39001 matches found
MiniTool ShadowMaker 3.2 - (MTAgentService) Unquoted Service Path Vulnerability
Exploit Title: MiniTool ShadowMaker 3.2 - 'MTAgentService' Unquoted Service Path Discovery by: Thalia Nieto Vendor Homepage: https://www.minitool.com Software Link: https://www.minitool.com/backup/thanks-download.html?v=sm-free&r=download-center/ Tested Version: 3.2 Vulnerability Type: Unquoted...
Easy CD & DVD Cover Creator 4.13 - Denial of Service Exploit
Exploit Title: Easy CD & DVD Cover Creator 4.13 - Denial of Service PoC Software Link: http://www.tucows.com/download/windows/files/ezcdsetup.exe Exploit Author: Achilles Tested Version: 4.13 Tested on: Windows 7 x64 Sp1 1.- Run python code :Creator.py 2.- Open EVIL.txt and copy content to...
Knockpy 4.1.1 - CSV Injection Exploit
Exploit Title: Knockpy 4.1.1 - CSV Injection Author: Dolev Farhi Vendor Homepage: https://github.com/guelfoweb/knock Version : 4.1.1 Tested on: Debian 9.13 Knockpy, as part of its subdomain brute forcing flow of a remote domain, issues a HEAD request to the server to fetch details such as headers...
Adobe Acrobat Reader Silent PDF Exploit 0day
0day PDF Exploit. All Chrome, Edge, Opera, Firefox, Microsoft Internet Explorer, Yandex, tested. Running smoothly Latest version. Adobe Acrobat Reader Works Seamlessly with All Versions of DC Latest version. Windows 7, Windows 8, Windows 8.1, Windows 10 Tested Works in the latest versions. All Ma...
Openpilot Default SSH Key Vulnerability
Openpilot has a default SSH key that can allow attackers remote access if not changed. This script port scans and attempts to login to Openpilot SSH servers with the default key. !/bin/bash openpilot-scan.sh Jeremy Brown jbrown3264/gmail Dec 2020 Checks for openpilot devices using the default SSH...
Linux/x86 Reverse TCP Shellcode (114 bytes)
; Title: Linux/x86 - Reverse TCP Shellcode 114 bytes ; Author: Stylianos Voukatas ; Website: https://vostdev.wordpress.com/ ; Date: 2020-12-30 ; Tested on: Linux ubuntu 5.4.0-42-generic 4618.04.1-Ubuntu x8664 ; ; Purpose: Assignment 2 for SLAE ; SLAE:...
Philips Hue Denial Of Service Vulnerability
Credits: Ilia Shnaidman + @0x496c on Twitter + https://www.iliashn.com Vendor: ============= Philips Lighting Holding B.V Product: ============= Philips Hue Hub - all Vulnerability Type: ====================== Denial of Service Security Issue: =============== Philips Hue is vulnerable to Denial...
Arteco Web Client DVR/NVR Session Hijacking Vulnerability
The session identifier used by Arteco Web Client DVR/NVR is of an insufficient length and can be brute forced, allowing a remote attacker to obtain a valid session, bypass authentication, and disclose the live camera stream. !/usr/bin/env python3 Arteco Web Client DVR/NVR 'SessionId' Cookie Brute...
SUPREMO 4.1.3.2348 Privilege Escalation Vulnerability
Details ======= Subject: Local Privilege Escalation Product: SUPREMO by Nanosystems S.r.l. Vendor Homepage: https://www.supremocontrol.com/ Vendor Status: fixed version released Vulnerable Version: 4.1.3.2348 No other version was tested, but it is believed for the older versions to be also...
Apache Struts 2 Forced Multi OGNL Evaluation Exploit
The Apache Struts framework, when forced, performs double evaluation of attribute values assigned to certain tags attributes such as id. It is therefore possible to pass in a value to Struts that will be evaluated again when a tag's attributes are rendered. With a carefully crafted request, this...
Linux TIOCSPGRP Broken Locking Exploit
Linux: Broken locking in TIOCSPGRP leads to corrupted tty-pgrp refcount tiocspgrp, the handler for the TIOCSPGRP ioctl, has the following signature: static int tiocspgrpstruct ttystruct tty, struct ttystruct realtty, pidt user p It receives two ttystruct pointers because, for PTY pairs, userspace...
10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow (SEH) Exploit
Exploit Title: 10-Strike Network Inventory Explorer Pro 9.05 - Buffer Overflow SEH Exploit Author: Florian Gassner Vendor Homepage: https://www.10-strike.com/ Software Link: https://www.10-strike.com/networkinventoryexplorer/network-inventory-pro-setup.exe Version: 9.05 Tested on: Windows 10 x64...
