http://www.vfocus.net/art/index.html 安全文章 zh-cn CopyRight&#160;&#169;&#160;2002-2025 <a href="/" target=_blank title=":::VITTERSAFE危特网安:::">VFocuS.Net</a> All Rights Reserved webmaster@mail.securitycn.net http://www.vfocus.net/art/20220318/15112.html # Exploit Title: Apache APISIX 2.12.1 - Remote Code Execution (RCE)# Date: 2022-03-16# Exploit Author: Ven3xy# Vendor Homepage: https://apisix.apache.org/# Version: Apache APISIX 1.3 2.12.1# Tested on: CentOS 7# CVE : CVE-2022-24112import requestsim 2022-03-18 Exploits Ven3xy https://github.com/M4xSec http://www.vfocus.net/art/20220314/15111.html // Exploit Title: Linux Kernel 5.8 5.16.11 - Local Privilege Escalation (DirtyPipe)// Exploit Author: blasty (peter@haxx.in)// Original Author: Max Kellermann (max.kellermann@ionos.com)// CVE: CVE-2022-0847/* SPDX-License-Identifier: GPL-2.0 *//* * 2022-03-14 Exploits Kellermann max.kellermann@ionos.com http://www.vfocus.net/art/20210406/15110.html # Exploit Title: Google Chrome 81.0.4044 V8 - Remote Code Execution# Date: 05/04/2021# Exploit Author: Tobias Marcotto# Tested on: Kali Linux x64 # Version: 83.0.4103.106# Description: Out of bounds write in V8 in Google Chrome prior to 83.0.4103.10 2021-04-06 Exploits Marcotto vfocus.net http://www.vfocus.net/art/20210406/15109.html # Exploit Title: Google Chrome 86.0.4240 V8 - Remote Code Execution# Date: 05/04/2021# Exploit Author: Tobias Marcotto# Tested on: Kali Linux x64 # Version: 87.0.4280.88# Description: Insufficient data validation in V8 in Google Chrome prior to 87.0 2021-04-06 Exploits Marcotto vfocus.net http://www.vfocus.net/art/20210406/15108.html # Exploit Title: vsftpd 3.0.3 - Remote Denial of Service# Date: 22-03-2021# Exploit Author: xynmaps# Vendor Homepage: https://security.appspot.com/vsftpd.html# Software Link: https://security.appspot.com/downloads/vsftpd-3.0.3.tar.gz# Version: 3.0.3 2021-04-06 Exploits xynmaps vfocus.net http://www.vfocus.net/art/20210406/15107.html import requestsfrom urllib3.exceptions import InsecureRequestWarningimport randomimport stringimport sysdef id_generator(size=6, chars=string.ascii_lowercase + string.digits): return ''.join(random.choice(chars) for _ in range(size))if len(sys.argv) 2021-04-06 Exploits F5 btwaf.cn http://www.vfocus.net/art/20210312/15106.html # Exploit Title: Monitoring System (Dashboard) 1.0 - File Upload RCE (Authenticated)# Exploit Author: Richard Jones# Date: 2021-03-11# Vendor Homepage: https://www.sourcecodester.com/php/11741/monitoring-system-dashboard.html# Software Link: https:/ 2021-03-12 Exploits Jones exploit-db.com http://www.vfocus.net/art/20210312/15105.html # Exploit Title: Nsasoft Hardware Software Inventory 1.6.4.0 - 'multiple' Denial of Service (PoC)# Exploit Author : Enes zeser# Exploit Date: 2021-02-28# Vendor Homepage : https://www.nsauditor.com/# Link Software : https://www.nsauditor.com/downloa 2021-03-12 Exploits Enes exploit-db.com http://www.vfocus.net/art/20210312/15104.html # Title: Atlassian JIRA 8.11.1 - User Enumeration# Author: Dolev Farhi# Vulnerable versions: version 7.13.16, 8.0.0 version 8.5.7, 8.6.0 version 8.12.0# CVE: CVE-2020-14181# Credit to original CVE author: Mikhail Klyuchnikov of Positive Technologies 2021-03-12 Exploits Farhi exploit-db.com http://www.vfocus.net/art/20210312/15103.html # Golden FTP Server 4.70 - 'PASS' Buffer Overflow (2)# Author: 1F98D# Original Authors: Craig Freyman (cd1zz) and Gerardo Iglesias Galvan (iglesiasgg)# Tested on Windows 10 (x64)## A buffer overflow exists in GoldenFTP during the authentication proc 2021-03-12 Exploits 1F98D exploit-db.com http://www.vfocus.net/art/20210312/15102.html # Exploit Title: Joomla JCK Editor 6.4.4 - 'parent' SQL Injection (2)# Googke Dork: inurl:/plugins/editors/jckeditor/plugins/jtreelink/# Date: 05/03/2021# Exploit Author: Nicholas Ferreira# Vendor Homepage: http://docs.arkextensions.com/downloads/jc 2021-03-12 Exploits Ferreira exploit-db.com http://www.vfocus.net/art/20210312/15101.html # Exploit Title: Hotel and Lodge Management System 1.0 - Remote Code Execution (Unauthenticated)# Date: 07-03-2021# Exploit Author: Christian Vierschilling# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.c 2021-03-12 Exploits Christian exploit-db.com http://www.vfocus.net/art/20210303/15100.html # Exploit Title: AnyDesk 5.5.2 - Remote Code Execution# Date: 09/06/20# Exploit Author: scryh# Vendor Homepage: https://anydesk.com/en# Version: 5.5.2# Tested on: Linux# Walkthrough: https://devel0pment.de/?p=1881#!