39001 matches found
GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Exploit
Exploit Title: GoAhead Web Server 5.1.1 - Digest Authentication Capture Replay Nonce Reuse Exploit Author: LiquidWorm Software Link: https://www.embedthis.com Version: 5.1.1 !/usr/bin/env python3 -- coding: utf-8 -- EmbedThis GoAhead Web Server 5.1.1 Digest Authentication Capture Replay Nonce Reu...
Whatsapp Desktop (session hijacking) Payload 0day Exploit
This vulnerability makes you able to get Full Access Any account Victim installed Whatsapp Version Desktop By Payload Exploit Support ant last version proof video: https://0day.today/videos/34312.mp4...
Adobe Acrobat Reader DC Memory Corruption Remote Code Execution Exploit
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF...
Adobe Flash Player MessageChannel Type Confusion Remote Code Execution Exploit
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of data...
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization Exploit
This Metasploit module exploits the .NET deserialization vulnerability within the RadAsyncUpload RAU component of Telerik UI ASP.NET AJAX that is identified as CVE-2019-18935. In order to do so the module must upload a mixed mode .NET assembly DLL which is then loaded through the deserialization...
Linux / Unix su Privilege Escalation Exploit
This Metasploit module attempts to create a new login session by invoking the su command of a valid username and password. If the login is successful, a new session is created via the specified payload. Because su forces passwords to be passed over stdin, this module attempts to invoke a...
LISTSERV Maestro 9.0-8 Remote Code Execution Vulnerability
An unauthenticated remote code execution vulnerability was found in the LISTSERV Maestro software, versions 9.0-8 and below. This vulnerability stems from a known issue in struts, CVE-2010-1870, that allows for code execution via OGNL Injection. This vulnerability has been confirmed to be...
Microsoft SharePoint SSI / ViewState Remote Code Execution Exploit
This Metasploit module exploits a server-side include SSI in SharePoint to leak the web.config file and forge a malicious ViewState with the extracted validation key. This exploit is authenticated and requires a user with page creation privileges, which is a standard permission in SharePoint. The...
HiSilicon Video Encoders - Unauthenticated RTSP buffer overflow (DoS) Exploit
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - unauthenticated RTSP buffer overflow DoS Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24214 Vendors: URayTech, J-Tech Digita...
FRITZ!Box 7.20 DNS Rebinding Protection Bypass Vulnerability
FRITZ!Box DNS Rebinding Protection Bypass RedTeam Pentesting discovered a vulnerability in FRITZ!Box router devices which allows to resolve DNS answers that point to IP addresses in the private local network, despite the DNS rebinding protection mechanism. Details ======= Product: FRITZ!Box 7490...
Microsoft Office Word 2003+2007+2010 Universal 0day Exploit
This module targets Office 2003 no-SP/SP1/SP2/SP3 + 2007 no-SP/SP/SP2/SP3 + Office 2010 no-SP/SP1 versions. This module exploits a stack buffer overflow in SCOMCTL.OCX. It uses a malicious RTF to embed the specially crafted MSComctlLib.ListViewCtrl.2 Control as exploited in the wild on April 2012...
Guild Wars 2 - Insecure Folder Permissions Vulnerability
Exploit Title: Guild Wars 2 - Insecure Folder Permissions Exploit Author: George Tsimpidas Software Link : https://account.arena.net/welcome Version Build : 106915 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category: local Vulnerability Description: Guild Wars 2 Launcher...
Microsoft Windows Uninitialized Variable Local Privilege Escalation Exploit
This Metasploit module exploits CVE-2019-1458, an arbitrary pointer dereference vulnerability within win32k which occurs due to an uninitialized variable, which allows user mode attackers to write a limited amount of controlled data to an attacker controlled address in kernel memory. By utilizing...
Microsoft Office 2007/2010 Download and Execute Vulnerability
This vulnerability allows to download and execute a file note: the vulnerability is triggered only when Includes macros or user consents to the inclusion...
