when calling FltCreateFileEx and FltCreateFileEx2 within its...
Linux/x86 - bind shell on port 13377 Shellcode (65 bytes)
Exploit Title: Linux/x86 - bind shell on port 13377 Shellcode 65 bytes Date: Jan 12, 2021 Exploit Author: ac3 Version: Linux x86 Tested on: Linux x86 linux x86 nc -lvve/bin/sh -p13377 shellcode This shellcode will listen on port 13377 using netcat and give /bin/sh to connecting attacker 31 c0 xor...
WordPress AIT CSV Import/Export 3.0.3 Shell Upload Exploit
WordPress AIT CSV Import/Export plugin versions 3.0.3 and below allow unauthenticated remote attackers to upload and execute arbitrary PHP code. The upload-handler does not require authentication, nor validates the uploaded content. It may return an error when attempting to parse a CSV, however t...
Coturn 4.5.1.x Access Control Bypass Vulnerability
Coturn 4.5.1.x Access Control Bypass Vulnerability Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn...
dnsrecon 0.10.0 - CSV Injection Vulnerability
Exploit Title: dnsrecon 0.10.0 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/darkoperator/dnsrecon/ Version : 0.10.0 Tested on: ParrotOS 4.10 dnsrecon, when scanning a TXT record such as SPF, i.e.: spf.domain.com, outputs a CSV report -c out.csv with entries such as...
NTLM BITS SYSTEM Token Impersonation Exploit
This Metasploit module exploit BITS behavior which tries to connect to the local Windows Remote Management server WinRM every times it starts. The module launches a fake WinRM server which listen on port 5985 and triggers BITS. When BITS starts, it tries to authenticate to the Rogue WinRM server,...
Dovecot 2.3.11.3 Denial Of Service Vulnerability
Dovecot 2.3.11.3 Denial Of Service Vulnerability Vendor: OX Software GmbH Internal reference: DOV-4113 Bug ID Vulnerability type: CWE-20: Improper Input Validation Vulnerable version: 2.3.11-2.3.11.3 Vulnerable component: lda, lmtp, imap Report confidence: Confirmed Solution status: Fixed by Vend...
H2 Database 1.4.199 - JNI Code Execution Vulnerability
Exploit Title: H2 Database 1.4.199 - JNI Code Execution Exploit Author: 1F98D Original Author: Markus Wulftange Vendor Hompage: https://www.h2database.com/ Tested on: Windows 10 x64, Java 1.8, H2 1.4.199 References:...
PaperStream IP (TWAIN) 1.42.0.5685 - Local Privilege Escalation
Exploit Title: PaperStream IP TWAIN 1.42.0.5685 - Local Privilege Escalation Exploit Author: 1F98D Original Author: securifera Vendor Hompage: https://www.fujitsu.com/global/support/products/computing/peripheral/scanners/fi/software/fi6x30-fi6x40-ps-ip-twain32.html CVE: CVE-2018-16156 Tested on:...
IObit Uninstaller 10 Pro - Unquoted Service Path Vulnerability
Exploit Title: IObit Uninstaller 10 Pro - Unquoted Service Path Exploit Author: Mayur Parmarth3cyb3rc0p Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version: 10 Tested on Windows 10 Unquoted Service Path: When a service is created whose...
WinAVR Version 20100110 - Insecure Folder Permissions Vulnerability
Exploit Title: WinAVR Version 20100110 - Insecure Folder Permissions Exploit Author: Mohammed Alshehri Vendor Homepage: https://sourceforge.net/projects/winavr/ Software Link: https://sourceforge.net/projects/winavr/files/WinAVR/20100110/WinAVR-20100110-install.exe Version: Version 20100110 Teste...
dirsearch 0.4.1 - CSV Injection Vulnerability
Exploit Title: dirsearch 0.4.1 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/maurosoria/dirsearch Version : 0.4.1 Tested on: Debian 9.13 dirsearch, when used with the --csv-report flag, writes the results of crawled endpoints which redirect, to a csv file without...
Node.js TLSWrap Use-After-Free Vulnerability
Node.js: use-after-free in TLSWrap Node v14.11.0 Current is vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...
Intel Matrix Storage Event Monitor x86 8.0.0.1039 - (IAANTMON) Unquoted Service Path Vulnerability
Exploit Title: IntelR Matrix Storage Event Monitor x86 8.0.0.1039 - 'IAANTMON' Unquoted Service Path Exploit Author: Geovanni Ruiz Vendor Homepage: https://www.intel.com Software Version: 8.0.0.1039 File Version: 8.0.0.1039 Tested on: Microsoft® Windows Vista Business 6.0.6001 Service Pack 1 x64e...
PLANEX CS-QP50F-ING2 Remote Configuration Disclosure Vulnerability
PLANEX CS-QP50F-ING2 security surveillance smart camera remote configuration disclosure exploit. !/usr/bin/perl PLANEX CS-QP50F-ING2 Security Surveillance Smart Camera Remote Configuration Disclosure - Mass Exploiter Copyright 2021 c Todor Donev https://donev.eu/ Disclaimer: This or previous...
Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Vulnerability
Exploit Title: Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Exploit Author: Adrian Bondocea Vendor Homepage: https://www.fluentd.org/ Software Link: https://td-agent-package-browser.herokuapp.com/4/windows Version: icacls C:\opt\td-agent\bin C:\opt\td-agent\bin...