/usr/bin/env pythonimport structim 2021-03-03 Exploits scryh https://devel0pment.de http://www.vfocus.net/art/20210303/15099.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework######## This exploit write payload in database and trig to command# a bug in an zencart v1.5.7b web application####c 2021-03-03 Exploits Saratar trregen222@gmail.com http://www.vfocus.net/art/20210303/15098.html # Exploit Title: Tiny Tiny RSS - Remote Code Execution# Date: 21/09/2020# Exploit Author: Daniel Neagaru Benjamin Nadarevi# Blog post: https://www.digeex.de/blog/tinytinyrss/# Software Link: https://git.tt-rss.org/fox/tt-rss# Version: all before 202 2021-03-03 Exploits Neagaru https://www.digeex.de/blog http://www.vfocus.net/art/20210303/15097.html # Exploit Title: Covid-19 Contact Tracing System 1.0 - Remote Code Execution (Unauthenticated)# Date: 28-02-2021# Exploit Author: Christian Vierschilling# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.com 2021-03-03 Exploits Christian exploit-db.com http://www.vfocus.net/art/20210303/15096.html # Exploit Title: Online Catering Reservation System 1.0 - Unauthenticated Remote Code Execution# Date: 28-02-2021# Exploit Author: Christian Vierschilling# Vendor Homepage: https://www.sourcecodester.com# Software Link: https://www.sourcecodester.co 2021-03-03 Exploits Christian exploit-db.com http://www.vfocus.net/art/20210303/15095.html pre# Exploit Title: VMware vCenter Server 7.0 - Unauthenticated File Upload # Date: 2021-02-27 # Exploit Author: Photubias # Vendor Advisory: [1] https://www.vmware.com/security/advisories/VMSA-2021-0002.html # Version: vCenter Server 6.5 (7515524lt 2021-03-03 Exploits Photubias www.ic4.be http://www.vfocus.net/art/20210303/15094.html # Exploit Title: WiFi Mouse 1.7.8.5 - Remote Code Execution# Date: 25-02-2021# Author: H4rk3nz0# Vendor Homepage: http://necta.us/# Software Link: http://wifimouse.necta.us/#download# Version: 1.7.8.5# Tested on: Windows Enterprise Build 17763# Desk 2021-03-03 Exploits H4rk3nz0 exploit-db.com http://www.vfocus.net/art/20210303/15093.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::EXE prepend Msf::Exploit::Re 2021-03-03 Exploits BerkanEr b3rsec@protonmail.com http://www.vfocus.net/art/20210226/15092.html import tarfile import os from io import BytesIO import requests proxies = { http: http://127.0.0.1:8080 , https: http://127.0.0.1:8080 , } def return_zip(): with tarfile.open(test.tar, 'w') as tar: payload = BytesIO() id_rsa_pub = 'ssh-rsa AAAAB3Nza 2021-02-26 Exploits calmness https://blog.csdn.net/weixin_43650289 http://www.vfocus.net/art/20210226/15091.html #!/usr/bin/env python3# -*- coding: utf-8 -*-# standard modulesfrom metasploit import module# extra modulesDEPENDENCIES_MISSING = Falsetry: import base64 import itertools import os import requestsexcept ImportError: DEPENDENCIES_MISSING = True# Meta 2021-02-26 Exploits Matthew https://raxis.com/blog http://www.vfocus.net/art/20210226/15090.html # Exploit: ASUS Remote Link 1.1.2.13 - Remote Code Execution# Date: 24-02-2021# Exploit Author: H4rk3nz0# Vendor Homepage: http://asus.com/# Software Link: http://remotelink.asus.com/# Version: 1.1.2.13# Tested on: Windows 10 Enterprise Build 17763# 2021-02-26 Exploits H4rk3nz0 www.exploit-db.com http://www.vfocus.net/art/20210226/15089.html #-*- coding:utf-8 -*-banner = 888888ba dP 88 `8b 88 a88aaaa8P' .d8888b. d8888P .d8888b. dP dP 88 `8b. 88' `88 88 Y8ooooo. 