Battle.Net 1.27.1.12428 - Insecure File Permissions Vulnerability
Exploit Title: Battle.Net 1.27.1.12428 - Insecure File Permissions Exploit Author: George Tsimpidas Software Link : https://www.blizzard.com/en-gb/download/ Battle Net Desktop Version Patch: 1.27.1.12428 Tested on: Microsoft Windows 10 Home 10.0.18362 N/A Build 18362 Category: local Vulnerability...
BACnet Test Server 1.01 - Remote Denial of Service Exploit
Title: BACnet Test Server 1.01 - Remote Denial of Service PoC Author: LiquidWorm Vendor: https://www.bac-test.com Product link: https://sourceforge.com/projects/bacnetserver CVE: N/A !/usr/bin/perl BACnet Test Server 1.01 Remote Denial of Service Exploit Vendor: BACnet Interoperability Test...
Facebook steal Group 0day Exploit
Exploit can steal facebook Group and delete the old administrator and create a new administrator...
Checkmk 1.6.0p16 Local Privilege Escalation Vulnerability
Product: Checkmk Vendor: tribe29 GmbH CSNC ID: CSNC-2020-005 Subject: Local Privilege Escalation Risk: High Effect: Locally exploitable Authors: Thierry Viaccoz Date: 21.09.2020 Introduction: ------------- Checkmk 1 is an IT infrastructure monitoring software. It is consists of a management serve...
FusionAuth SAML v 2 0.2.3 Message Forging Vulnerability
Unauthenticated users can send forged messages to the FusionAuth to bypass authentication, impersonate other users or gain arbitrary roles. The SAML message can be send to the application without a signature even if this is required. The impact depends on individual applications that implement...
Safari Type Confusion / Sandbox Escape Exploit
This Metasploit module exploits an incorrect side-effect modeling of the 'in' operator. The DFG compiler assumes that the 'in' operator is side-effect free, however the embed element with the PDF plugin provides a callback that can trigger side-effects leading to type confusion CVE-2020-9850. The...
Cisco AnyConnect Privilege Escalation Exploit
The installer component of Cisco AnyConnect Secure Mobility Client for Windows prior to 4.8.02042 is vulnerable to path traversal and allows local attackers to create/overwrite files in arbitrary locations with system level privileges. The installer component of Cisco AnyConnect Secure Mobility...
Sony IPELA Network Camera 1.82.01 - (ftpclient.cgi) Remote Stack Buffer Overflow Exploit
Exploit Title: Sony IPELA Network Camera 1.82.01 - 'ftpclient.cgi' Remote Stack Buffer Overflow Google Dork: Server: Mida eFramework Exploit Author: LiquidWorm Vendor Homepage: https://pro.sony Version: = 1.82.01 !/usr/bin/env python Sony IPELA Network Camera ftpclient.cgi Remote Stack Buffer...
Microsoft Windows Update Orchestrator Unchecked ScheduleWork Call Exploit
This Metasploit module exploit uses access to the UniversalOrchestrator ScheduleWork API call which does not verify the caller's token before scheduling a job to be run as SYSTEM. You cannot schedule something in a given time, so the payload will execute as system sometime in the next 24 hours...
BearShare Lite 5.2.5 - (Advanced Search) Buffer Overflow Exploit
Title: BearShare Lite 5.2.5 - 'Advanced Search'Buffer Overflow in PoC Author: Christian Vierschilling Vendor Homepage: http://www.bearshareofficial.com/ Software Link: http://www.oldversion.com.de/windows/bearshare-lite-5-2-5 Versions: 5.1.0 - 5.2.5 Tested on: Windows 10 x64 EN/DE CVE: NA ---...
CloudMe 1.11.2 - Buffer Overflow ROP (DEP,ASLR) Exploit (2)
Exploit Title: CloudMe 1.11.2 - Buffer Overflow ROP DEP,ASLR Exploit Author: Bobby Cooke boku CVE: CVE-2018-6892 Vendor Homepage: https://www.cloudme.com/ Software Link: https://www.cloudme.com/downloads/CloudMe1112.exe Version: 1.11.2 Tested On: Windows 10 x64 - 10.0.19041 Build 19041 Script:...
