WP Maintenance <= 5.0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

No nonce protection on form submissions leading to CSRF and no input/output sanitization allowing for XSS when CSRF is exploited. input type="hidden" name="wpmaintenancesocialop...

Centova Cast 3.2.11 Arbitrary File Download

Exploit Title: Centova Cast 3.2.11 - Arbitrary File Download Date: 2019-11-17 Exploit Author: DroidU Vendor Homepage: https://centova.com Affected Version: =v3.2.11 Tested on: Debian 9, CentOS 7 !/bin/bash if "$4" = "" then echo "Usage: $0 centovacasturl user password ftpaddress" exit fi url=$1...

CVE-2019-15346

The Tecno Camon iClick 2 Android device with a build fingerprint of TECNO/H622/TECNO-ID6:8.1.0/O11019/F-180824V116:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service...

CMS Made Simple 2.2.8 Remote Code Execution Exploit

An issue was discovered in CMS Made Simple version 2.2.8. In the module DesignManager in the files action.adminbulkcss.php and action.adminbulktemplate.php, with an unprivileged user with Designer permission, it is possible to reach an unserialize call with a crafted value in the m1allparms...

gSOAP 2.8 - Directory Traversal Vulnerability

Exploit for php platform in category web applications Title: gSOAP 2.8 - Directory Traversal Author: Numan Türle Date: 2019-11-13 Vendor Homepage: https://www.genivia.com/ Version : gSOAP 2.8 Software Link : https://www.genivia.com/products.htmlgsoap POC --------- GET...

Optergy 2.3.0a - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: =2.3.0a Advisory: https://applied-risk.com/resources/ar-2019-008 Paper:...

FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: FlexAir Access Control 2.4.9api3 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...

Optergy 2.3.0a - Cross-Site Request Forgery (Add Admin)

Title: Optergy 2.3.0a - Cross-Site Request Forgery Add Admin Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: history.pushState'', '', '/'...

Adive Framework 2.0.7 - Privilege Escalation

Exploit Title: Adive Framework 2.0.7 - Privilege Escalation Date: 2019-08-02 Exploit Author: Pablo Santiago Vendor Homepage: https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.7 Tested on: Windows 10 CVE : CVE-2019-14347 Exploit import requests import...

Adaware Web Companion version 4.8.2078.3950 - WCAssistantService Unquoted Service Path

Adaware Web Companion version 4.8.2078.3950 - WCAssistantService Unquoted Service Path Exploit Title: Adaware Web Companion version 4.8.2078.3950 - 'WCAssistantService' Unquoted Service Path Date: 2019-11-06 Exploit Author: Mariela L Martínez Hdez Vendor Homepage: https://webcompanion.com/en/...

Windows Escalate UAC Protection Bypass (Via dot net profiler)

Microsoft Windows allows for the automatic loading of a profiling COM object during the launch of a CLR process based on certain environment variables ostensibly to monitor execution. In this case, we abuse the profiler by pointing to a payload DLL that will be launched as the profiling thread...

ChaosPro 2.0 Buffer Overflow

Exploit Title: ChaosPro 2.0 - Buffer Overflow SEH Date: 2019-10-27 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://www.chaospro.de/ Software link: http://www.chaospro.de/cpro20.zip Version: 2.0 Tested on: Windows XP Pro OEM !/usr/bin/env python2 import os, sys sploit = "A" 5000 Crash!...

WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting

WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Exploit Title: Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\soliloquy-lite" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://soliloquywp.com/ Softwa...

Lavasoft 2.3.4.7 - LavasoftTcpService Unquoted Service Path

Lavasoft 2.3.4.7 - LavasoftTcpService Unquoted Service Path Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path Author: Luis MedinaL Date: 2019-10-15 Vendor Homepage: https://www.adaware.com/ Software Link : https://www.adaware.com/antivirus Version : 2.3.4.7 Tested on: Microsoft Window...

ASUS RT-N10+ 2.0.3.4 CSRF / XSS / Command Execution

Exploit Title: XSS And CSRF to RCE in ASUS RT-N10 Repeater Mode Date: 13/10/2019 Exploit Author: Matheus Vrech Vendor Homepage: https://www.asus.com/ Version: ASUS RT-N10+, Firmware: 2.0.3.4 Tested on: Archlinux, Windows 10 XSS: when someone change router to repeater mode you should be able to...

Apache Httpd mod_rewrite - Open Redirects

Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik 'https://redirect.local/%0a.evilwebsite.com' --path-as-is HTTP/2 302 date: Mon...

thesystem App 1.0 - &#039;username&#039; SQL Injection

Exploit Title: thesystem App 1.0 - 'username' SQL Injection Author: Anıl Baran Yelken Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A...

Chamilo LMS 1.11.8 Shell Upload Exploit

Exploit for php platform in category web applications PHP Test FILE UPLOAD'; $tgtdir = "uploads/"; $tgtfile = $tgtdir.basename$FILES'fileToUpload''name'; echo "TARGET FILE= ".$tgtfile; //$filename = $FILES'fileToUpload''name'; echo "FILE NAME FROM VARIABLE:- ".$FILES"fileToUpload""name...

vBulletin 5.0 5.5.4 - widget_php Unauthenticated Remote Code Execution

vBulletin 5.0 5.5.4 - widgetphp Unauthenticated Remote Code Execution !/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.arg...

CURL-CVE-2019-5481 FTP-KRB double free

libcurl can be told to use kerberos over FTP to a server, as set with the CURLOPTKRBLEVEL option. During such kerberos FTP data transfer, the server sends data to curl in blocks with the 32-bit size of each block first and then that amount of data immediately following. A malicious or broken serv...