Jump to content

Welcome to LeVeL23HackTools

Welcome to LeVeL23HackTools, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of LeVeL23HackTools by signing in or creating an account.

  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.

  • Announcements

    • dEEpEst

      RESTRICTIONS ON DOWNLOADS   10/17/2018

      You can download 5 files a day, if you want to make unlimited downloads you must buy PRIV8, you will have access to all the parts of the forum and you will be able to download unlimitedly without restrictions for a lifetime.

1337day-Exploits

LvL-23
  • Content count

    5,656
  • Avg. Content Per Day

    2
  • Joined

  • Last visited

  • Days Won

    1

Everything posted by 1337day-Exploits

  1. Facebook And Google Reviews System For Businesses version 1.1 suffers from a code execution vulnerability. View the full article
  2. Facebook And Google Reviews System For Businesses version 1.1 suffers from a remote SQL injection vulnerability. View the full article
  3. GNU inetutils versions 1.9.4 and below are vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escape restricted shells on embedded devices. Most modern browsers no longer support telnet:// handlers, but in instances where URI handlers are enabled to the inetutils telnet client this issue maybe remotely triggerable. A stack-based overflow is present in the handling of environment variables when connecting telnet.c to remote telnet servers through oversized DISPLAY arguments. A heap-overflow is also present which can be triggered in a different code path due to supplying oversized environment variables during client connection code. View the full article
  4. An exploitable arbitrary file creation weakness has been identified in Mikrotik RouterOS that can be leveraged by a malicious attacker to exploit all known versions of Mikrotik RouterOS. The RouterOS contains a telnet client based on GNU inetutils with modifications to remove shell subsystem. However an attacker can leverage the "set tracefile" option to write an arbitrary file into any "rw" area of the filesystem, escaping the restricted shell to gain access to a "ash" busybox shell on some versions. The file is created with root privileges regardless of the RouterOS defined group. View the full article
  5. Huawei Router HG532e command execution exploit. View the full article
  6. Angry IP Scanner version 3.5.3 denial of service proof of concept exploit. View the full article
  7. Facebook And Google Reviews System For Business version 1.0 suffers from a cross site request forgery vulnerability. View the full article
  8. Zortam MP3 Media Studio version 24.15 SEH local buffer overflow exploit. View the full article
  9. Responsive FileManager version 9.13.4 suffers from bypass, cross site scripting, remote file read, remote file write, and traversal vulnerabilities. View the full article
  10. Cisco RV110W suffers from password disclosure and command execution vulnerabilities. View the full article
  11. UltraISO version 9.7.1.3519 Output FileName denial of service proof of concept exploit. View the full article
  12. Double Your Bitcoin Script Automatic 2018 suffers from a remote SQL injection vulnerability that allows for authentication bypass. View the full article
  13. This Metasploit module exploits a type confusion bug in the Javascript Proxy object in WebKit. The DFG JIT does not take into account that, through the use of a Proxy, it is possible to run arbitrary JS code during the execution of a CreateThis operation. This makes it possible to change the structure of e.g. an argument without causing a bailout, leading to a type confusion. View the full article
  14. Exploits Windows UAC Protection Bypass

    This Metasploit module modifies a registry key, but cleans up the key once the payload has been invoked. The module does not require the architecture of the payload to match the OS. View the full article
  15. Exploits WebDAV Server Serving DLL

    This Metasploit module simplifies the rundll32.exe Application Whitelisting Bypass technique. The module creates a webdav server that hosts a dll file. When the user types the provided rundll32 command on a system, rundll32 will load the dll remotely and execute the provided export function. The export function needs to be valid, but the default meterpreter function can be anything. The process does write the dll to C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\TfsStore\Tfs_DAV but does not load the dll from that location. This file should be removed after execution. The extension can be anything you'd like, but you don't have to use one. Two files will be written to disk. One named the requested name and one with a dll extension attached. View the full article
  16. Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability related to extracting local and ldap users. View the full article
  17. Fortify Software Security Center versions 17.10, 17.20, and 18.10 suffer from an insecure direct object reference vulnerability. View the full article
  18. When the WordPress plugin Snap Creek Duplicator restores a backup, it leaves dangerous files in the filesystem such as installer.php and installer-backup.php. These files allow anyone to call a function that overwrite the wp-config.php file AND this function does not sanitize POST parameters before inserting them inside the wp-config.php file, leading to arbitrary PHP code execution. WARNING: This exploit WILL break the wp-config.php file. If possible try to restore backups of the configuration after the exploit to make the WordPress site work again. View the full article
  19. Exploits HotelDruid 2.3 SQL Injection

    HotelDruid version 2.3 suffers from a remote SQL injection vulnerability. View the full article
  20. Apache OFBiz version 16.11.05 suffers from a cross site scripting vulnerability. View the full article
  21. WordPress AutoSuggest plugin version 0.24 suffers from a remote SQL injection vulnerability. View the full article
  22. ThinkPHP versions prior to 5.0.23 and prior to 5.1.31 suffer from a remote code execution vulnerability. View the full article
  23. Huawei B315s-22 suffers from an information disclosure vulnerability. View the full article
  24. Adobe ColdFusion 2018 suffers from a remote shell upload vulnerability. View the full article
  25. TP-Link Archer C1200 suffers from a cross site scripting vulnerability. View the full article
×