88 88 88 .88 88. .88 88 88 88. .88 88888888P `88888P8 dP `88888P' `88888P' oooooooooooooooooooooooooooooooooooooooooooooooooooo 2021-02-26 Exploits NebulabdSec github.com http://www.vfocus.net/art/20210224/15088.html # Exploit Title: Unified Remote 3.9.0.2463 - Remote Code Execution# Author: H4rk3nz0# Vendor Homepage: https://www.unifiedremote.com/# Software Link: https://www.unifiedremote.com/download# Tested on: Windows 10, 10.0.19042 Build 19042#!/usr/bin/pyt 2021-02-24 Exploits H4rk3nz0 exploit-db.com http://www.vfocus.net/art/20210224/15087.html # Exploit Title: HFS (HTTP File Server) 2.3.x - Remote Command Execution (3)# Google Dork: intext:httpfileserver 2.3# Date: 20/02/2021# Exploit Author: Pergyz# Vendor Homepage: http://www.rejetto.com/hfs/# Software Link: https://sourceforge.net/proj 2021-02-24 Exploits Pergyz https://www.rejetto.com http://www.vfocus.net/art/20210224/15086.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient prepen 2021-02-24 Exploits bcoles metasploit.com http://www.vfocus.net/art/20210220/15085.html # Exploit Title: dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow (PoC)# Exploit Author: Kaan apar# Date: 2020-02-17# Vendor Homepage: https://www.ddc-web.com/# Software Link: https://www.ddc-web.com/en/connectivity/databus/milstd1553-1/softwar 2021-02-20 Exploits Ka&#287;an&Ccedil;apar https://www.exploit-db.com/ http://www.vfocus.net/art/20210218/15084.html # Exploit Title: Microsoft Internet Explorer 11 32-bit - Use-After-Free# Date: 2021-02-05# Exploit Author: deadlock (Forrest Orr)# Vendor Homepage: https://www.microsoft.com/# Software Link: https://www.microsoft.com/en-gb/download/internet-explorer 2021-02-18 Exploits deadlock https://labs.f-secure.com/blog http://www.vfocus.net/art/20210218/15083.html Erlang Cookie - Remote Code Execution 2021-02-18 Exploits 1F98D https://insinuator.net http://www.vfocus.net/art/20200918/15082.html # Exploit Title: Microsoft SQL Server Reporting Services 2016 - Remote Code Execution# Google Dork: inurl:ReportViewer.aspx# Date: 2020-09-17# Exploit Author: West Shepherd# Vendor Homepage: https://www.microsoft.com# Version: Microsoft SQL Server 2 2020-09-18 Exploits SHEPHERD https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce- http://www.vfocus.net/art/20200805/15081.html # Exploit Title: CompleteFTP Professional 12.1.3 - Remote Code Execution# Date: 2020-03-11# Exploit Author: 1F98D# Original Author: Rhino Security Labs# Vendor Homepage: https://enterprisedt.com/products/completeftp/# Version: CompleteFTP Profession 2020-08-05 Exploits 1F98D https://rhinosecuritylabs.com http://www.vfocus.net/art/20200706/15080.html #!/usr/bin/python# Exploit Title: vCloud Director - Remote Code Execution# Exploit Author: Tomas Melicher# Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/# Date: 2020-05-24# Vendor 2020-07-06 Exploits AARONSVK https://citadelo.com/en/blog/full-infrastructure-t http://www.vfocus.net/art/20200610/15079.html #!/usr/bin/env python'''# EDB Note ~ Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/48537.zip# SMBGhost_RCE_PoCRCE PoC for CVE-2020-0796 SMBGhostFor demonstration purposes only! Only use this a reference 2020-06-10 Exploits chompie1337 https://ricercasecurity.blogspot.com http://www.vfocus.net/art/20200610/15078.html #!/usr/bin/python# Exploit Title: vCloud Director - Remote Code Execution# Exploit Author: Tomas Melicher# Technical Details: https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/# Date: 2020-05-24# Vendor 2020-06-10 Exploits aaronsvk https://citadelo.com/en/blog/full-infrastructure-t http://www.vfocus.net/art/20200225/15077.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = NormalRanking include Msf::Exploit::Remote::Tcp include Msf::Exp 2020-02-25 Exploits Metasploit metasploit.com http://www.vfocus.net/art/20200122/15076.html # Exploit Title: NEOWISE CARBONFTP 1.4 - Weak Password Encryption# discovery Date: 2019-01-24# published : 2020-01-20# Exploit Author: hyp3rlinx# Vendor Homepage: https://www.neowise.com# Software Link: https://www.neowise.com/freeware/# Version: 1. 