39001 matches found
Gila CMS 1.11.8 - (query) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Gila CMS 1.11.8 - 'query' SQL Injection Exploit Author: Carlos Ramírez L. BillyV4 Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/releases/tag/1.11.8 Version: Gila 1.11.8 Tested on: Gila 1.11...
Linux/ARM - Bind (0.0.0.0:1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (100 bytes)
Title: Linux/ARM Raspberry Pi - Bind 0.0.0.0:1337/TCP Shell /bin/sh + Null-Free Shellcode 100 bytes Date: 2020-06-09 Architecture: armv6l GNU/Linux Website: http://www.theanuragsrivastava.com Author: Anurag Srivastava / bindwala: file format elf32-littlearm Disassembly of section .text: 00010054 ...
Pulse Secure Client For Windows Local Privilege Escalation Vulnerability
Red Timmy Sec has discovered that Pulse Secure Client for Windows suffers from a local privilege escalation vulnerability in the PulseSecureService.exe service. Pulse Secure is recognized among the top 10 Network Access Control NAC vendors by global revenue market share. The company declares that...
Arista Restricted Shell Escape / Privilege Escalation Exploit
This Metasploit module takes advantage of a poorly configured TACACS+ config, Arista's bash shell, and a TACACS+ read-only account to achieve privilege escalation. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework requi...
TP-LINK Cloud Cameras NCXXX Stack Overflow Vulnerability
Exploit for hardware platform in category web applications Vulnerability title: TP-LINK Cloud Cameras NCXXX DelMultiUser Stack Overflow Author: Pietro Oliva CVE: CVE-2020-13224 Vendor: TP-LINK Product: NC200, NC210, NC220, NC230, NC250, NC260, NC450 Affected versions: NC200 = 2.1.10 build 200401,...
Linux/ARM - execve /bin/dash Shellcode (32 bytes)
Title: Linux/ARM - execve /bin/dash Shellcode 32 bytes Category: Shellcode Tested: armv7l 32-bitRaspberry Pi 2 Model B OS: Raspbian Buster Lite Author: Anurag Srivastava Description: execve shellcode / Objdump pi@raspberrypi:/hex $ objdump -d ed1 ed1: file format elf32-littlearm Disassembly of...
Zivif Camera 2.3.4.2103 iptest.cgi Blind Remote Command Execution Exploit
This Metasploit module exploits a remote command execution vulnerability in Zivif webcams. This is known to impact versions prior to and including 2.3.4.2103. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
10-Strike Bandwidth Monitor 3.9 Unquoted Service Path Vulnerability
10-Strike Bandwidth Monitor version 3.9 services Svc10StrikeBandMontitor, Svc10StrikeBMWD, and Svc10StrikeBMAgent suffer from unquoted service path vulnerabilities. Exploit Title: Bandwidth Monitor 3.9 - Unquoted Services Paths Exploit Author: Bobby Cooke Vendor Site: https://www.10-strike.com/...
Neon LMS Shell Upload Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require "net/http" require "uri" require 'nokogiri' class MetasploitModule 'Neon LMS %q This module exploits File Manager File Upload vulnerability...
MJML 4.6.2 Path Traversal Vulnerability
Exploit for php platform in category web applications 1. ADVISORY INFORMATION ======================= Product: MJML Vendor URL: https://github.com/mjmlio/mjml/ Type: Path Traversal CWE-22 Date found: 2020-04-28 Date published: 2020-06-14 CVSSv3 Score: 7.2...
Documalis Free PDF Scanner Buffer Overflow Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Documalis Free PDF Scanner', 'Description' = %qDocumalis Free PDF Scanner is prone to a security vulnerability when open PDF files.When the...
Documalis Free PDF Editor Buffer Overflow Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Documalis Free PDF Editor', 'Description' = %qDocumalis Free PDF Editor is prone to a security vulnerability when open PDF files.When the...
OX Guard 2.10.3 Cross Site Scripting / Server-Side Request Forgery Vulnerabilities
Exploit for php platform in category web applications Product: OX Guard Vendor: OX Software GmbH Internal reference: GUARD-179 Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 2.10.3 Vulnerable component: guard Report confidence: Confirmed Solution status: Fixed by Vendor Fixed...
