Результаты поиска

Codiad 2.8.4 - Remote Code Execution (Authenticated) # Exploit Title: Codiad 2.8.4 - Remote Code Execution (Authenticated) # Discovery by: WangYihang # Vendor Homepage: http://codiad.com/ # Software Links : https://github.com/Codiad/Codiad/releases # Tested Version: Version: 2.8.4 # CVE...

VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS # Title: VestaCP 0.9.8 - 'v_interface' Add IP Stored XSS # Date: 07.03.2021 # Author: Numan Türle # Vendor Homepage: https://vestacp.com # Software Link: https://myvestacp.com < 0.9.8-26-43 # Software Link: https://vestacp.com < 0.9.8-26 # Tested...

Foxit Reader 9.0.1.1049 - Remote Code Execution %PDF 1 0 obj <</Pages 1 0 R /OpenAction 2 0 R>> 2 0 obj <</S /JavaScript /JS ( /* Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley (mr_me) of Source Incite Date: 22/06/2018...

KVM (Nested Virtualization) - L1 Guest Privilege Escalation When KVM (on Intel) virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM (which trigger a VM exit and are emulated by L0 KVM) are coming from ring 0. For code running on bare metal or VMX...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2) # Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution # Date: 2018-06-21 # Exploit Author: VulnSpy # Vendor Homepage: http://www.phpmyadmin.net # Software Link...

Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure # Exploit Title: Sonlogger 4.2.3.3 - SuperAdmin Account Creation / Information Disclosure # Date: 04-02-2021 # Exploit Author: Berkan Er # Vendor Homepage: https://www.sonlogger.com/ # Version: 4.2.3.3 # Tested on...

SonLogger 4.2.3.3 - Unauthenticated Arbitrary File Upload (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include...

Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation Windows: Windows: Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix EoP Platform: Windows 1709 (not tested earlier version) Class: Elevation of Privilege Summary: The handling...

Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2) # Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2) # Author: 1F98D # Original Authors: Craig Freyman (cd1zz) and Gerardo Iglesias Galvan (iglesiasgg) # Tested on Windows 10 (x64) # # A buffer overflow exists in GoldenFTP during the...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1) The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 55~63 lines Line 61 contains include $_REQUEST['target']; This is obviously LFI...

Zen Cart 1.5.7b - Remote Code Execution (Authenticated) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## ### # # # This exploit write payload in database and trig to command # a bug in an zencart v1.5.7b...

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 (not tested RS4) Class: Elevation of Privilege Summary: The activator for Desktop Bridge...

AnyDesk 5.5.2 - Remote Code Execution # Exploit Title: AnyDesk 5.5.2 - Remote Code Execution # Date: 09/06/20 # Exploit Author: scryh # Vendor Homepage: https://anydesk.com/en # Version: 5.5.2 # Tested on: Linux # Walkthrough: https://devel0pment.de/?p=1881 #!/usr/bin/env python import struct...

FortiLogger 4.4.2.2 - Unauthenticated Arbitrary File Upload (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking include...

WiFi Mouse 1.7.8.5 - Remote Code Execution # Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution # Date: 25-02-2021 # Author: H4rk3nz0 # Vendor Homepage: http://necta.us/ # Software Link: http://wifimouse.necta.us/#download # Version: 1.7.8.5 # Tested on: Windows Enterprise Build 17763...

Apache CouchDB < 2.1.0 - Remote Code Execution # Title: Apache CouchDB < 2.1.0 - Remote Code Execution # Author: Cody Zacharias # Shodan Dork: port:5984 # Vendor Homepage: http://couchdb.apache.org/ # Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ # Version: <= 1.7.0 and...

Unified Remote 3.9.0.2463 - Remote Code Execution # Exploit Title: Unified Remote 3.9.0.2463 - Remote Code Execution # Author: H4rk3nz0 # Vendor Homepage: https://www.unifiedremote.com/ # Software Link: https://www.unifiedremote.com/download # Tested on: Windows 10, 10.0.19042 Build 19042...

SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC) # Exploit Title: SpotAuditor 5.3.5 - 'multiple' Denial Of Service (PoC) # Exploit Author : Sinem Şahin # Exploit Date: 2021-02-10 # Vendor Homepage : http://www.nsauditor.com/ # Link Software ...

Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) # Exploit Title: Product Key Explorer 4.2.7 - 'multiple' Denial of Service (PoC) # Exploit Author : Sinem Şahin # Exploit Date: 2021-02-23 # Vendor Homepage : http://www.nsauditor.com/ # Link Software ...

glibc - 'realpath()' Privilege Escalation (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = NormalRanking include Msf::Post::File...

DHCP Client - Command Injection 'DynoRoot' (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2) # Exploit Title: Openlitespeed WebServer 1.7.8 - Command Injection (Authenticated) (2) # Date: 26/1/2021 # Exploit Author: Metin Yunus Kandemir # Discovered by: cmOs - SunCSR # Vendor Homepage: https://openlitespeed.org/ #...

SmartFoxServer 2X 2.17.0 - Credentials Disclosure # Exploit Title: SmartFoxServer 2X 2.17.0 - Credentials Disclosure # Date: 29.01.2021 # Exploit Author: LiquidWorm # Vendor Homepage: https://www.smartfoxserver.com SmartFoxServer 2X 2.17.0 Credentials Disclosure Vendor: gotoAndPlay()...

Millewin 13.39.146.1 - Local Privilege Escalation # Exploit Title: Millewin 13.39.146.1 - Local Privilege Escalation # Date: 2021-02-07 # Author: Andrea Intilangelo # Vendor Homepage: https://www.millewin.it # Software Homepage: https://www.millewin.it/index.php/prodotti/millewin # Software...

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 (not tested other versions) Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by...