39001 matches found
Microsoft Windows Win32k Privilege Escalation Exploit
Microsoft Windows Win32k privilege escalation exploit. An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. Exploit Title:...
Stock Management System 1.0 Cross Site Scripting Exploit
Exploit for php platform in category web applications Exploit Title: Stock Management System v1.0 - Cross-Site Scripting Credential Harvester Login-Portal Exploit Author: Bobby Cooke Vendor Homepage: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Software Link:...
OpenEMR 5.0.1 Remote Code Execution Exploit
Exploit for php platform in category web applications !/usr/bin/env ruby Title: OpenEMR --shell --user --password --debug FILE semi-auto --root-url --user --password --payload --lhost --lport --debug FILE auto --root-url --user --password --lhost --lport --debug FILE -H | --help Options: -r ,...
Stock Management System 1.0 Cross Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: Stock Management System v1.0 - Cross-Site Request Forgery Change Username Exploit Author: Bobby Cooke Vendor Homepage: https://www.sourcecodester.com/php/14366/stock-management-system-php.html Software Link:...
Umbraco CMS 7.12.4 Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Umbraco CMS - Authenticated Remote Code Execution Exploit Author: Alexandre ZANNI noraj Based on: https://www.exploit-db.com/exploits/46153 Vendor Homepage: http://www.umbraco.com/ Software Link:...
CloudMe 1.11.2 SEH Buffer Overflow Exploit
import socket import sys target = "127.0.0.1" Written by : lutzenfried Clement Cruchet Exploiting CloudMe 1.11.2 Publisher : CloudMe AB Windows x64 10.0.18362 Build 18362 Buffer Overflow using SEH overwritten technic POP POP RET Exploit for CVE-2018-6892 Technical information used for exploit...
BacklinkSpeed 2.4 Buffer Overflow Exploit
!/usr/bin/python ''' Exploit Title: BacklinkSpeed v2.4 Buffer Overflow PoC SEH Exploit Author: Saeed reza Zamanian Vendor Homepage: http://www.dummysoftware.com Software Link: http://www.dummysoftware.com/backlinkspeed.html Version: 2.4 Tested on: Windows 10.0 x64 Build 10240 Windows 7 x64 Window...
October CMS Build 465 XSS / File Read / File Deletion / CSV Injection Vulnerabilities
October CMS builds 465 and below suffer from arbitrary file read, arbitrary file deletion, file uploading to arbitrary locations, persistent and reflective cross site scripting, and CSV injection vulnerabilities. October CMS = Build 465 Multiple Vulnerabilities Author - Sivanesh Ashok |...
Online Bike Rental 1.0 Shell Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Bike Rental v1.0 – Authenticated Arbitrary File Upload / Remote Code Execution Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https:/www.sourcecodester.com Software Link:...
Daily Tracker System 1.0 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Daily Tracker System 1.0 - Authentication Bypass Exploit Author: Adeeb Shah @hyd3sec Vendor Homepage: https://www.sourcecodetester.com Software Link:...
FreeBSD ip6_setpktopt Use-After-Free Privilege Escalation Exploit
This Metasploit module exploits a race and use-after-free vulnerability in the FreeBSD kernel IPv6 socket handling. A missing synchronization lock in the IPV62292PKTOPTIONS option handling in setsockopt permits racing ip6setpktopt access to a freed ip6pktopts struct. This exploit overwrites the...
CA Unified Infrastructure Management Nimsoft 7.80 Buffer Overflow Exploit
This Metasploit module exploits a buffer overflow within the CA Unified Infrastructure Management nimcontroller. The vulnerability occurs in the robot controller component when sending a specially crafted directorylist probe. Technically speaking the target host must also be vulnerable to...
WebRTC usrsctp Incorrect Call Vulnerability
WebRTC: usrsctp is called with pointer as network address When usrsctp is used with a custom transport, an address must be provided to usrsctpconninput be used as the source and destination address of the incoming packet. WebRTC uses the address of the SctpTransport instance for this value...
