Search the Community

Showing results for tags 'Exploits'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Cracking Zone
    • Cracking Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Premium Accounts
    • Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Cracking Zone PRIV8
    • Cracking Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Location


Interests


Occupation


TeamViewer


Tox

Found 2,365 results

  1. This Metasploit module exploits a vulnerability found in Cisco Prime Infrastructure. The issue is that the TarArchive Java class the HA Health Monitor component uses does not check for any directory traversals while unpacking a Tar file, which can be abused by a remote user to leverage the UploadServlet class to upload a JSP payload to the Apache Tomcat's web apps directory, and gain arbitrary remote code execution. Note that authentication is not required to exploit this vulnerability. View the full article
  2. This Metasploit modules exploits a vulnerability in Cisco Prime Infrastructure's runrshell binary. The runrshell binary is meant to execute a shell script as root, but can be abused to inject extra commands in the argument, allowing you to execute anything as root. View the full article
  3. BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from theme Cookie directory traversal and remote code execution vulnerabilities. View the full article
  4. BlogEngine.NET versions 3.3.6 and 3.3.7 suffer from dirPath directory traversal and remote code execution vulnerabilities. View the full article
  5. BlogEngine.NET versions 3.3.7 and earlier are vulnerable to two separate directory traversal issues that can lead to remote code execution. View the full article
  6. Sahi Pro version 8.x suffers from a cross site scripting vulnerability. View the full article
  7. 1337day-Exploits

    Exploits Sahi Pro 8.x SQL Injection

    Sahi Pro version 8.x suffers from a remote SQL injection vulnerability. View the full article
  8. Sahi Pro versions 7.x and 8.x suffer from a directory traversal vulnerability. View the full article
  9. Serv-U FTP Server version 15.1.6 suffers from a local privilege escalation vulnerability. View the full article
  10. Exim versions 4.87 through 4.91 suffer from a local privilege escalation vulnerability. View the full article
  11. 1337day-Exploits

    Exploits Netperf 2.6.0 Buffer Overflow

    Netperf version 2.6.0 suffers from a stack-based buffer overflow. View the full article
  12. This Metasploit module exploits a command execution vulnerability in AROX School-ERP. "import_stud.php" and "upload_fille.php" do not have session control. Session start/check functions in Line 8,9,10 are disabled with slashes. Therefore an unauthenticated user can execute the command on the system. View the full article
  13. The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS if attackers can reach the service on port 8794. In addition this can potentially be leveraged for post exploit persistence with SYSTEM privileges, if physical access or malware is involved. If a physical attacker or malware can set its own program for the service failure recovery options, it can be used to maintain persistence. Afterwards, it can be triggered by sending a malicious request to DoS the service, which in turn can start the attackers recovery program. The attackers program can then try restarting the affected service to try an stay unnoticed by calling "sc start HCServerService". Services failure flag recovery options for "enabling actions for stops or errors" and can be set in the services "Recovery" properties tab or on the command line. Authentication is not required to reach the vulnerable service, this was tested successfully on Windows 7/10. View the full article
  14. When a Microsoft Word ".docx" File contains a hyperlink to another file, it will run the first file it finds in that directory with a valid extension. But will present to the end user an extension-less file in its Security warning dialog box without showing the extension type. If another "empty" file of the same name as the target executable exists but has no file extension. Because the extension is suppressed it makes the file seem harmless and the file can be masked to appear as just a folder etc. This can potentially trick user into running unexpected code, but will only work when you have an additional file of same name with NO extension on it. View the full article
  15. Spring Security OAuth versions 2.3 prior to 2.3.6 suffer from open redirection vulnerabilities. View the full article
  16. This script is a proof of concept to bypass the Microsoft Windows User Access Control (UAC) via SluiFileHandlerHijackLPE. View the full article
  17. RedwoodHQ version 2.5.5 suffers from an authentication bypass vulnerability. View the full article
  18. Clever Dog Smart Camera types DOG-2W and DOG-2W-V4 suffer from file disclosure, default telnet backdoor credential, and insecure transit vulnerabilities. View the full article
  19. 1337day-Exploits

    Exploits Java Card Proof Of Concepts

    Security Explorations has discovered multiple security vulnerabilities in the reference implementation of Java Card technology from Oracle used in financial, government, transportation and telecommunication sectors among others. As for the impact, the vulnerabilities found make it possible to break memory safety of the underlying Java Card VM. As a result, full access to smartcard memory could be achieved, applet firewall could be broken or native code execution could be gained. This archive contains the proof of concept code that demonstrates these vulnerabilities which were originally made public in March of 2019. View the full article
  20. A type confusion has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash the process or leak information from the client system via calendar replies. Proof of concept included. View the full article
  21. A stack-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included. View the full article
  22. A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included. View the full article
  23. A heap-based buffer overflow has been identified in the Thunderbird email client. The issue is present in the libical implementation, which was forked from upstream libical version 0.47. The issue can be triggered remotely, when an attacker sends an specially crafted calendar attachment and does not require user interaction. It might be used by a remote attacker to crash or gain remote code execution in the client system. Proof of concept included. View the full article
  24. CentOS version 7.6 ptrace_scope misconfiguration local privilege escalation exploit. View the full article
  25. Aida64 version 6.00.5100 Log to CSV File local SEH buffer overflow exploit. View the full article