39001 matches found
Counter-Strike CS:GO BuildID: 4937372 - Arbitrary Code Execution Exploit
Exploit Title: Source Engine CS:GO BuildID: 4937372 - Arbitrary Code Execution Date: 2020-04-27 Exploit Author: 0xEmma/BugByte/SebastianPC Vendor Homepage: https://www.valvesoftware.com/en/ Version: Source Engine, Tested on CS:GO BuildID: 4937372 TF2 BuildID: 4871679 Garry's Mod BuildID: 4803834...
Linux/x86 Reverse Shell Generator Shellcode (80 bytes)
80 bytes small Linux/x86 reverse shell generator shellcode with customizable TCP port and IP address. Title: Linux/x86 - Reverse Shell Generator - Customizable TCP Port & IP Address 80 bytes Exploit Author: Bobby Cooke Tested on: Ubuntu 16.04.6 - 4.15.0-45-generic x86 i686 Usage: TERMINAL 1 root ...
Linux/x64_86 Egghunter Execve Shellcode (63 bytes)
63 bytes small Linux/x6486 dynamic egghunter shellcode that searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. The payload is an execve/bin/bash shellcode. // Shellcode Title: Linux/x64 -...
Maian Support Helpdesk 4.3 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications Exploit Title: Maian Support Helpdesk 4.3 - Cross-Site Request Forgery Add Admin Author: Besim ALTINOK Vendor Homepage: https://www.maiansupport.com Software Link: https://www.maiansupport.com/zip.html Version: v4.3 Tested on: Xampp Credit:...
Online Course Registration 2.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Online Course Registration 2.0 - Authentication Bypass Exploit Author: Daniel Monzón stark0de Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: 2.0...
Netis E1+ 1.2.32533 - Backdoor Account (root) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Netis E1+ 1.2.32533 - Backdoor Account root Author: Besim ALTINOK Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Suppory/downloads/dd/1/img/204 Version: V1.2.32533 Tested on: Netis...
Linux/x86 Egghunter Shellcode (39 bytes)
39 bytes small Linux/x86 egghunter null-free shellcode. The egghunter dynamically searches memory for 2 instances of the egg. When the eggs are found, the egghunter passes execution control to the payload at the memory address of the eggs. // Shellcode Title: Linux/x86 - EggHunter + Null-free 39...
Online shopping system advanced 1.0 - (p) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Online shopping system advanced 1.0 - 'p' SQL Injection Exploit Author : Majid kalantari Vendor Homepage : https://github.com/PuneethReddyHC/online-shopping-system-advanced Software link:...
PHP-Fusion 9.03.50 - (Edit Profile) Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link:...
Linux/x64_86 ROL Encoded Execve Shellcode (57 bytes)
57 bytes small Linux/x6486 /bin/bash shellcode. The stub decodes the ROL Encoded shellcode. When the stub has finished decoding the payload, execution control is passed to the payload. // Shellcode Title: Linux/x64 - ROL Encoded Execve Shellcode 57 bytes // Shellcode Author: Bobby Cooke // Tested...
Linux/x86 Dynamic MMX+FPU Encoded Add Root User Shellcode (155 bytes)
155 bytes small Linux/x86 shellcode that has a MMX stub decoder that dynamically decodes the payload in memory. The FPU GetPC technique is used to determine the offset from EIP dynamically in running memory. Once decoded. this shellcode adds the user 'ctl' with the password 'ctl' to the /etc/pass...
Docker Desktop Community Edition <= 2.1.0.1 Privilege Escalation Exploit
This Metasploit module exploit leverages a vulnerability in Docker Desktop Community Edition versions prior to 2.1.0.1 where an attacker can write a payload to a lower-privileged area to be executed automatically by the docker user at login. This module requires Metasploit:...
WebKit AudioArray::allocate Data Race / Out-Of-Bounds Access Vulnerability
WebKit: Data race in AudioArray::allocate can lead to OOB access VULNERABILITY DETAILS Source/WebCore/platform/audio/AudioArray.h: void allocateChecked n ... while !isAllocationGood // Initially we try to allocate the exact size, but if it's not aligned // then we'll have to reallocate and from...