Daily Tracker System 1.0 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Daily Tracker System v1.0 - Reflected Cross Site Scripting XSS Exploit Author: Adeeb Shah Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass Vulnerability
ABUS Secvest Hybrid module FUMO50110 suffers an authentication bypass vulnerability. The hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged between the ABUS Secvest alarm panel and the ABUS Secvest Hybrid module. Thus, an...
SharePoint DataSet / DataTable Deserialization Exploit
A remotely exploitable vulnerability exists within SharePoint that can be leveraged by a remote authenticated attacker to execute code within the context of the SharePoint application service. The privileges in this execution context are determined by the account that is specified when SharePoint...
Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Exploit
Exploit for hardware platform in category web applications Exploit Title: Cisco Adaptive Security Appliance Software 9.7 - Unauthenticated Arbitrary File Deletion Google Dork: inurl:/+CSCOE+/ Exploit Author: 0xmmnbassel Vendor Homepage:...
Namirial SIGNificant SignAnyWhere 6.10.x Cross Site Scripting Vulnerability
Exploit for php platform in category web applications ======================================================================= title: Stored Cross-Site Scripting XSS Vulnerability product: Namirial SIGNificant SignAnyWhere vulnerable version: v6.10.60.25434 SSP v4.22.60.25434 v6.10.100.25817 SSP...
Wordpress Maintenance Mode by SeedProd 5.1.1 Plugin - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Maintenance Mode by SeedProd 5.1.1 - Persistent Cross-Site Scripting Vendor Homepage: https://www.seedprod.com/ Vendor Changelog: https://wordpress.org/plugins/coming-soon/developers Exploit Author: Jinson...
Online Shopping Alphaware 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Title: Online Shopping Alphaware 1.0 - Authentication Bypass Exploit Author: Ahmed Abbas Vendor Homepage: https://www.sourcecodester.com/php/14368/online-shopping-alphaware-phpmysql.html Software Link:...
Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Exploit
Exploit for hardware platform in category web applications Exploit Title: Cisco Adaptive Security Appliance Software 9.11 - Local File Inclusion Google Dork: inurl:/+CSCOE+/ Date: 2020-08-27 Exploit Author: 0xmmnbassel Vendor Homepage:...
Koken CMS 0.22.24 - Arbitrary File Upload (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Koken CMS 0.22.24 - Arbitrary File Upload Authenticated Exploit Author: v1n1v131r4 Vendor Homepage: http://koken.me/ Software Link: https://www.softaculous.com/apps/cms/Koken Version: 0.22.24 Tested on: Linux PoC:...
Microsoft Windows Unsafe Handling Practices Vulnerability
This post outlines multiple unsafe practices in Microsoft Windows that can allow for local privilege escalation. This multi-part post can be read even without a MIME-compliant program! Back in 2014, I reported a vulnerability in CreateProcess's handling of .cmd and .bat files that Microsoft fixed...
Windows/x86 - Download using mshta.exe Shellcode (100 bytes)
Shellcode Title: Windows/x86 Download using mshta.exe Shellcode 100 bytes Shellcode Author: Siddharth Sharma Shellcode Length: 100 bytes Tested on: WIN7x86 / Description Simply, instead of using mshta.exe to download file as: mshta.exe http://:/ , We could use below shellcode that does the same...
Bludit 3.9.2 - Directory Traversal Exploit
Exploit for multiple platform in category web applications Title: Bludit 3.9.2 - Directory Traversal Author: James Green Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: 3.9.2 Tested on: Linux Ubuntu 19.10 Eoan CVE: CVE-2019-16113 Special Thanks to...
MAMP PRO 4.2.0 Local Privilege Escalation Vulnerability
Exploit Title: MAMP PRO 4.2.0 Local Privilege Escalation Exploit Author: b1nary Vendor Homepage: https://www.mamp.info/ Software Link: https://downloads.mamp.info/MAMP-PRO-WINDOWS/releases/4.2.0/MAMPMAMPPRO4.2.0.exe Version: 4.2.0 Tested on: Windows 10 Pro x64 Version 10.0.19041 MAMPPRO Windows...