Wordpress Duplicator 1.3.26 Plugin - Unauthenticated Arbitrary File Read Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Duplicator File Read Vulnerability', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability in...
Pulse Secure VPN Remote Code Execution Exploit
The Pulse Connect Secure appliance versions prior to 9.1R9 suffer from an uncontrolled gzip extraction vulnerability which allows an attacker to overwrite arbitrary files, resulting in remote code execution as root. Admin credentials are required for successful exploitation...
Microsoft Office Word (2003/2007/2010/2013 +2016) Universal Silent 0day Exploit
Office 2016+2013+2010+2007+2003 versions are running smoothly. Combines your exe file with your word file. When word file is opened, your exe file opens quietly. This module exploits a stack buffer overflow in SCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted...
WordPress Yet Another Stars Rating PHP Object Injection Exploit
This Metasploit module affects WordPress Yet Another Stars Rating plugin versions prior to 1.8.7 and demonstrates a PHP object injection vulnerability. class MetasploitModule 'WordPress PHP Object Injection in Yet Another Stars Rating plugin %q This module exploits Wordpress PHP Object Injection ...
SyncBreeze 10.0.28 - (login) Denial of Service Exploit
Exploit Title: SyncBreeze 10.0.28 - 'login' Denial of Service Poc Exploit Author: Ahmed Elkhressy Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.0.28.exe Version: 10.0.28 Tested on: Windows 7, Windows 10 !/usr/bin/python import...
FRITZ!Box 7.20 - DNS Rebinding Protection Bypass Vulnerability
Exploit Title: FRITZ!Box 7.20 - DNS Rebinding Protection Bypass Date: 2020-06-23 Exploit Author: RedTeam Pentesting GmbH Vendor Homepage: https://en.avm.de/ Version: 7.20 CVE: 2020-26887 Advisory: FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box...
Oracle Solaris SunSSH PAM parse_user_name() Buffer Overflow Exploit
This Metasploit module exploits a stack-based buffer overflow in the Solaris PAM library's username parsing code, as used by the SunSSH daemon when the keyboard-interactive authentication method is specified. Tested against SunSSH 1.1.5 on Solaris 10u11 1/13 x86 in VirtualBox, VMware Fusion, and...
nxlog 2.10.2150 - Denial of Service Exploit
Exploit Title: nxlog 2.10.2150 - DoS Poc Exploit Author: Guillaume PETIT Vendor Homepage: https://nxlog.co Software Link: https://nxlog.co/products/nxlog-community-edition/download Version: 2.10.2150 Tested on: Linux Debian 10 && Windows Server 2019 !/usr/bin/python3 import sys import time import...
libbabl 0.1.62 - Broken Double Free Detection Exploit
Exploit Title: libbabl 0.1.62 - Broken Double Free Detection PoC Exploit Author: Carter Yagemann Vendor Homepage: https://www.gegl.org Software Link: https://www.gegl.org/babl/ Version: libbabl 0.1.62 and newer Tested on: Debian Buster Linux 4.19.0-9-amd64 Compile: gcc -Ibabl-0.1 -lbabl-0.1...
SunSSH 11.0 x86 - libpam Remote Root Exploit
Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit Author: Hacker Fantastic Vendor Homepage: https://www.oracle.com/solaris/technologies/solaris11-overview.html Version: 11 Tested on: SunOS solaris 5.11 11.0 / SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871...
Microsoft Windows DrawIconEx Local Privilege Escalation Exploit
This Metasploit module exploits CVE-2020-1054, an out of bounds write reachable from DrawIconEx within win32k. The out of bounds write can be used to overwrite the pvbits of a SURFOBJ. By utilizing this vulnerability to execute controlled writes to kernel memory, an attacker can gain arbitrary co...
System Explorer 7.0.0 - (SystemExplorerHelpService) Unquoted Service Path Vulnerability
Exploit Title: System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path Exploit Author: Mohammed Alshehri Vendor Homepage: http://systemexplorer.net/ Software Link: http://systemexplorer.net/download/SystemExplorerSetup.exe Version: Version 7.0.0 Tested on: Microsoft Windows 10...
Aerospike Database UDF Lua Code Execution Exploit
Aerospike Database versions before 5.1.0.3 permitted user-defined functions UDF to call the os.execute Lua function. This Metasploit module creates a UDF utilizing this function to execute arbitrary operating system commands with the privileges of the user running the Aerospike service. This modu...
