CVE-2017-10723

CVE-2017-10723 affects the Shekar Endoscope firmware where the UDP daemon’s handling of a Wi‑Fi name change request uses a flawed memcpy invocation with the payload length derived from strlen. This leads to a buffer overflow in the function setwifiname , enabling memory corruption and potential r...

CVE-2019-5296

Huawei Mate20 smartphones running versions earlier than HMA-AL00C00B175 are affected by an out-of-bounds read due to insufficient input verification. The issue allows an attacker with high privileges to execute specific commands, potentially causing memory reads and a system abnormal state. The v...

Zoho ManageEngine ServiceDesk Plus 9.3 - 'PurchaseRequest.do' Cross-Site Scripting

Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via PurchaseRequest.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho ManageEngine ServiceDesk Plus 9.3 CVE :...

NUUO NVRMini 2 3.9.1 Stack Overflow

!/usr/bin/python Exploit Title: NUUO NVRMini2 3.9.1 'sscanf' stack overflow Google Dork: n/a Date: Advisory Published: Nov 18 Exploit Author: @0x00string Vendor Homepage: nuuo.com Software Link: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 and prior Tested on: 3.9.1 CVE :...

Phraseanet 4.0.7 - Cross-Site Scripting

Phraseanet 4.0.7 - Cross-Site Scripting Exploit title: Stored XSS vulnerability in Phraseanet DAM Open Source software Date: 10/10/2018 Exploit Author: Krzysztof Szulski Vendor Homepage: https://www.phraseanet.com Software Link also VM: https://www.phraseanet.com/en/download/ Version affected:...

PHP-Fusion 9.03.00 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusion 9.03.00 and prior versions. It is possible to execute commands i...

PHP-Fusion 9.03.00 - Edit Profile Remote Code Execution (Metasploit)

PHP-Fusion 9.03.00 - Edit Profile Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusi...

Convert Video jetAudio 8.1.7 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: Convert Video jetAudio 8.1.7 - Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.jetaudio.com/ Software Link http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/JAD8107BASIC.exe Version: 8.1.7...

Blue Angel Software Suite - Command Execution Exploit

Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite, an application that runs on...

BoF-Challenge3

A bit more difficult, On this simple stack-based buffer overflow you need to again identify the vulnerable function and the buffer to overflow, then inject your payload and get a local shell. include include include include void getpath char buffer64; unsigned int ret; printf"input path please: "...

Sierra Wireless AirLink ES450 ACEManager upload.cgi Remote Code Execution Exploit

An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticat...

MODX setup/ Directory Site Exploit

There is currently an active exploit of sites with an intact MODX Revolution setup/ directory. This can give anyone on the internet complete access to your site and possibly your server with trivial effort. This directory should never be left in place once a site is installed. You can check if yo...

CVE-2015-1326

python-dbusmock before version 0.15.1 AddTemplate D-Bus method call or DBusTestCase.spawnservertemplate method could be tricked into executing malicious code if an attacker supplies a .pyc file...

74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)

74CMS 5.0.1 - Cross-Site Request Forgery Add New Admin User Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: http://www.74cms.com/download/index.html Version: v5.0.1 CVE :...

Download Manager <= 2.9.93 - Authenticated Cross-Site Scripting (XSS)

In the pro features of the WordPress download manager plugin, there is a Category Short-code feature witch can use to sort categories with order by a function which will be used as ?orderby=title,publishdate . By adding parameter " and add any XSS payload , the xss payload will execute. To...

Jobgator SQL Injection

Exploit Title: NCrypted Jobgator - SQL Injection Date: 05.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.ncrypted.net/jobgator/ Demo Site: https://demo.ncryptedprojects.com/jobgator/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC 1: SQLi ----- Request:...

WP Google Maps 7.11.00-7.11.17 - Unauthenticated SQL Injection

The includes/class.rest-api.php in the REST API does not sanitize field names before a SELECT statement, leading to an unauthenticated SQL injection issue. curl -k --silent "http://example.com/index.php?restroute=3D/wpgmza/v1/markers/&filter=3D%7B%7D&=fields=3D+from+wpusers+--+-"...

Classified Ad Lister 2.0 Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications =========================================================================================== Exploit Title: Classified Ad Lister v2.0 - 'uploads' Arbitrary File Upload Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - &#039;arac_kategori_id&#039; SQL Injection

Exploit Title: Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arackategoriid' SQL Injection Date: 28.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/u-4-php-hazir-rent-a-car-sitesi-scripti-v2.html Demo Site: http://rentv2.proemlaksitesi.net/ Version: V2 Tested on...

Jettweb Hazır Rent A Car Scripti V4 - SQL Injection

Jettweb Hazır Rent A Car Scripti V4 - SQL Injection Exploit Title: Jettweb Hazır Rent A Car Scripti V4 - SQL Injection Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/u-46-php-hazir-rent-a-car-scripti-v4.html Demo Site: http://rentv4.proemlaksitesi.net/...