Bio Star 2.8.2 - Local File Inclusion Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Bio Star 2.8.2 - Local File Inclusion Authors: SITE Team Rian Saaty, Bashaer AlHarthy, Safeyah Alhazmi Exploit Author: SITE Team Vendor Homepage: https://www.supremainc.com/en/main.asp Software Link:...
WordPress Email Subscribers & Newsletters 4.2.2 Plugin - Unauthenticated File Download Vulnerabi
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Exploit Author: email protectedESEC Vendor Homepage:...
Rails 5.0.1 - Remote Code Execution Exploit
Exploit for ruby platform in category web applications Exploit Title: Rails 5.0.1 - Remote Code Execution Exploit Author: Lucas Amorim Vendor Homepage: www.rubyonrails.org Software Link: www.rubyonrails.org Version: Rails " end if ARGV.length 3 header exit-1 end url = ARGV0 ip = ARGV1 port = ARGV...
pfSense 2.4.4-p3 - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Exploit Title: pfSense 2.4.4-p3 - Cross-Site Request Forgery Exploit Author: ghostfh Vendor Homepage: https://www.pfsense.org/ Software Link: https://www.pfsense.org/download/index.html?section=downloads Version: Till 2.4.4-p3 Tested on: freeb...
Webtareas 2.1p - Arbitrary File Upload (Authenticated) Vulnerability
Exploit for php platform in category web applications Exploit Title: Webtareas 2.1p - Arbitrary File Upload Authenticated Author: AppleBois Exploit author : AppleBois Vendor Hompage:https://sourceforge.net/projects/webtareas/ Version: 2.1 && 2.1p Tested on: Window 10 64 bit environment || XAMPP...
Socket.io-file 2.0.31 - Arbitrary File Upload Exploit
Exploit for multiple platform in category web applications...
Sickbeard 0.1 - Cross-Site Request Forgery (Disable Authentication) Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sickbeard 0.1 - Cross-Site Request Forgery Disable Authentication Google Dork: https://www.shodan.io/search?query=sickbeard Exploit Author: bdrake Vendor Homepage: https://sickbeard.com/ Software Link:...
elaniin CMS - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: elaniin CMS 1.0 - Authentication Bypass Exploit Author: BKpatron Vendor Homepage:https://elaniin.com/ Software Link:https://github.com/elaniin/CMS/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A Vulnerability: Attack...
F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Vulnerability
Exploit for hardware platform in category web applications Exploit Title: F5 Big-IP 13.1.3 Build 0.0.6 - Local File Inclusion Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.f5.com/products/big-ip-services Version: 0: return True else: return False else: return False def leakPasswd:...
WordPress Email Subscribers & Newsletters 4.2.2 Plugin - (hash) SQL Injection (Unauthenticated)
Exploit for php platform in category web applications Exploit Title: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - 'hash' SQL Injection Unauthenticated Google Dork: "Stable tag" inurl:wp-content/plugins/email-subscribers/readme.txt Exploit Author: email protectedESEC Vendor Homepage:...
eGroupWare 1.14 - (spellchecker.php) Remote Command Execution Exploit
Exploit for php platform in category web applications Exploit Title: eGroupWare 1.14 - 'spellchecker.php' Remote Command Execution Exploit Author: Berk KIRAS Vendor Homepage: https://www.egroupware.org/en/ Version: 1.14 Tested on: Apache Berk KIRAS PwC - Cyber Security Specialist !/usr/bin/python...
Free MP3 CD Ripper 2.8 - Stack Buffer Overflow (SEH + Egghunter) Exploit
Exploit Title: Free MP3 CD Ripper 2.8 - Stack Buffer Overflow SEH + Egghunter Exploit Author: Eduard Palisek Vendor Homepage: https://www.cleanersoft.com Software Link: https://www.cleanersoft.com/download/FMCRSetup.exe Version: 2.8 Build 20140611 Tested on: Windows XP, Professional, Version 2002...
LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: LibreHealth 2.0.0 - Authenticated Remote Code Execution Exploit Author: Bobby Cooke Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested On: Windows 10 Pro 1909...
docPrint Pro 8.0 - (Add URL) Buffer Overflow (SEH Egghunter) Exploit
Exploit Title: docPrint Pro 8.0 - 'Add URL' Buffer Overflow SEH Egghunter Exploit Author: MasterVlad Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Vulnerability Type: Local Buffer Overflow Tested on: Windows 7 32-bit Proof of Concep...
