Privilege Escalation

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Arbitrary Code Execution

Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with...

Nili - Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing

Nili is a Tool for Network Scan, Man in the Middle, Protocol Reverse Engineering and Fuzzing. Prerequisites Python - Python Programming Language Scapy - Interactive Packet Manipulation Program Netzob - Protocol Reverse Engineering, Modeling and Fuzzing Installing Here is some Instructions for...

Pluck CMS 4.7.4 Cross Site Request Forgery

============================================== Exploit Title : pluck-cms vulnerability CSRF Reported Date : 8 - 10 - 2017 Exploit Author : Ashiyane Digital Security Team CWE: CSRF - 352 Tested On : kali Linux Vendor Homepage : https://www.pluck-cms.org/ Software Link :...

Atbox.io Open Redirect

================================================================================ Open Redirect on Atbox.io ================================================================================ Site: https://atbox.io/?l=en Date: 27/Nov/2016 Author: Ehsan Hosseini Contact: [email protected]...

SweetRice 1.5.1 - Arbitrary File Upload

/usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Unrestricted File Upload Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip Version: 1.5.1 Platform: WebApp -...

SweetRice 1.5.1 - Arbitrary File Download

SweetRice 1.5.1 - Arbitrary File Download /usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Local File Inclusion Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link:...

SweetRice 1.5.1 - Arbitrary File Download Exploit

Exploit for php platform in category web applications /usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Local File Inclusion Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link:...

SweetRice 1.5.1 Local File Inclusion

||/usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Local File Inclusion Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link: http://www.basic-cms.org/attachment/sweetrice-1.5.1.zip Version: 1.5.1 Platform: WebApp - PH...

Adobe Reader 9.3.0 DLL Hijacking

===================================================== Adobe Reader 9.3.0 - DLL Hijacking ===================================================== Vendor Homepage: https://www.adobe.com/ Date: 24 Oct 2016 Version : 9.3.0 Author: Ashiyane Digital Security Team Contact: [email protected]...

Event Calendar PHP 1.5 SQL Injection

===================================================== Event Calendar PHP 1.5 - SQL Injection ===================================================== Vendor Homepage: http://eventcalendarphp.com/ Date: 21 Oct 2016 Demo Link : http://eventcalendarphp.com/eventcalendar/admin.php Version : 1.5 Platform...

Microsoft Visual Studio 2010 DLL Hijacking

===================================================== Microsoft Visual Studio 2010 - DLL Hijacking ===================================================== Vendor Homepage: https://www.visualstudio.com/ Date: 21 Oct 2016 Version : 10.0.30319.1 RTMRel Author: Ashiyane Digital Security Team Contact:...

Sublime Text Editor 3 DLL Hijacking

===================================================== Sublime Text Editor 3 - DLL Hijacking ===================================================== Vendor Homepage: https://www.sublimetext.com/ Date: 20 Oct 2016 Software Link : https://download.sublimetext.com/Sublime Text Build 3126 Setup.exe...

NO-IP DUC 4.1.1 DLL Hijacking

===================================================== NO-IP DUC v4.1.1 - DLL Hijacking ===================================================== Vendor Homepage: http://noip.com Date: 20 Oct 2016 Software Link : http://www.noip.com/client/DUCSetupv411.exe Version : 4.1.1 Author: Ashiyane Digital...

Event Calendar PHP 1.5 - SQL Injection

Event Calendar PHP 1.5 - SQL Injection ===================================================== Event Calendar PHP 1.5 - SQL Injection ===================================================== Vendor Homepage: http://eventcalendarphp.com/ Date: 21 Oct 2016 Version : 1.5 Platform : WebApp - PHP Author:...

Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)

Simple Forum PHP 2.4 - Cross-Site Request Forgery Edit Options document.forms0.submit;...

NO-IP DUC 4.1.1 Privilege Escalation

===================================================== NO-IP DUC v4.1.1 - Unquoted Service Path Privilege Escalation ===================================================== Vendor Homepage: http://noip.com Date: 14 Oct 2016 Software Link : http://www.noip.com/client/DUCSetupv411.exe Version : 4.1.1...

Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)

document.forms0.submit;...

Simple Forum PHP 2.4 - SQL Injection

===================================================== Simple Forum PHP 2.4 - SQL Injection ===================================================== Vendor Homepage: http://simpleforumphp.com Date: 14 Oct 2016 Demo Link : http://simpleforumphp.com/forum/admin.php Version : 2.4 Platform : WebApp - PHP...

Simple Forum PHP 2.4 Cross Site Request Forgery

document.forms0.submit;...