GOG GalaxyClientService Privilege Escalation Exploit
This Metasploit module will send arbitrary filepaths to the GOG GalaxyClientService, which will be executed with SYSTEM privileges verified on GOG Galaxy Client v1.2.62 and v2.0.12; prior versions are also likely affected. This module requires Metasploit: https://metasploit.com/download Current...
PHP-Fusion 9.03.60 PHP Object Injection / SQL Injection Exploit
Exploit for php platform in category web applications Exploit Title: PHP-Fusion v9.03.60, PHP Object Injection to SQL injection pre-auth Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version:...
OX App Suite / OX Documents 7.10.3 XSS / SSRF / Improper Validation Vulnerabilities
OX App Suite and OX Documents versions 7.10.3 and below suffer from server-side request forgery, cross site scripting, improper parameter validation, and XML injection vulnerabilities. Dear subscribers, we're sharing our latest advisory with you and like to thank everyone who contributed in findi...
Linux/x86 /etc/hosts Mapping Add Polymorphic Shellcode (102 bytes)
Title: Linux/x86 - Add map in /etc/hosts file polymorphic shellcode 102 bytes Author: Xenofon Vassilakopoulos Tested on: Linux kali 5.3.0-kali2-686-pae 1 SMP Debian 5.3.9-3kali1 2019-11-20 i686 GNU/Linux Architecture: i686 GNU/Linux Shellcode Length: 102 bytes Original shellcode:...
Background Intelligent Transfer Service Privilege Escalation Exploit
This Metasploit module exploits CVE-2020-0787, an arbitrary file move vulnerability in outdated versions of the Background Intelligent Transfer Service BITS, to overwrite C:\Windows\System32\WindowsCoreDeviceInfo.dll with a malicious DLL containing the attacker's payload. To achieve code executio...
Virtual Airlines Manager 2.6.2 - (id) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Virtual Airlines Manager 2.6.2 - 'id' SQL Injection Exploit Author: Mosaaed Vendor Homepage: http://virtualairlinesmanager.net/ Dork: N/A Affected Version: 2.6.2 Tested on: Ubuntu CVE : N/A ------------------- xss...
Frigate Professional 3.36.0.9 - (Find Computer) Local Buffer Overflow (SEH) Exploit
Exploit Title: Frigate Professional 3.36.0.9 - 'Find Computer' Local Buffer Overflow SEH PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/frigate3pro.exe Exploit Author: Paras Bhatia Vulnerable Software: Frigate Professional Version: 3.36.0.9...
Linux/x86 ASLR Deactivation Polymorphic Shellcode (124 bytes)
Title: Linux/x86 - ASLR deactivation polymorphic shellcode 124 bytes Author: Xenofon Vassilakopoulos Date: 2020-06-11 Tested on: Linux 3.13.0-32-generic 57precise1-Ubuntu i686 i386 GNU/Linux Architecture: i686 GNU/Linux Shellcode Length: 124 bytes Original shellcode:...
SmarterMail 16 - Arbitrary File Upload Exploit
Exploit for multiple platform in category web applications Exploit Title: SmarterMail 16 - Arbitrary File Upload Google Dork: inurl:/interface/root Exploit Author: vvhack.org Vendor Homepage: https://www.smartertools.com Software Link: https://www.smartertools.com Version: 16.x Tested on: Windows...
Sysax MultiServer 6.90 - Reflected Cross Site Scripting Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Sysax MultiServer 6.90 - Reflected Cross Site Scripting Google Dork: n.d. Date: 2020-06-02 Exploit Author: Luca Epifanio wrongsid3 Vendor Homepage: https://www.sysax.com/ Software Link: https://www.sysax.com/download.htm...
LinuxKI Toolset 6.01 Remote Command Execution Exploit
This Metasploit module exploits a vulnerability in LinuxKI Toolset versions 6.01 and below which allows remote code execution. The kivis.php pid parameter received from the user is sent to the shellexec function, resulting in the security vulnerability. This module requires Metasploit:...
Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit for php platform in category web applications Exploit Title: Sistem Informasi Pengumuman Kelulusan Online 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Extinction Vendor Homepage: https://adikiss.net/ Software Link:...