2020-01-22 Exploits hyp3rlinx hyp3rlinx.altervista.org http://www.vfocus.net/art/20200122/15075.html ##################################################################### This module requires Metasploit: https://metasploit.com/download ## Current source: https://github.com/rapid7/metasploit-framework ################################################ 2020-01-22 Exploits TheCyberGeek metasploit.com http://www.vfocus.net/art/20200120/15074.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Local Rank = ExcellentRanking include Exploit::EXE include Post::File include 2020-01-20 Exploits Metasploit metasploit.com http://www.vfocus.net/art/20190103/15073.html # Exploit Title: Vtiger CRM 7.1.0 - Remote Code Execution# Date: 2018-12-27# Exploit Author: Azkan Mustafa AkkuA (AkkuS)# Contact: https://pentest.com.tr# Vendor Homepage: https://www.vtiger.com# Software Link: https://sourceforge.net/projects/vtige 2019-01-03 Exploits Akkus https://pentest.com.tr http://www.vfocus.net/art/20190103/15072.html # Exploit Title: Ayukov NFTP FTP Client 2.0 - Buffer Overflow# Date: 2018-12-29# Exploit Author: Uday Mittal# Vendor Homepage: http://www.ayukov.com/nftp/# Software Link: ftp://ftp.ayukov.com/pub/src/nftp-1.72.zip # Version : below 2.0# Tested on: M 2019-01-03 Exploits Mittal vfocus.net http://www.vfocus.net/art/20190103/15071.html # Exploit Title: EZ CD Audio Converter 8.0.7 - Denial of Service (PoC)# Date: 2018-12-30# Exploit Author: Achilles# Vendor Homepage: https://www.poikosoft.com/# Software Link : https://download.poikosoft.com/ez_cd_audio_converter_setup_x64.exe# Expl 2019-01-03 Exploits Achilles vfocus.net http://www.vfocus.net/art/20190103/15070.html # Exploit Title: NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)# Discovery by: Luis Martinez# Discovery Date: 2018-12-27# Vendor Homepage: www.nsauditor.com# Software Link : http://www.nsauditor.com/downloads/networksleuth_setup.exe# Tested V 2019-01-03 Exploits Martinez luismtzsilva at gmail.com http://www.vfocus.net/art/20190103/15069.html # Exploit Title: NBMonitor Network Bandwidth Monitor 1.6.5.0 - 'Name' Denial of Service (PoC)# Author: Luis Martinez# Date: 2018-12-27# Vendor Homepage: www.nsauditor.com# Software Link : http://www.nbmonitor.com/downloads/nbmonitor_setup.exe# Teste 2019-01-03 Exploits Martinez luismtzsilva at gmail.com http://www.vfocus.net/art/20181229/15068.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient includ 2018-12-29 Exploits Kaiser metasploit.com http://www.vfocus.net/art/20181229/15067.html ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient includ 2018-12-29 Exploits Kaiser metasploit.com http://www.vfocus.net/art/20181229/15066.html WebKit: JSC: A bug in AbstractValue::set CVE-2018-4443void AbstractValue::set(Graph graph, RegisteredStructure structure){ RELEASE_ASSERT(structure); m_structure = structure; m_arrayModes = asArrayModes(structure-indexingType()); m_type = speculatio 2018-12-29 Exploits lokihardt Google Security Research http://www.vfocus.net/art/20181229/15065.html WebKit: JSC: A bug in JSArray::shiftCountWithArrayStorage CVE-2018-4441bool JSArray::shiftCountWithArrayStorage(VM vm, unsigned startIndex, unsigned count, ArrayStorage* storage){ unsigned oldLength = storage-length(); RELEASE_ASSERT(count = oldLeng 2018-12-29 Exploits lokihardt Google Security Research http://www.vfocus.net/art/20181228/15064.html （原标题：史上最秀黑客：抢银行，让ATM狂吐10亿欧，全部换成比特币） 他们的故事全球几乎无人知晓，但他们的名字却是世界所有银行共同铭记的噩梦。 Carbanak，这个名称无法直译成中文的黑客组织，在5年时间内，横扫全球银行，攫取至少10亿欧元。他们创造的木马病毒， 2018-12-28 黑客传奇 31QU 31QU http://www.vfocus.net/art/20181228/15063.html # Exploit Title: Terminal Services Manager 3.1 - Buffer Overflow (SEH)# Date: 2018-12-25# Exploit Author: bzyo# Twitter: @bzyo_# Vulnerable Software: Terminal Services Manager 3.1# Vendor Homepage: https://lizardsystems.com# Version: 3.1 # Software 2018-12-28 Exploits bzyo @bzyo_