Результаты поиска

PlaySMS - 'import.php' (Authenticated) CSV File Upload Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

PlaySMS 1.4 - 'sendfromfile.php?Filename' (Authenticated) 'Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank =...

Mantis Bug Tracker 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Microsoft Windows WMI - Recieve Notification Exploit (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core/post/windows/reflective_dll_injection' class MetasploitModule <...

FTPShell Client 6.7 - Buffer Overflow # -*- coding: utf-8 -*- # Exploit Title: FTPShell Client 6.7 - Remote Buffer Overflow # Date: 2018-01-03 # Exploit Author: Sebastián Castro @r4wd3r # Vendor Homepage: http://www.ftpshell.com/index.htm # Software Link: http://www.ftpshell.com/download.htm...

Palo Alto Networks - 'readSessionVarsFromFile()' Session Corruption (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Metasploit Framework - 'msfd' Remote Code Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Apache Struts2 2.0.0 < 2.3.15 - Prefixed Parameters OGNL Injection CVE Number: CVE-2013-2251 Title: Struts2 Prefixed Parameters OGNL Injection Vulnerability Affected Software: Apache Struts v2.0.0 - 2.3.15 Credit: Takeshi Terada of Mitsui Bussan Secure...

Google Chrome V8 - Object Allocation Size Integer Overflow There's an integer overflow in computing the required allocation size when instantiating a new javascript object. See the following code in objects.cc // static bool JSFunction::CalculateInstanceSizeForDerivedClass(...

CuteNews 2.1.2 - Remote Code Execution # Exploit Title: CuteNews 2.1.2 - Remote Code Execution # Google Dork: N/A # Date: 2020-09-10 # Exploit Author: Musyoka Ian # Vendor Homepage: https://cutephp.com/cutenews/downloading.php # Software Link: https://cutephp.com/cutenews/downloading.php #...

Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass #!/usr/bin/env ruby ## Title: Bludit 3.9.2 - Authentication Bruteforce Mitigation Bypass ## Author: noraj (Alexandre ZANNI) ## Author website: https://pwn.by/noraj/ ## Date: 2020-08-16 ## Vendor Homepage: https://www.bludit.com/ ##...

xdebug < 2.5.5 - OS Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Metasploit Framework - 'msfd' Remote Code Execution (via Browser) (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = NormalRanking...

Apple macOS 10.13.2 - Double mach_port_deallocate in kextd due to Failure to Comply with MIG Ownership Rules Here's a kextd method exposed via MIG (com.apple.KernelExtensionServer) kern_return_t _kextmanager_unlock_kextload( mach_port_t server, mach_port_t client) {...

Apple macOS/iOS - ReportCrash mach port Replacement due to Failure to Respect MIG Ownership Rules /* ReportCrash is the daemon responsible for making crash dumps of crashing userspace processes. Most processes can talk to ReportCrash via their exception ports (either task or host level.) You...

WebKit - 'WebCore::jsElementScrollHeightGetter' Use-After-Free <!-- There is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of Revision 227958 on OSX. PoC (Note: It might take multiple refreshes for the issue to be triggered)...

Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

WordPress Plugin Form Maker 1.12.20 - CSV Injection # Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection (CSV Injection) # Google Dork: N/A # Date: 27-04-2018 ################################ # Exploit Author: Jetty Sairam...

Nagios XI 5.2.6 < 5.2.9 / 5.3 / 5.4 - Chained Remote Root # Exploit Title: Nagios XI 5.2.[6-9], 5.3, 5.4 Chained Remote Root # Date: 4/17/2018 # Exploit Authors: Benny Husted, Jared Arave, Cale Smith # Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted ||...

GitList 0.6 - Remote Code Execution ''' # Exploit Title: GitList 0.6 Unauthenticated RCE # Date: 25-04-2018 # Software Link: https://github.com/klaussilveira/gitlist # Exploit Author: Kacper Szurek # Contact: https://twitter.com/KacperSzurek # Website: https://security.szurek.pl/ # Category...

Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution # -*- coding: utf-8 -*- # Oracle Weblogic Server (10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3) Deserialization Remote Command Execution Vulnerability (CVE-2018-2628) # # IMPORTANT: Is...

Apache Struts 2.0.1 < 2.3.33 / 2.5 < 2.5.10 - Arbitrary Code Execution import requests import sys from urllib import quote def exploit(url): res = requests.get(url, timeout=10) if res.status_code == 200: print "[+] Response: {}".format(str(res.text)) print "\n[+]...

Chrome V8 JIT - 'AwaitedPromise' Update Bug /* Here's a snippet of AsyncGeneratorReturn. (https://cs.chromium.org/chromium/src/v8/src/builtins/builtins-async-generator-gen.cc?rcl=bcd1365cf7fac0d7897c43b377c143aae2d22f92&l=650) Node* const context = Parameter(Descriptor::kContext); Node*...

Chrome V8 JIT - Arrow Function Scope Fixing Bug /* When the parser parses the parameter list of an arrow function contaning destructuring assignments, it can't distinguish whether the assignments will be actually in the parameter list or just assignments until it meets a "=>" token. So it...

Drupal < 7.58 - 'Drupalgeddon3' (Authenticated) Remote Code Execution (PoC) This is a sample of exploit for Drupal 7 new vulnerability SA-CORE-2018-004 / CVE-2018-7602. You must be authenticated and with the power of deleting a node. Some other forms may be vulnerable : at least, all of forms...