exploit the possibilities
Showing 1 - 25 of 46,265 RSS Feed

Exploit Files

TP-Link Cloud Cameras NCXXX Bonjour Command Injection
Posted Sep 18, 2020
Authored by Pietro Oliva | Site metasploit.com

TP-Link cloud cameras NCXXX series (NC200, NC210, NC220, NC230, NC250, NC260, NC450) are vulnerable to an authenticated command injection vulnerability. In all devices except NC210, despite a check on the name length in swSystemSetProductAliasCheck, no other checks are in place in order to prevent shell metacharacters from being introduced. The system name would then be used in swBonjourStartHTTP as part of a shell command where arbitrary commands could be injected and executed as root. NC210 devices cannot be exploited directly via /setsysname.cgi due to proper input validation. NC210 devices are still vulnerable since swBonjourStartHTTP did not perform any validation when reading the alias name from the configuration file. The configuration file can be written, and code execution can be achieved by combining this issue with CVE-2020-12110.

tags | exploit, arbitrary, shell, cgi, root, code execution
advisories | CVE-2020-12109
MD5 | 65581bfcfd69f6bd2c8b8917eda921c4
Navy Federal Cross Site Scripting
Posted Sep 18, 2020
Authored by Arthrocyber

The Navy Federal site at navyfederal.org suffered from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 455aedc855366fcbd0be7206169b22fc
Mantis Bug Tracker 2.3.0 Remote Code Execution
Posted Sep 18, 2020
Authored by Nikolas Geiselman

Mantis Bug Tracker version 2.3.0 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2017-7615, CVE-2019-15715
MD5 | b8224e074922b7417247b27948ca6d30
SpamTitan 7.07 Remote Code Execution
Posted Sep 18, 2020
Authored by Felipe Molina

SpamTitan version 7.07 suffers from an authenticated remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-11699, CVE-2020-11700, CVE-2020-11803, CVE-2020-11804
MD5 | ca2b9bc9d086483e304d942fc84321d8
D-Link DGS-1210-28 Denial Of Service
Posted Sep 18, 2020
Authored by Saeed reza Zamanian

D-Link DGS-1210-28 suffers from a denial of service vulnerability.

tags | exploit, denial of service
MD5 | 280f38f62e0191ec43d18f200e5f7ae7
Microsoft Spooler Local Privilege Elevation
Posted Sep 17, 2020
Authored by bwatters-r7, shubham0d, Yarden Shafir, Alex Ionescu | Site metasploit.com

This exploit leverages a file write vulnerability in the print spooler service which will restart if stopped. Because the service cannot be stopped long enough to remove the dll, there is no way to remove the dll once it is loaded by the service. Essentially, on default settings, this module adds a permanent elevated backdoor.

tags | exploit
advisories | CVE-2020-1048
MD5 | dfa46dafd7f5bbc3e8f526a18d5976b2
Microsoft SQL Server Reporting Services 2016 Remote Code Execution
Posted Sep 17, 2020
Authored by West Shepherd

Microsoft SQL Server Reporting Services 2016 suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
advisories | CVE-2020-0618
MD5 | ce6d37b9f76993c4ef670912502b7095
Microsoft Exchange Server DlpUtils AddTenantDlpPolicy Remote Code Execution
Posted Sep 17, 2020
Authored by mr_me, wvu | Site metasploit.com

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Exchange Server. Authentication is required to exploit this vulnerability. Additionally, the target user must have the "Data Loss Prevention" role assigned and an active mailbox. If the user is in the "Compliance Management" or greater "Organization Management" role groups, then they have the "Data Loss Prevention" role. Since the user who installed Exchange is in the "Organization Management" role group, they transitively have the "Data Loss Prevention" role. The specific flaw exists within the processing of the New-DlpPolicy cmdlet. The issue results from the lack of proper validation of user-supplied template data when creating a DLP policy. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Tested against Exchange Server 2016 CU14 on Windows Server 2016.

tags | exploit, remote, arbitrary
systems | windows
advisories | CVE-2020-16875
MD5 | 4817f312503fe0d215155d229b4a3b48
Mida Solutions eFramework ajaxreq.php Command Injection
Posted Sep 16, 2020
Authored by Brendan Coles, elbae | Site metasploit.com

This Metasploit module exploits a command injection vulnerability in Mida Solutions eFramework version 2.9.0 and prior. The ajaxreq.php file allows unauthenticated users to inject arbitrary commands in the PARAM parameter to be executed as the apache user. The sudo configuration permits the apache user to execute any command as root without providing a password, resulting in privileged command execution as root. This module has been successfully tested on Mida Solutions eFramework-C7-2.9.0 virtual appliance.

tags | exploit, arbitrary, root, php
advisories | CVE-2020-15920
MD5 | 1b7215ff6d3355202c2e796fb94a2cac
1CRM 8.6.7 Insecure Direct Object Reference
Posted Sep 16, 2020
Authored by Andreas Sperber

1CRM versions 8.6.7 and below suffer from an insecure direct object reference vulnerability.