Edimax EW-7438RPn 1.13 - Remote Code Execution Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Edimax EW-7438RPn 1.13 - Remote Code Execution Exploit Author: Besim ALTINOK Vendor Homepage: https://www.edimax.com/edimax/merchandise/merchandisedetail/data/edimax/global/wi-firangeextendersn300/ew-7438rpnmini/ Version:1....
QRadar Community Edition 7.3.1.6 Default Credentials Vulnerability
QRadar Community Edition version 7.3.1.6 is deployed with a default password for the ConfigServices account. Using this default password it is possible to download configuration sets containing sensitive information, including encrypted credentials and host tokens. With these host tokens it is...
QRadar Community Edition 7.3.1.6 CSRF / Weak Access Control Vulnerability
QRadar Community Edition version 7.3.1.6 suffers from cross site request forgery and weak access control vulnerabilities. ------------------------------------------------------------------------ Cross-Site Request Forgery & weak access control in QRadar ConfigServices webservice...
EspoCRM 5.8.5 - Privilege Escalation Vulnerability
Exploit for multiple platform in category web applications Exploit Title: EspoCRM 5.8.5 - Privilege Escalation Author: Besim ALTINOK Vendor Homepage: https://www.espocrm.com Software Link: https://www.espocrm.com/downloads/EspoCRM-5.8.5.zip Version: v5.8.5 Tested on: Xampp Credit: İsmail BOZKURT...
Popcorn Time 6.2 - (Update service) Unquoted Service Path Vulnerability
Exploit Title: Popcorn Time 6.2 - 'Update service' Unquoted Service Path Vendor Homepage: https://getpopcorntime.is Exploit Authors: Uriel Yochpaz & Jonatan Schor Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 6.2.1.14 and probably prior versions Tested on: Windows 10...
Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Exploit
Exploit for java platform in category web applications Exploit Title: Furukawa Electric ConsciusMAP 2.8.1 - Remote Code Execution Vendor Homepage: https://www.tecnoredsa.com.ar Exploit Authors: LiquidWorm Software Link: https://dl.getpopcorntime.is/PopcornTime-latest.exe Version: 2.8.1 CVE : N/A...
QRadar Community Edition 7.3.1.6 Authorization Bypass Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Authorization bypass in QRadar Forensics web application ------------------------------------------------------------------------ Abstract...
QRadar Community Edition 7.3.1.6 PHP Object Injection Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ PHP object injection vulnerability in QRadar Forensics web application ------------------------------------------------------------------------ Abstract...
QRadar Community Edition 7.3.1.6 Path Traversal Vulnerability
QRadar Community Edition version 7.3.1.6 has a path traversal that exists in the session validation functionality. In particular, the vulnerability is present in the part that handles session tokens UUIDs. QRadar fails to validate if the user-supplied token is in the correct format. Using path...
QRadar Community Edition 7.3.1.6 Server Side Request Forgery Vulnerability
QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RSS feed URL. Due to the lack of URL validation whitelisting, it is possible for authenticated...
Linux/x64 - Password Protected Bindshell + Null-free Shellcode (272 Bytes)
Exploit Title: Linux/x64 - Password Protected Bindshell + Null-free Shellcode 272 Bytes Exploit Author: Bobby Cooke Tested on: Linux x8664 SMP Debian 5.3.15-1kali1 SLAE/Student ID: PA-10913 Course: This shellcode was created for the x8664 Assembly Language and Shellcoding on Linux SLAE64 Course...
QRadar Community Edition 7.3.1.6 Arbitrary Object Instantiation Vulnerability
QRadar Community Edition version 7.3.1.6 is vulnerable to instantiation of arbitrary objects based on user-supplied input. An authenticated attacker can abuse this to perform various types of attacks including server-side request forgery and potentially arbitrary execution of code...