PDF Complete 3.5.310.2002 - (pdfsvc.exe) Unquoted Service Path Vulnerability
Exploit Title: PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path Discovery by: Zaira Alquicira Vendor Homepage: https://pdf-complete.informer.com/3.5/ Tested Version: 3.5.310.2002 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es Step to discover Unquoted...
GitLab File Read Remote Code Execution Exploit
This Metasploit module provides remote code execution against GitLab Community Edition CE and Enterprise Edition EE. It combines an arbitrary file read to extract the Rails secretkeybase, and gains remote code execution with a deserialization vulnerability of a signed experimentationsubjectid...
Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit
Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation states that there are thre...
Dup Scout Enterprise 10.0.18 - (sid) Remote Buffer Overflow (SEH) Exploit
Exploit Title: Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow SEH Exploit Author: Andrés Roldán Vendor Homepage: http://www.dupscout.com Software Link: http://www.dupscout.com/downloads.html Version: 10.0.18 Tested on: Windows 10 Pro x64 !/usr/bin/env python3 import socket import...
SmarterMail Build 6985 - Remote Code Execution Exploit
Exploit Title: SmarterMail Build 6985 - Remote Code Execution Exploit Author: 1F98D Original Author: Soroush Dalili Date: 10 May 2020 Vendor Hompage: re CVE: CVE-2019-7214 Tested on: Windows 10 x64 References:...
ProCaster LE-32F430 GStreamer souphttpsrc libsoup/2.51.3 Stack Overflow Exploit
ProCaster LE-32F430 SmartTV remote code execution exploit that leverages a stack overflow vulnerability in GStreamer souphttpsrc libsoup version 2.51.3. !/bin/sh ProCaster LE-32F430 NotSoSmartTV remote code execution exploit through GStreamer souphttpsrc libsoup/2.51.3 HTTP stack overflow...
Apache 2 HTTP2 Module Concurrent Pool Usage Vulnerability
apache2: concurrent pool usage in http2 module h2mplx.c contains a number of calls to aplogcerror using m-c the master connection as an argument. These calls can trigger allocations using the m-c-pool. One example is coregeneratelogid. As some of the code in h2mplx.c is executed on a worker threa...
Kite 1.2020.1119.0 - (KiteService) Unquoted Service Path Vulnerability
Exploit Title: Kite 1.2020.1119.0 - 'KiteService' Unquoted Service Path Discovery by: Ismael Nava Vendor Homepage: https://www.kite.com/ Software Links : https://www.kite.com/download/ Tested Version: 1.2020.1119.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 64 bits Step to...
TapinRadio 2.13.7 - Denial of Service Exploit
Exploit Title: TapinRadio 2.13.7 - Denial of Service PoC Date: 2020-05-12 Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Version: 2.13.7 x64 Tested on: Windows 10 Home x64 STEPS Open the program TapinRadio...
Dup Scout Enterprise 10.0.18 - (online_registration) Remote Buffer Overflow Exploit
Dup Scout Enterprise 10.0.18 - 'onlineregistration' Remote Buffer Overflow Requires web service to be enabled. Tested on Windows 10 Pro x64 Based on: https://0day.today/exploit/description/28991 and https://0day.today/exploit/description/25351 Credits: Tulpa and SICKNESS for original exploits...
RarmaRadio 2.72.5 - Denial of Service Exploit
Exploit Title: RarmaRadio 2.72.5 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: http://www.raimersoft.com/ Software Link: https://www.raimersoft.com/rarmaradio.html Version: 2.75.5 Tested on: Windows 10 Home x64 CVE : n/a STEPS Open the program TapinRadio In Edit select...
Druva inSync Windows Client 6.6.3 - Local Privilege Escalation (PowerShell) Exploit
Exploit Title: Druva inSync Windows Client 6.6.3 - Local Privilege Escalation PowerShell Exploit Author: 1F98D Original Author: Matteo Malvica Vendor Homepage: druva.com Software Link: https://downloads.druva.com/downloads/inSync/Windows/6.6.3/inSync6.6.3r102156.msi Version: 6.6.3 Tested on:...
Rumble Mail Server 0.51.3135 - (rumble_win32.exe) Unquoted Service Path Vulnerability
Exploit Title: Rumble Mail Server 0.51.3135 - 'rumblewin32.exe' Unquoted Service Path Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version 0.51.3135 Teste...
