CloudMe Sync 1.10.9 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Exploit Author: Manoj Ahuje Linkedin: https://www.linkedin.com/in/manojahuje/ Vendor Homepage: https://www.cloudme.com/ Software Link:...

Wedding Slideshow Studio 1.36 Buffer Overflow

Exploit Title: Socumsoft Wedding Slideshow Studio 1.36 Date: 02.08.2018 Exploit Author: Achilles Vendor Homepage: http://www.socusoft.com Vulnerable Software: http://www.socusoft.com/down/wedding-slideshow-studio.exe Tested on OS: Windows 7 64-bit DE Steps to reproduce: Copy the contents of the...

Seq 4.2.476 - Authentication Bypass

Seq 4.2.476 - Authentication Bypass Exploit Title: Seq 4.2.476 - Authentication Bypass Date: 2018-08-02 Exploit Author: Daniel Chactoura Vendor Homepage: https://getseq.net/ Software Link: https://getseq.net/Download/All Version: = 4.2.476 CVE : CVE-2018-8096 Post Reference:...

WordPress LimoLabs 1.0.0 Remote Password Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin LimoLabs-iCabbi Remote Password Disclosure Google Dork: inurl:"plugins/limolabs-icabbi" Exploit Author: Gabriel Lipski gabriel.lipskiATprotonmail.com Vendor Homepage: https://www.icabbi.com Tested on: Ubuntu...

Smart SMS & Email Manager 3.3 - contact_type_id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Smart SMS & Email Manager v3.3 - SQL Injection Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/smart-sms-email-manager-ssem/14817919 Version: 3.3 Tested on: Kali linux...

Modx Revolution < 2.6.4 - Remote Code Execution

Exploit Title: Modx Revolution ' if requests.get target + '/connectors/system/phpthumb.php', verify=verify.statuscode != 404: printFore.GREEN + '/connectors/system/phpthumb.php - found' url = target + '/connectors/system/phpthumb.php' payload = 'ctx': 'web', 'cachefilename': '../../payload.php'...

VLC media player 2.2.8 Arbitrary Code Execution PoC(CVE-2018-11529)

Exploit Title: VLC media player 2.2.8 Arbitrary Code Execution PoC Date: 6-6-2018 Exploit Author: Eugene Ng Vendor Homepage: https://www.videolan.org/vlc/index.html Software Link: http://download.videolan.org/pub/videolan/vlc/2.2.8/win64/vlc-2.2.8-win64.exe Version: 2.2.8 Tested on: Windows 10 x6...

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

Exploit Title: ManageEngine Exchange Reporter Plus = 5310 Unauthenticated RCE Date: 28-06-2018 Software Link: https://www.manageengine.com/products/exchange-reports/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ YouTube:...

DIGISOL DG-BR4000NG - Buffer Overflow Vulnerability

Exploit for hardware platform in category web applications Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow PoC Vendor Homepage† http://www.digisol.com Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK Version: DIGISOL DG-BR4000NG Wireless Router...

Travel Agency 1.1 - cid SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Travel Agency 1.1 - 'cid' SQL Injection Exploit Author: Ashkan Moghaddas Vulnerable Page: /add.city.php Vulnerable Source: Line20:ifisset$GET'action' && $GET'action' == 'del' Line21:$delete = mysqlquery"DELETE FROM destination...

LFCMS 3.7.0 - Cross-Site Request Forgery (Add User) Vulnerability

Exploit for php platform in category web applications Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: users can be added arbitrarily. Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203740.html Software Link: http://www.lfdycms.com/home/down/index/id/26.html...

Joomla Ek rishta 2.10 Component - SQL Injection Vulnerability

Exploit for php platform in category web applications Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download:...

Schools Alert Management Script - Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit...

Event Manager Admin panel - events_new.php SQL injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...

Gnome Web (Epiphany) < 3.28.2.1 - Denial of Service

Title: Gnome Web/Epiphany Browser libephymain.so in GNOME WEB/Epiphany PoC: b1tch3z = window.open"https://www.google.com", "bl1ngbl1ng", "width=250,height=250"; b1tch3z.document.write"ua b1tch3z"; // https://github.com/undergroundagency // https://github.com/ldpreload Video PoC:...

10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Scanner 3.0 - Local Buffer Overflow SEH Exploit Author: Hashim Jawad - ihack4falafel Date: 2018-06-05 Vendor Homepage: https://www.10-strike.com/ Vulnerable Software: https://www.10-strike.com/network-scanner/network-scanner.exe Tested on: Windows XP Professional ...

10-Strike Network Inventory Explorer Standard 8.54 Registration Key Overflow

!/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : 10-Strike Network Inventory Explorer Standard v8.54 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage :...

10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow (SEH)

Exploit Title: 10-Strike Network Inventory Explorer 8.54 - 'Registration Key' Buffer Overflow SEH Exploit Author: Hashim Jawad - ihack4falafelx Date: 2018-06-05 Vendor Homepage: https://www.10-strike.com/ Vulnerable Software:...

SearchBlox 8.6.7 - XML External Entity Injection Vulnerability

Exploit for java platform in category web applications Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE:...

Zip-n-Go 4.9 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits !/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : Zip-n-Go v4.9 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - @ihack4falafel Vendor...