DeviceViewer 3.12.0.1 - 'creating user' Denial of Service

!/usr/bin/python Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow Date: 9/23/2019 Exploit Author: x00pwn Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on: Windows 7 Steps to reproduce: ...

FusionPBX 4.4.3 - Remote Command Execution

FusionPBX 4.4.3 - Remote Command Execution Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 C...

FusionPBX 4.4.3 Remote Command Execution

Exploit Title: FusionPBX = 4.4.3 Command Injection RCE via XSS Date: 06-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://www.fusionpbx.com Software Link: https://https://github.com/fusionpbx/fusionpbx Version: = 4.4.3 Tested on: Debian 8.11 CVE : CVE-2019-11408 XSS AND CVE-2019-11409...

PHPads 2.0 - 'click.php3?bannerID' SQL Injection

Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo : https://github.com/blondishnet/PHPads/blob/master/readme.txt + Contact:...

BORGChat 1.0.0 build 438 - Denial of Service Exploit

Exploit for windows platform in category dos / poc Exploit Title: BORGChat 1.0.0 build 438 - Denial of Service PoC Exploit Author: Ihsan Sencan Vendor Homepage: http://borgchat.10n.ro Software Link: http://borgchat.10n.ro/download.php Version: 1.0.0 build 438 Category: Dos Tested on:...

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal

Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal Date: 2018-08-29 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.cybrotech.com/ Software Link: http://www.cybrotech.com/wp-content/uploads/2016/11/CyBroHttpServer-v1.0.3.zip Version: v1.0.3 Tested on: Windows CVE:...

Read: Apache Struts Patches ‘Critical Vulnerability’ CVE-2018-11776

On August 22, Apache Struts released a security patch fixing a critical remote code execution vulnerability. This vulnerability has been assigned CVE-2018-11776 S2-057 and affects Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16. The vulnerability was responsibly disclosed by Man Yue Mo fro...

Cisco node-jos < 0.11.0 - Re-sign Tokens Exploit

Exploit for multiple platform in category web applications import base64 import urllib import rsa import sys zi0Black ''' POC of CVE-2018-0114 Cisco node-jose 0.11.0 Created by Andrea Cappa aka @zi0Black GitHub,Twitter,Telegram Mail: email protected Site: https://zioblack.xyz A special thanks to...

Using the CTS for vulnerability detection and principles of analysis-vulnerability warning-the black bar safety net

360 Vulpecker team Membership 360 Information Security Department, committed to the Android application and the system-layer vulnerability discovery as well as other Android security research. We passed on the CTS frame of the research, the preparation of a vulnerability detection aspect of the...

Subsonic 6.1.1 - Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities

Exploit for windows platform in category web applications + Credits: John Page a.k.a hyp3rlinx Vendor: ================ www.subsonic.org Product: =============== subsonic v6.1.1 Subsonic is a media streaming server. You install it on your own computer where you keep your music or video collection...

EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)

EasyCom For PHP 4.0.0 - Buffer Overflow PoC + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================ easycom-aura.com Product:...

How to use Rowhammer vulnerability Root Android phone with Video demo+Exploit source code-the vulnerabilities and early warning-the black bar safety net

! Recently, security research experts through research found a root the Android phone to the new method, i.e., by Rowhammer vulnerability to root Android phone. In addition, the attacker can even use this exploit with presently known Android vulnerabilities Bandroid and Stagefright to the target...

Joomla com_ebcontent SQL Injection Vulnerability

Exploit for php platform in category web applications Joomla comebcontent SQL Injection Vulnerability Test on: kali linux Hompage: dont have Version: all version Dork: inurl:option=comebcontent Vuln: http://site.com/index.php?option=comebcontent&view=article&tmpl=component&id=sql...

TOTOLINK Routers - Backdoor Remote Code Execution

TOTOLINK Routers - Backdoor Remote Code Execution Exploit Title: TOTOLINK backdoor and RCE exploit POC Google Dork: N/A Date: Thu Aug 13 07:33:29 MDT 2015 Exploit Author: MadMouse Vendor Homepage: http://www.totolink.net/ Software Link:...

w3tw0rk Pitbull Perl IRC Bot - Remote Code Execution

w3tw0rk Pitbull Perl IRC Bot - Remote Code Execution thehunter.py Exploit Title: Pitbull / w3tw0rk Perl IRC Bot Remote Code Execution Author: Jay Turla @shipcod3 Description: pitbull-w3tw0rkhunter is POC exploit for Pitbull or w3tw0rk IRC Bot that takes over the owner of a bot which then allows...

TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution

Exploit for hardware platform in category web applications Vulnerability description: The domain name parameters of the "Parental Control" and "Access Control" features of the TP-Link TL-WR740N v4 FW-Ver. 3.16.6 Build 130529 Rel.47286n router are prone to arbitrary shell command execution as root...

MDaemon Mailer Daemon 11.0.1 - Remote File Disclosure

No description provided by source. MDaemon Mailer Daemon Version 11.0.1 LATEST Remote File Disclosure Bug Found & Exploited by Kingcope May 2010 The latest version at the time of this advisory is vulnerble to the attack. It seems all files which the SYSTEM account can read can be accessed remotel...

net2ftp <= 0.97 Cross-Site Scripting/Request Forgery Vulnerabilities

No description provided by source. =cicatriz [email protected]==advisories= / / / / // / / // / o / / .-/ =net2ftp = 0.97 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: net2ftp = 0.97 Cross-Site Scripting/Request Forgery Advisory ID:...

Collabtive SQL Injection Vulnerability

No description provided by source. ANATOLIA SECURITY ADVISORY --------------------------- ADVISORY INFO + Title: Collabtive SQL Injection Vulnerability + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-004.txt + Advisory ID: 2010-004 + Version: 0.65 + Date: 12/10/2010 + Impact:...

Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow

Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow Application:Notepad++ Version:6.5.2 UNICODE Get the application from: http://notepad-plus-plus.org/download/v6.5.2.html Plugin:CCompletion Version: Version 1.19 Unicode Get the plugin from:...