Huawei HedEx Lite 200R006C00SPC005 - Path Traversal Vulnerability
Exploit Title: Huawei HedEx Lite 200R006C00SPC005 - Path Traversal Vendor Homepage: https://www.huawei.com/ Software Link: https://support.huawei.com/carrier/docview!docview?nid=SCL1000005027&path=PAN-ET/PAN-T/PAN-T-HedEx Version: 200R006C00SPC005 Product & Service Introduction:...
Chromium 83 - Full CSP Bypass Exploit
Title: Chromium 83 - Full CSP Bypass Date: 02/09/2020 Exploit Author: Gal Weizman Vendor Homepage: https://www.chromium.org/ Software Link: https://download-chromium.appspot.com/ Version: 83 Tested On: Mac OS, Windows, iPhone, Android CVE: CVE-2020-6519 function var payload = top.SUCCESS = true;...
IDT PC Audio 1.0.6499.0 - (STacSV) Unquoted Service Path Vulnerability
Exploit Title: IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path Discovery by: Diego Cañada Software link: https://www.pconlife.com/download/otherfile/20566/90674cffc8658c4f2bf58d43bb9b7ccb/ Tested Version: 1.0.6499.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Home...
Microsoft Windows - Win32k Elevation of Privilege Exploit
Exploit Title: Microsoft Windows - Win32k Elevation of Privilege Author: nu11secur1ty Vendor: Microsoft Software Link: https://support.microsoft.com/en-us/help/3095649/win32k-sys-update-in-windows-october-2015 Exploit link:...
Mitel mitel-cs018 - Call Data Information Disclosure Vulnerability
Exploit Title: Mitel mitel-cs018 - Call Data Information Disclosure Exploit Author: Andrea Intilangelo acme olografix / paranoici Vendor Homepage: www.mitel.com Version: mitel-cs018 Tested on: Windows, Linux There is an interesting bug in a Mitel's servers for Voice over IP that allows to discove...
aSc TimeTables 2021.6.2 - Denial of Service Exploit
Exploit Title: aSc TimeTables 2021.6.2 - Denial of Service PoC Exploit Author: Ismael Nava Vendor Homepage: https://www.asctimetables.com/!/home Software Link: https://www.asctimetables.com/!/home/download Version: 2021.6.2 Tested on: Windows 10 Home x64 STEPS Open the program aSc Timetables 2021...
IDT PC Audio 1.0.6433.0 - (STacSV) Unquoted Service Path Vulnerability
Exploit Title: IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path Discovery by: Manuel Alvarez Software link: https://www.pconlife.com/download/otherfile/20566/e82994866a370a480607637f28b82835/ Tested Version: 1.0.6433.0 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64...
Ksix Zigbee Devices Playback Protection Bypass Exploit
Exploit Title: Ksix Zigbee Devices - Playback Protection Bypass PoC Exploit Author: Alejandro Vazquez Vazquez Vendor Homepage: https://www.ksixmobile.com/ Firmware Version: Gateway Zigbee Module - v1.0.3, Gateway Main Module - v1.1.2, Door Sensor - v1.0.7, PIR Motion Sensor - v1.0.12 Tested on:...
Global Registration Service 1.0.0.3 - (GREGsvc.exe) Unquoted Service Path Vulnerability
Exploit Title: Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path Discovery by: Emmanuel Lujan Vendor Homepage: https://www.acer.com/ac/en/US/content/home Tested Version: 1.0.0.3 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 7 Home Premium x64 Step to...
EPSON Status Monitor 3 (EPSON_PM_RPCV4_06) - Unquoted Service Path Vulnerability
Exploit Title: EPSON Status Monitor 3 'EPSONPMRPCV406' - Unquoted Service Path Exploit Author : SamAlucard Vendor : SEIKO EPSON Corp Version : EPSONPMRPCV406 8.0 Vendor Homepage : https://epson.com Tested on OS: Windows 7 Pro Analyze PoC : ============== C:\sc qc EPSONPMRPCV406 SC...
Intel Management and Security Application 5.2 - User Notification Service Unquoted Service Path Vuln
Exploit Title: Intelr Management and Security Application 5.2 - User Notification Service Unquoted Service Path Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.intel.com/ Version: v5.2 Tested on: Windows 7 Source:...
10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH) Exploit
Exploit Title: 10-Strike Network Inventory Explorer 8.65 - Buffer Overflow SEH Exploit Author: Sectechs Vendor Homepage: https://www.10-strike.com Version: 8.65 Tested on: Windows 7 x86 SP1 import os import sys import struct import socket crash ="A" 209 jmp short 8 kali@root:msf-nasmshell nasm jm...