Jenkins 2.56 CLI Deserialization / Code Execution Exploit
An unauthenticated Java object deserialization vulnerability exists in the CLI component for Jenkins versions 2.56 and below. The readFrom method within the Command class in the Jenkins CLI remoting component deserializes objects received from clients without first checking / sanitizing the data...
Framer Preview 12 Content Injection Vulnerability
Framer Preview version 12 for Android exposes an activity to other apps called "com.framer.viewer.FramerViewActivity". The purpose of this activity is to show contents of a given URL via an fullscreen overlay to the app user. However, the app does neither enforce any authorization schema on the...
Artica Proxy 4.30.000000 Authentication Bypass / Command Injection Exploit
This Metasploit module exploits an authenticated command injection vulnerability in Artica Proxy, combined with an authentication bypass discovered on the same version, it is possible to trigger the vulnerability without knowing the credentials. The application runs in a virtual appliance and...
ForensiTAppxService 2.2.0.4 - (ForensiTAppxService.exe) Unquoted Service Path Vulnerability
Exploit Title: ForensiTAppxService 2.2.0.4 - 'ForensiTAppxService.exe' Unquoted Service Path Discovery by: Burhanettin Özgenç Vendor Homepage: https://www.forensit.com/downloads.html Tested Version: 2.2.0.4 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 Step to discove...
VyOS restricted-shell Escape / Privilege Escalation Exploit
This Metasploit module exploits command injection vulnerabilities and an insecure default sudo configuration on VyOS versions 1.0.0 through 1.1.8 to execute arbitrary system commands as root. VyOS features a restricted-shell system shell intended for use by low privilege users with operator...
D-Link DGS-1210-28 Denial Of Service Exploit
Exploit Title: D-Link DGS-1210-28 Denial of Service Exploit Author: Saeed Reza Zamanian Product : D-Link DGS-1210-28 Vendor Homepage: https://www.dlink.com/ Product Link: https://www.dlink.com/en/products/dgs-1210-28-28-port-gigabit-smart-managed-switch Version : DGS-1210-28 Description : Device...
TP-Link Cloud Cameras NCXXX Bonjour Command Injection Exploit
TP-Link cloud cameras NCXXX series NC200, NC210, NC220, NC230, NC250, NC260, NC450 are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent...
Boxoft Convert Master 1.3.0 wav SEH Local Exploit
Exploit Title: Boxoft Convert Master 1.3.0 wav SEH Local Exploit Date: 17.09.2020 Vendor Homepage: http://www.boxoft.com/ Software Link: http://www.boxoft.com/convert-master/setupboxoft-convert-master.exe Exploit Author: Achilles Tested Version: 1.3.0 Tested on: Windows 7 x64 1.- Run python code...
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution Exploit
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. Additionally, the target user must have the "Data Loss Prevention" role assigned and an active mailbox. If the user is in th...
Microsoft Spooler Local Privilege Elevation Exploit
This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds...
Microsoft SQL Server Reporting Services 2016 - Remote Code Execution Exploit
Exploit Title: Microsoft SQL Server Reporting Services 2016 - Remote Code Execution Google Dork: inurl:ReportViewer.aspx Exploit Author: West Shepherd Vendor Homepage: https://www.microsoft.com Version: Microsoft SQL Server 2016 32-bit/x64 SP2 CU/GDR, Microsoft SQL Server 2014 32-bit/x64 SP3...
Mida Solutions eFramework ajaxreq.php Command Injection Exploit
This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apach...
iOS 12 / 13 / 14 Passcode Bypass 0day Exploit
Attacker can access device SpringBoard, run default iOS apps, run 3rd party iOS apps installed from AppStore, open Photos, Reminders, Notes, Email, and all other iOS apps, make and receive calls / sms, etc. What you receive: The source code of exploit written in TheOS tweak platform...
ModSecurity 3.0.x Denial Of Service Vulnerability
ModSecurity version 3.0.x suffers from a denial of service vulnerability due to the handling of regular expression matching. ModSecurity version 3.0.x is affected by a denial of service vulnerability due to the global matching of regular expressions. The combination of a non-anchored regular...
