Exploit for Use After Free in Microsoft

CVE-2019-0708...

BORGChat 1.0.0 build 438 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: BORGChat 1.0.0 build 438 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://borgchat.10n.ro Software Link: http://borgchat.10n.ro/download.php Version: 1.0.0 build 438 Category: Dos Tested on:...

Library CMS 2.1.1 - Cross-Site Scripting

Library CMS 2.1.1 - Cross-Site Scripting Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Date: 2018-10-15 Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v...

osTicket 1.10.1 - Arbitrary File Upload

osTicket 1.10.1 - Arbitrary File Upload Exploit Title: osTicket 1.10.1 - Arbitrary File Upload Exploit Author: r3j10r Rajwinder Singh Date: 2018-08-08 Vendor Homepage: http://osticket.com/ Software Link: http://osticket.com/download Version: osTicket v1.10.1 CVE-2017-15580 Vulnerability Details:...

PoC

Po...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

apache-struts2-CVE-2017-5638 Demo Application and...

Teach you how to use the exploit to ROOT an Android phone-bug warning-the black bar safety net

As mobile the rapid development of Internet, smart phones, tablet PCs and other intelligent terminal equipment gradually popular, and slowly integrated into our lives. However at the same time the smartphone security issues are also increasingly prominent, the mobile payment vulnerabilities, mobi...

Webutler CMS 3.2 - Cross-Site Request Forgery

Exploit for php platform in category web applications Exploit Title: Webutler CMS Cross-Site Request Forgery Date: 18 April 2016 Exploit Author: Keerati T. Post Vendor Homepage: http://webutler.de/en Software Link: http://webutler.de/download/webutlerv3.2.zip Version: 3.2 Tested on: Linux...

ClamWin 0.99 DLL Hijacking

Hi @ll, the executable installer clamwin-0.99-setup.exe available from loads and executes DWMAPI.dll or UXTheme.dll from its "application directory". For software downloaded with a web browser the application directory is typically the user's "Downloads" directory: see , and for "prior art" about...

Exploit for Code Injection in Microsoft

A checker site for MS15-034https...

某政府信息公开系统存在SQL注入

简要描述： RT 详细说明： 吉大正元信息技术股份有限公司:http://www.jit.com.cn/ 众多政府网站都在使用该系统 我就用5个案例来测试。 注入链接是： /zwdtSjgl/infoDetail.jsp?id= 案例： http://www.ilj.gov.cn/zwdtSjgl/infoDetail.jsp?id=461 http://218.62.81.171/zwdtSjgl/infoDetail.jsp?id=461 http://218.62.100.33:8000/zwdtSjgl/infoDetail.jsp?id=146...

Mobile Carrier Controls Exploitable on a Massive Scale

LAS VEGAS – Device manufacturers and service providers quietly maintain a pervasive level of remote control over the devices they sell to consumers so they can push over-the-air OTA updates for a variety of reasons, but problematically one popular product that enables this type of control is poor...

Researchers Demonstrate Zero-Day Vulnerabilities in Tails Operating System

The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity, actually lie in the I2P software that’s bundled with...

Smart Vsion Script News (newsdetail) SQL Injection Vulnerability

No description provided by source. Exploit Title: Smart Vsion Script News newsdetail SQL Injection Vulnerability Software Link: www.esmart-vision.comhttp://www.esmart-vision.com/ ============================================ | Smart Vision Script News newsdetail SQL Injection Vulnerability...

wu-ftpd 2.6.0 - Remote Format Strings Exploit

No description provided by source. / 12:40 11/10/00: Tool for either attack or defense within an information warfare setting. Rather, it is a small program demonstrating proof of concept. Default values for solaris 2.8 and inetd. If you are not the intended recipient, or a person responsible for...

lftp <= 2.6.9 - Remote Stack based Overflow Exploit

No description provided by source. / lftp remote stack-based overflow exploit by Li0n7 voila fr Vulnerability discovered by Ulf Harnhammar Ulf.Harnhammar.9485 student uu se Lftp versions later than 2.6.10 are prone to a remotly exploitable stack-based overflow in trynetscapeproxy and trysquideplf...

SHOUTcast DNAS 2.2.1 - Persistent Cross-Site Scripting

SHOUTcast DNAS 2.2.1 - Persistent Cross-Site Scripting Exploit Title: SHOUTcast DNAS v2.2.1 win32 XSS\HTML Injection in Song history other version may be also affected Date: 2014-06-11 Exploit Author: robercik101 Vendor Homepage: http://www.shoutcast.com/ ?t=373139 Software...

iDevAffiliate 5.x SQL Injection

Exploit Title: iDevAffiliate = v5.x SQL Injection Vulnerability Google Dork: Use your head Date: 4/21/2014 Vendor Homepage: http://www.idevdirect.com/ Version: = v5.x Author: Robert Cooper robert.cooperatareyousecure.net Tested on: Linux/Windows Vulnerable Parameter: ad= PoC:...

Avaya to Patch one-X IP phone zero-day vulnerability

SAN FRANCISCO — Two zero-day vulnerabilities in Avaya’s latest one-X 9608 IP telephones have been discovered and are expected to be patched on Friday by the provider. Researcher Ang Cui, a Ph.D. candidate at Columbia University and chief scientist at Red Balloon Security, will demonstrate an...

ManageEngine Desktop Central 8.0.0 build 80293 - Arbitrary File Upload

ManageEngine Desktop Central 8.0.0 build 80293 - Arbitrary File Upload , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' ='"=. presents.. DesktopCentral Arbitrary File Upload Vulnerability Affected versions: DesktopCentral...