tags | exploit
advisories | CVE-2020-15958
MD5 | 664d037a79e2d8723d7d5d4b3092e00b
Acronis Cyber Backup 12.5 Build 16341 Server-Side Request Forgery
Posted Sep 16, 2020
Authored by Julien Ahrens | Site rcesecurity.com

Acronis Cyber Backup version 12.5 Build 16341 suffers from a server-side request forgery vulnerability.

tags | exploit
advisories | CVE-2020-16171
MD5 | 91fb344eebf7d5d7a6562e49e011ffc4
Piwigo 2.10.1 Cross Site Scripting
Posted Sep 16, 2020
Authored by Iridium

Piwigo version 2.10.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2020-9467
MD5 | 90f9620f90a6434b4de66b7345b64f84
Zerologon Proof Of Concept
Posted Sep 16, 2020
Authored by Tom Tervoort, _dirkjan

Proof of concept exploit for the Windows Zerologon vulnerability as noted in CVE-2020-1472. By default, it changes the password of the domain controller account.

tags | exploit, proof of concept
systems | windows
advisories | CVE-2020-1472
MD5 | 1d075193b9c51dbeb9ca38bebe03fe52
ThinkAdmin 6 Arbitrary File Read
Posted Sep 15, 2020
Authored by Hzllaga

ThinkAdmin version 6 suffers from an arbitrary file read vulnerability.

tags | exploit, arbitrary
advisories | CVE-2020-25540
MD5 | 32b0ce662805c15820a8b2d9289a212c
Tailor MS 1.0 Cross Site Scripting
Posted Sep 15, 2020
Authored by Bobby Cooke, hyd3sec

Tailor MS version 1.0 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 8b140ec9d3e79e50039c0fd163119144
Joomla! paGO Commerce 2.5.9.0 SQL Injection
Posted Sep 14, 2020
Authored by Mehmet Kelepce

Joomla! paGO Commerce component 2.5.9.0 suffers from an authenticated remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | b263454605d8c97245dabcd00bf58c76
Pearson Vue VTS 2.3.1911 Unquoted Service Path
Posted Sep 14, 2020
Authored by JOK3R

The installer in Pearson Vue VTS version 2.3.1911 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | c5bf08275d53520a31d70d779914ae2a
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Request Forgery
Posted Sep 14, 2020
Authored by Uriel Yochpaz, Jonatan Schor

RAD SecFlow-1v version SF_0290_2.3.01.26 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
MD5 | 726c088a7cfd8991d27d84005f12a9d7
Rapid7 Nexpose Installer 6.6.39 Unquoted Service Path
Posted Sep 14, 2020
Authored by Angelo D'Amato

Rapid7 Nexpose Installer version 6.6.39 suffers from an unquoted service path vulnerability.

tags | exploit
MD5 | 779582d9267975b0b34cb162ca6ceded
RAD SecFlow-1v SF_0290_2.3.01.26 Cross Site Scripting
Posted Sep 14, 2020
Authored by Uriel Yochpaz, Jonatan Schor

RAD SecFlow-1v version SF_0290_2.3.01.26 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
MD5 | db0937fcd3284d7891614e99c1b9a8a9
Linux expand_downwards() / munmap() Race Condition
Posted Sep 14, 2020
Authored by Jann Horn, Google Security Research

A race condition exists with munmap() downgrades in Linux kernel versions since 4.20.

tags | exploit, kernel
systems | linux
MD5 | af84b28deac71be6c5fa63ed3e242c89
Microsoft Windows Finger Security Bypass / C2 Channel
Posted Sep 14, 2020
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

Microsoft Windows TCPIP Finger Command finger.exe that ships with the OS, can be used as a file downloader and makeshift C2 channel. Legitimate use of Windows Finger Command is to send Finger Protocol queries to remote Finger daemons to retrieve user information. However, the finger client can also save the remote server response to disk using the command line redirection operator.

tags | exploit, remote, protocol
systems | windows
MD5 | cf1c7a658300820f34037e5d7395ac66
DnsAdmin ServerLevelPluginDll Feature Abuse Privilege Escalation
Posted Sep 11, 2020
Authored by Imran Dawoodjee, Shay Ber | Site metasploit.com

This Metasploit module exploits a feature in the DNS service of Windows Server. Users of the DnsAdmins group can set the ServerLevelPluginDll value using dnscmd.exe to create a registry key at HKLM\SYSTEM\CurrentControlSet\Services\DNS\Parameters\ named ServerLevelPluginDll that can be made to point to an arbitrary DLL.

tags | exploit, arbitrary, registry
systems | windows
MD5 | a9fb3457e349592a8a89e98cdf5e1403
VTENEXT 19 CE Remote Code Execution
Posted Sep 11, 2020
Authored by Marco Ruela

VTENEXT 19 CE suffers from a remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | 7e1925aab1a49335535c175d97fc5fba
Tea LaTex 1.0 Remote Code Execution
Posted Sep 11, 2020
Authored by nepska

Tea LaTex version 1.0 suffers from an unauthenticated remote code execution vulnerability.

tags | exploit, remote, code execution
MD5 | eacc96ce287373be9a31e4ae72cf492b
Page 1 of 1,851
Back12345Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    12 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close