QRadar Community Edition 7.3.1.6 Insecure File Permissions Vulnerability
Exploit for php platform in category web applications ------------------------------------------------------------------------ Local privilege escalation in QRadar due to run-result-reader.sh insecure file permissions ------------------------------------------------------------------------ Abstra...
QRadar Community Edition 7.3.1.6 Cross Site Scripting Vulnerability
QRadar Community Edition version 7.3.1.6 suffers from a reflective cross site scripting vulnerability in the Forensics link analysis page. ------------------------------------------------------------------------ Reflected Cross-Site Scripting in QRadar Forensics link analysis page...
Complaint Management System 4.2 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: Complaint Management System 4.2 - Authentication Bypass Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.2 Tested on: Xampp Credit: İsma...
Edimax EW-7438RPn - Information Disclosure (WiFi Password) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Edimax EW-7438RPn 1.13 - Information Disclosure WiFi Password Date: 2020-04-21 Exploit Author: Besim ALTINOK Vendor Homepage:...
VB 6.0 Dirlist Object Code Execution Exploit
/ VB 6.0 Dirlist Object Code Execution Author : Hexrain Tutorial Video : https://youtu.be/BLFbUJ4n8hY Twitter : @smashedkernel Greetz : OA Cybersec wornix blacknbunny / import sys try: commandfile = sys.argv1 poc = 'End If\nEnd Sub\nlPtr = Private Type Private Type\nRtlMoveMemory ByVal lPtr, &HE8...
Sky File 2.1.0 iOS - Directory Traversal Vulnerability
Exploit for php platform in category web applications Title: Sky File 2.1.0 iOS - Directory Traversal Date: 2020-04-21 Software Link: https://apps.apple.com/us/app/sky-file-wireless-transfer/id1236452210 CVE: N/A Document Title: =============== Sky File v2.1.0 iOS - Multiple Web Vulnerabilities...
Complaint Management System 4.2 - Cross-Site Request Forgery (Delete User) Vulnerability
Exploit for php platform in category web applications Exploit Title: Complaint Management System 4.2 - Cross-Site Request Forgery Delete User Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.2 Tested on:...
User Management System 2.0 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: User Management System 2.0 - Persistent Cross-Site Scripting Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-pane...
Cisco AnyConnect Secure Mobility Client 4.8.01090 Privilege Escalation Vulnerability
Cisco AnyConnect Secure Mobility Client for Windows version 4.8.01090 suffer from a privilege escalation vulnerability due to insecure handling of path names. ------------------------------------------------------------------------ Cisco AnyConnect elevation of privileges due to insecure handling...
Complaint Management System 4.2 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: Complaint Management System 4.2 - Persistent Cross-Site Scripting Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.2 Tested on: Xampp...
User Management System 2.0 - Authentication Bypass Vulnerability
Exploit for php platform in category web applications Exploit Title: User Management System 2.0 - Authentication Bypass Author: Besim ALTINOK Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/user-registration-login-and-user-management-system-with-admin-panel/ Version...
Edimax EW-7438RPn - Cross-Site Request Forgery (MAC Filtering) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: Edimax EW-7438RPn - Cross-Site Request Forgery MAC Filtering Exploit Author: Besim ALTINOK Vendor Homepage:...
Zen Load Balancer 3.10.1 - Directory Traversal Exploit
Exploit for cgi platform in category web applications This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zen Load Balancer Directory Traversal", 'Description' = %q This module exploits a...
AMD Radeon DirectX 11 Driver 8.17.10.0871 Memory Corruption Vulnerability
AMD Radeon DirectX 11 Driver version 8.17.10.0871 suffers from a memory corruption vulnerability. / Title : Advanced Micro Devices, Inc. Radeon DirectX 11 Driver Firefox/MS Edge Memory Corruption Exploit Author : Marcin Ressel Vendor Homepage : https://www.amd.com/ Software Link: n/a Version:...