Linux expand_downwards() / munmap() Race Condition Exploit
Linux =4.20: expanddownwards can race with munmap page table freeing Since 4.20, domunmap downgrades the mmapsem from write-locked to read-locked after detaching the VMAs from the mmstruct, but before dropping references to pages and freeing page tables. This ought to be safe because VMA tree...
Microsoft Windows Finger Security Bypass / C2 Channel Exploit
Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to send Finger Protocol queries to remote Finger daemons to retrieve user information. However, the finger client can al...
Pearson Vue VTS 2.3.1911 Installer - (VUEApplicationWrapper) Unquoted Service Path Vulnerability
Exploit Title: Pearson Vue VTS 2.3.1911 Installer - 'VUEApplicationWrapper' Unquoted Service Path Discovery by: Jok3r Vendor Homepage: https://home.pearsonvue.com/ Software Link: https://vss.pearsonvue.com/VSSFiles/Documents/ENUTCInstallGuide/DownloadVTSInstaller.htm Tested Version: 2.3.1911...
Gnome Fonts Viewer 3.34.0 - Heap Corruption Exploit
!/usr/bin/env python3 Exploit Title: Gnome Fonts Viewer 3.34.0 Heap Corruption Exploit Author: Cody Winkler Vendor Homepage: gnome.org Software Link: https://help.gnome.org/misc/release-notes/3.6/users-font-viewer.html Version: 3.34.0 Tested On: Ubuntu 20.04.1 LTS Note: May take a few tries. Too...
DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation Exploit
This Metasploit module exploits a feature in the DNS service of Windows Server. Users of the DnsAdmins group can set the ServerLevelPluginDll value using dnscmd.exe to create a registry key at HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ named ServerLevelPluginDll that can be made to...
Internet Explorer 11 - Use-After-Free Exploit
Exploit Title: Internet Explorer 11 - Use-After-Free Google Dork: if applicable Exploit Author: Tgroup Vendor Homepage: Microsoft.com Version: IE 11 REQUIRED Tested on: Windows 7 x64 CVE : CVE-2020-0674 //...
Input Director 1.4.3 Unquoted Service Path Vulnerability
Exploit Title: Input Director 1.4.3 - 'Input Director' Unquoted Service Path Discovery Date: 2020-09-08 Response from Input Director Support: 09/09/2020 Exploit Author: TOUHAMI Kasbaoui Vendor Homepage: https://www.inputdirector.com/ Version: 1.4.3 Tested on: Windows Server 2012, Windows 10 Find...
Audio Playback Recorder 3.2.2 Local Buffer Overflow Exploit
Exploit Title: Audio Playback Recorder 3.2.2 - Local Buffer Overflow SEH Date: 2020-09-08 Author: Felipe Winsnes Software Link: https://archive.org/download/tucows288670AudioPlaybackRecorder/AudioRec.exe Version: 3.2.2 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of the...
ShareMouse 5.0.43 - (ShareMouse Service) Unquoted Service Path Vulnerability
Exploit Title: ShareMouse 5.0.43 - 'ShareMouse Service' Unquoted Service Path Discovery by: Alan Lacerda alacerda Vendor Homepage: https://www.sharemouse.com/ Software Link: https://www.sharemouse.com/ShareMouseSetup.exe Version: 5.0.43 Tested on OS: Microsoft Windows 10 Pro EN OS Version:...
macOS cfprefsd Arbitrary File Write / Local Privilege Escalation Exploit
This Metasploit module exploits an arbitrary file write in cfprefsd on macOS versions 10.15.4 and below in order to run a payload as root. The CFPreferencesSetAppValue function, which is reachable from most unsandboxed processes, can be exploited with a race condition in order to overwrite an...
Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation Vulnerability
Rapid7 Nexpose Installer version 6.6.39 suffers from a local privilege escalation vulnerability. Rapid7 Nexpose Installer 6.6.39 Local Privilege Escalation Vendor: Rapid7 Product web page: https://www.rapid7.com Affected version: sc qc nexposeengine SC QueryServiceConfig SUCCESS SERVICENAME:...