WebUntis 2020.12.1 Cross Site Scripting Vulnerability
Exploit for php platform in category web applications I. VULNERABILITY ------------------------- WebUntis 2020.12.1 - Authenticated Cross Site Scripting II. BACKGROUND ------------------------- WebUntis is a tool for schools and universities to deliver electronic timetables to their students...
RoyalTS SSH Tunnel Authentication Bypass Vulnerability
RoyalTS SSH Tunnel - Authentication Bypass =============================================================================== Identifiers ------------------------------------------------- CVE-2020-13872 CVSSv3 score ------------------------------------------------- 8.8 -...
Virtual Airlines Manager 2.6.2 - (airport) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Virtual Airlines Manager 2.6.2 - 'airport' SQL Injection Exploit Author: Kostadin Tonev Vendor Homepage: http://virtualairlinesmanager.net Software Link: https://virtualairlinesmanager.net/index.php/vam-releases/ Version: 2.6.2...
Joomla J2 Store 3.3.11 SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla J2 Store v3.3.11 - Authenticated SQL Injection Exploit Author: Mehmet Kelepçe / Gais Cyber Security Vendor Homepage: https://www.j2store.org/ Software Link: https://www.j2store.org/download.html Reference:...
Bludit 3.9.12 - Directory Traversal Vulnerability
Exploit for php platform in category web applications Exploit Title: Bludit 3.9.12 - Directory Traversal Exploit Author: Luis Vacacas Vendor Homepage: https://www.bludit.com Software Link: https://github.com/bludit/bludit Version: = 3.9.12 Tested on: Ubuntu 19.10 CVE : CVE-2019-16113 !/usr/bin/en...
CipherMail Community Virtual Appliance 4.6.2 Code Execution Vulnerability
CipherMail Multiple Vulnerabilities 1. Advisory Information Title: CipherMail Email Encryption Gateway Community Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2020-0008 Advisory URL: https://www.coresecurity.com/core-labs/advisories/ciphermail-multiple-vulnerabilities Date publishe...
Linux/x86 Tiny Read Polymorphic Shellcode (75 bytes)
Title: Linux/x86 - Tiny Read Polymorphic Shellcode 75 bytes Author: Xenofon Vassilakopoulos Tested on: Linux 3.13.0-32-generic 57precise1-Ubuntu i686 i386 GNU/Linux Blog: https://xenovass.wordpress.com/2019/06/26/slae-assignment-6-create-polymorphic-shellcode/ Architecture: i686 GNU/Linux Shellco...
Castel NextGen DVR 1.0.0 Bypass / CSRF / Disclosure Vulnerabilities
Castel NextGen DVR version 1.0.0 suffers from authorization bypass, credential disclosure, and cross site request forgery vulnerabilities. All issues are associated with Castel NextGen DVR v1.0.0 and have been resolved in v1.0.1. ------------------------------- CVE-2020-11679 Original Disclosure...
Kyocera Printer d-COPIA253MF - Directory Traversal Exploit
Exploit for hardware platform in category web applications Exploit Title : Kyocera Printer d-COPIA253MF - Directory Traversal PoC Exploit Author: Hakan Eren ŞAN Vendor Homepage: https://www.kyoceradocumentsolutions.com.tr/tr.html Version: d-COPIA253MF plus Tested on : Linux Credit: Berat Isler...
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit
Exploit for java platform in category web applications Exploit Title: VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution Exploit Author: Tomas Melicher Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/ Vendor Homepage:...
NeonLMS Learning Management System PHP Laravel Script 4.6 Shell Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: NeonLMS - Learning Management System PHP Laravel Script -Authenticated Arbitrary File Upload Exploit Author: th3d1gger Vendor Homepage: https://www.neonlms.com/ Software Link:...
NeonLMS Learning Management System PHP Laravel Script 4.6 File Download Vulnerability
NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from an arbitrary file download vulnerability. Exploit Title: NeonLMS - Learning Management System PHP Laravel Script - 'Arbitrary' File Download Exploit Author: th3d1gger Vendor Homepage: https://www.neonlms.com/ Software...
