Результаты поиска

Netartmedia Real Estate Portal 5.0 - SQL Injection # Exploit Title: Netartmedia Real Estate Portal 5.0 - Multiple SQL Injection # Date: 19.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://www.netartmedia.net/realestate/ # Demo Site...

BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'zlib' class MetasploitModule < Msf::Exploit::Remote Rank =...

GitHub Enterprise 2.8.0 < 2.8.6 - Remote Code Execution #!/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' ___. .__ ' puts ' ____ ___ ________ \_ |__ | | __ __ ____ '...

Netartmedia Event Portal 2.0 - 'Email' SQL Injection # Exploit Title: Netartmedia Event Portal 2.0 - 'Email' SQL Injection # Date: 19.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://www.netartmedia.net/eventportal/ # Demo Site: https://www.phpscriptdemos.com/events/ #...

Attacking RDP - How to Eavesdrop on Poorly Secured RDP Connections 41621.pdf

Adobe Flash - AVC Header Slicing Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1017 There is a heap overflow in AVC header slicing. To reproduce the issue, put the attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=slice.flv Proof of...

IBM WebSphere - RCE Java Deserialization (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking include...

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - 'Jakarta' Multipart Parser OGNL Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule <...

Adobe Flash - ATF Thumbnailing Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1015 The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Proof of...

Adobe Flash - ATF Planar Decompression Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1016 The attached file causes heap corruption when decompressing a planar block. To reproduce the issue, but both attached files on a server and visit...

WinRAR 5.61 - Path Traversal #!/usr/bin/env python3 import os import re import zlib import binascii # The archive filename you want rar_filename = "test.rar" # The evil file you want to run evil_filename = "calc.exe" # The decompression path you want, such shown below target_filename =...

Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012) /* Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1021 Windows: COM Session Moniker EoP Platform: Tested on Windows 10 14393, Server 2012 R2 Class: Elevation of Privilege Summary: When activating an...

Adobe Flash - Metadata Parsing Out-of-Bounds Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1005 The attached file causes an out-of-bounds read when its metadata is parsed Proof of Concept...

Adobe Flash - MovieClip Attach init Object Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1006 The attached file causes a use-after-free in attaching a MovieClip and applying the init object. Proof of Concept...

Netgear R7000 / R6400 - 'cgi-bin' Command Injection (Metasploit) ## # This module requires Metasploit: http://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'msf/core' class MetasploitModule < Msf::Exploit::Remote Rank =...

elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote Rank = ExcellentRanking...

Apache Tika-server < 1.18 - Command Injection ###################################################################################################### #Description: This is a PoC for remote command execution in Apache Tika-server. # #Versions Affected: Tika-server versions <...

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload #!/usr/bin/env python # Exploit Title: CMS Made Simple (authenticated) arbitrary file upload in Showtime2 module # Date: March 2019 # Exploit Author: Daniele Scanu @ Certimeter Group # Vendor Homepage...

MobaXterm Personal Edition 9.4 - Directory Traversal [+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt [+] ISR: ApparitionSec Vendor...

Microsoft Windows - '.reg' File / Dialog Box Message Spoofing [+] Credits: John Page (aka hyp3rlinx) [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt [+] ISR: ApparitionSec...

Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1037 There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access...

Drupal < 8.5.11 / < 8.6.10 - RESTful Web Services unserialize() Remote Command Execution (Metasploit) ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Remote #...

Apache Struts 2.3.5 < 2.3.31 / 2.5 < 2.5.10 - Remote Code Execution #!/usr/bin/python # -*- coding: utf-8 -*- import urllib2 import httplib def exploit(url, cmd): payload = "%{(#_='multipart/form-data')." payload += "(#[email protected]@DEFAULT_MEMBER_ACCESS)." payload +=...

FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery <!-- [+] Credits: John Page AKA hyp3rlinx [+] Website: hyp3rlinx.altervista.org [+] Source: http://hyp3rlinx.altervista.org/advisories/FTP-VOYAGER-SCHEDULER-CSRF-REMOTE-CMD-EXECUTION.txt [+] ISR: ApparitionSec Vendor...

Drupal 7.x Module Services - Remote Code Execution # Exploit Title: Drupal 7.x Services Module Remote Code Execution # Vendor Homepage: https://www.drupal.org/project/services # Exploit Author: Charles FOL # Contact: https://twitter.com/ambionics # Website...