Linux/x86 - Egghunter(0x50905090) + sigaction + execve(/bin/sh) Shellcode (35 bytes)
Exploit Title: Linux/x86 - Egghunter0x50905090 + sigaction + execve/bin/sh Shellcode 35 bytes Author: danf42 Platform: Linux/x86 / sigaction2 approach to egghunting as described in the paper "Safely Searching Process Virtual Address Space" by skape The shellcode prepares the registers to start th...
Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit
Exploit for php platform in category web applications Exploit Title: Online Course Registration 1.0 - Unauthenticated Remote Code Execution Exploit Author: Bobby Cooke Credit to BKpatron for similar Auth Bypass on admin page - exploit-db.com/exploits/48559 Vendor Homepage: Vendor Homepage:...
Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Virtual Airlines Manager 2.6.2 - Persistent Cross-Site Scripting Google Dork: inurl:"/vam/indexvamop.php" Exploit Author: Peter Blue Vendor Homepage: https://virtualairlinesmanager.net Software Link:...
Calavera UpLoader 3.5 - (FTP Logi) Denial of Service (PoC + SEH Overwrite) Exploit
Exploit Title: Calavera UpLoader 3.5 - 'FTP Logi' Denial of Service PoC + SEH Overwrite Author: Felipe Winsnes Software Link: https://www.exploit-db.com/apps/463c9e7fe9a39888d3c01bc9ad756bba-UpSetup.exe Version: 3.5 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Sadly enough, this...
PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: PandoraFMS 7.0 NG 746 - Persistent Cross-Site Scripting Author: AppleBois Version: 7xx ≤ 746 Homepage: https://pandorafms.org/ Software Link: https://sourceforge.net/projects/pandora/files/Pandora FMS 7.0NG/ CVE-2020-11749 By...
ManageEngine Applications Manager 13 - (MenuHandlerServlet) SQL Injection Exploit
Exploit for java platform in category web applications Exploit Title: ManageEngine Applications Manager 13 - 'MenuHandlerServlet' SQL Injection Google Dork: intitle:"Applications Manager Login Screen" Exploit Author: aldorm Vendor Homepage: https://www.manageengine.com/ Software Link: Version: 12...
Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow (SEH) Exploit
Exploit Title: Nidesoft DVD Ripper 5.2.18 - Local Buffer Overflow SEH Author: Felipe Winsnes Software Link: https://nidesoft-dvd-ripper.softonic.com/ Version: 5.2.18 Tested on: Windows 7 x86 Blog: https://whitecr0wz.github.io/ Proof of Concept: 1.- Run the python script, it will create the file...
Port Forwarding Wizard 4.8.0 - Buffer Overflow (SEH) Exploit
Exploit Title: Port Forwarding Wizard 4.8.0 - Buffer Overflow SEH Exploit Author: Sarang Tumne Confirmed on release 4.8.0 and 4.5.0 Vendor: http://www.port-forwarding.net/ Tested on OS- Windows Vista Buffer overflow in upRedSun Port Forwarding Wizard 4.8.0 and earlier version allows local attacke...
INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution Exploit
Exploit for multiple platform in category web applications Exploit Title: INNEO Startup TOOLS 2018 M040 13.0.70.3804 - Remote Code Execution Exploit Author: Patrick Hener, SySS GmbH Many credits go to Dr. Benjamin Heß, SySS GmbH for helping with php oddities and the powershell payload Advisory:...
Frigate Professional 3.36.0.9 - (Pack File) Buffer Overflow (SEH Egghunter) Exploit
Exploit Title: Frigate Professional 3.36.0.9 - 'Pack File' Buffer Overflow SEH Egghunter Exploit Author: MasterVlad Vendor Homepage: http://www.frigate3.com/ Software Link: http://www.frigate3.com/download/frigate3pro.exe Version: 3.36.0.9 Vulnerability Type: Local Buffer Overflow Tested on:...