RM Downloader 3.1.3.2.2010.06.13 - (Load) Buffer Overflow (SEH) Exploit
Exploit Title: RM Downloader 3.1.3.2.2010.06.13 - 'Load' Buffer Overflow SEH Author: Felipe Winsnes Version: 3.1.3.2.2010.06.13 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the python script, it will create a new file "poc.txt" 2.- Copy the content of the new file 'poc.txt' to clipboard 3.-...
Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Exploit
Title: Neowise CarbonFTP 1.4 - Insecure Proprietary Password Encryption Author: hyp3rlinx Vendor: CVE: CVE-2020-6857 import time, string, sys, argparse, os, codecs Fixed: updated for Python 3, the hex decode function was not working in Python 3 version. This should be compatible for Python 2 and ...
Windows/x86 - MSVCRT System + Add RDP Admin + Disable Firewall + Enable RDP Shellcode (644 Bytes)
644 bytes small Microsoft Windows x86 shellcode that disables the Windows firewall, adds the user MajinBuu with password TurnU2C@ndy!! to the system, adds the user MajinBuu to the local groups Administrators and Remote Desktop Users, and then enables the RDP Service. Exploit Title: Windows/x86 -...
NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit
Exploit for jsp platform in category web applications Exploit Title: NSClient++ 0.5.2.35 - Authenticated Remote Code Execution Exploit Author: kindredsec Vendor Homepage: https://nsclient.org/ Software Link: https://nsclient.org/download/ Version: 0.5.2.35 Tested on: Microsoft Windows 10 Pro x64...
Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Exploit
Title: Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation Author: Marco Ivaldi Vendor: www.oracle.com CVE: CVE-2020-2944 / raptorsdtcmconv.c - CDE sdtcmconvert LPE for Solaris/Intel Copyright c 2019-2020 Marco Ivaldi A buffer overflow in the SanityCheck function in the...
IQrouter 3.3.1 Firmware - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: IQrouter 3.3.1 Firmware - Remote Code Execution Exploit Author: drakylar Vendor Homepage: https://evenroute.com/ Software Link: https://evenroute.com/iqrouter Version: IQrouter firmware up to 3.3.1 Tested on: IQrouter...
Spiderman2 Game - Buffer Overflow Exploit
Exploit Title: Spiderman2 - Buffer Overflow Exploit Author: HexraiN Vendor Homepage: https://www.mobygames.com/company/fizz-factor Software Link: https://www.mobygames.com/game/spider-man-2-the-game Version: 2.1.1 Tested on: Windows 10 x64 Greetz : OA Cybersecurity Labs Twitter : @smashedkernel 1...
CSZ CMS 1.2.7 - Persistent Cross-Site Scripting Vulnerability
Exploit for php platform in category web applications Exploit Title: CSZ CMS 1.2.7 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.cszcms.com/ Software Link: https://sourceforge.net/projects/cszcms/ Version: v1.2.7 Description: Unauthorized user...
P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for hardware platform in category web applications Exploit Title: P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery Add Admin Google Dork:jizhicms Exploit Author: iej1ctk1g Product web page: https://www.p5.hu Affected version: 1.0.20, 1.0.11 CVE : N/A !-- P5 FNIP-8x16A/FNIP-4xSH...
IBM Data Risk Manager Authentication Bypass / Command Injection / File Download Exploit
IBM Data Risk Manager suffers from authentication bypass, command injection, insecure default password, and arbitrary file download vulnerabilities. Multiple Vulnerabilities in IBM Data Risk Manager By Pedro Ribeiro email protected from Agile Information Security Disclosure Date: 21/04/2020 | Las...
Sysaid 20.1.11 b26 Remote Command Execution Vulneravility
Sysaid version 20.1.11 b26 suffers from an AJP13 remote command execution vulnerability. Exploit Title: Sysaid 20.1.11 b26 - Remote Command Execution Google Dork: intext:"Help Desk Software by SysAid " Exploit Author: Ahmed Sherif Vendor Homepage: https://www.sysaid.com/free-help-desk-software...