HFS Http File Server 2.3m Build 300 Buffer Overflow Exploit
HFS Http File Server version 2.3m build 300 suffers from a remote buffer overflow vulnerability that can lead to a denial of service. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Virtual Airlines Manager 2.6.2 - (notam) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Virtual Airlines Manager 2.6.2 - 'notam' SQL Injection Exploit Author: Pankaj Kumar Thakur Vendor Homepage: http://virtualairlinesmanager.net/ Dork: inurl:notamid= Affected Version: 2.6.2 Tested on: Ubuntu CVE : N/A Vulnerable...
Frigate 3.36.0.9 - (Command Line) Local Buffer Overflow (SEH) Exploit
Exploit Title: Frigate 3.36.0.9 - 'Command Line' Local Buffer Overflow SEH PoC Vendor Homepage: http://www.frigate3.com/ Software Link Download: http://www.frigate3.com/download/frigate3pro.exe Exploit Author: Paras Bhatia Vulnerable Software: Frigate Version: "Command Line" "Activate Command Lin...
Quick Player 1.3 Denial Of Service Exploit
Exploit Title: Quick Player 1.3 - 'Browser.exe' Denial of Service Author: Felipe Winsnes Software Link: http://download.cnet.com/Quick-Player/3640-21684-10871418.html Version: 1.3 Tested on: Windows 7 Proof of Concept: 1.- Run the python script "poc.py", it will create a new file "poc.txt" 2.- Op...
WinGate 9.4.1.5998 Insecure Permissions / Privilege Escalation Vulnerability
WinGate version 9.4.1.5998 suffers from an insecure permissions vulnerability that allows for privilege escalation. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINGATE-INSECURE-PERMISSIONS-LOCAL-PRIVILEGE-ESCALATION.t...
WordPress Drag And Drop Multi File Uploader Remote Code Execution Exploit
Exploit for php platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Wordpress Drag and Drop Multi File Uploader RCE', 'Description' = %q This module exploits a...
WebLogic Server Deserialization Remote Code Execution Exploit
This Metasploit module exploits a Java object deserialization vulnerability in multiple versions of WebLogic. Unauthenticated remote code execution can be achieved by sending a serialized BadAttributeValueExpException object over the T3 protocol to vulnerable versions of WebLogic. Leveraging an...
10-Strike Bandwidth Monitor 3.9 Buffer Overflow Exploit
10-Strike Bandwidth Monitor version 3.9 ROP VirtualAlloc buffer overflow exploit with SEH, DEP, and ASLR. Exploit Title: 10-Strike Bandwidth Monitor 3.9 - ROP VirtualAlloc - Buffer Overflow SEH,DEP,ASLR Exploit Author: Bobby Cooke Date: June 7th, 2020 Vendor Site: https://www.10-strike.com/...
Cisco UCS Director Cloupia Script Remote Code Execution Exploit
This Metasploit module exploits an authentication bypass and directory traversals in Cisco UCS Director versions prior to 6.7.4.0 to leak the administrator's REST API key and execute a Cloupia script containing an arbitrary root command. Note that the primary functionality of this module is to...
NeonLMS Learning Management System PHP Laravel Script 4.6 XSS Vulnerability
NeonLMS Learning Management System PHP Laravel Script version 4.6 suffers from a persistent cross site scripting vulnerability. Exploit Title: NeonLMS - Learning Management System PHP Laravel Script - 'Messages' Persistent Cross Site Scripting Exploit Author: th3d1gger Vendor Homepage:...
Avaya IP Office 11 Insecure Transit / Password Disclosure Vulnerability
Avaya IP Office versions 9.1.8.0 through 11 suffer from an insecure transit vulnerability that allows for password disclosure. + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Online-Exam-System 2015 - (feedback) SQL Injection Exploit
Exploit for php platform in category web applications Exploit Title: Online-Exam-System 2015 - 'feedback' SQL Injection Exploit Author: Gus Ralph Vendor Homepage: https://github.com/sunnygkp10/ Software Link: https://github.com/sunnygkp10/Online-Exam-System-.git Affected Version: 2015 Tested on:...
Online Course Registration 1.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Course Registration 1.0 - Authentication Bypass Exploit Author: BKpatron Vendor Homepage: https://www.sourcecodester.com/php/14251/online-course-registration.html Software Link:...