R 3.4.4 Local Buffer Overflow

!/usr/bin/python Exploit Author: bzyo CVE: CVE-2018-9060 Twitter: @bzyo Exploit Title: R 3.4.4 - Local Buffer Overflow Date: 03-27-2018 Vulnerable Software: R 3.4.4 Vendor Homepage: https://www.r-project.org/ Version: 3.4.4 Software Link: https://cloud.r-project.org/bin/windows/ Tested On: Window...

Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure

Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure -- coding: utf-8 -- Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump Vendor Notification: 03-03-2018 - No response Initial CVE: 04-04-2018 Disclosure: 21-04-2018 Exploit Author: Berk Cem Göksel Contact: twitter.com/berkcgoks...

Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure Exploit

Exploit for php platform in category web applications -- coding: utf-8 -- Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump Vendor Notification: 03-03-2018 - No response Initial CVE: 04-04-2018 Disclosure: 21-04-2018 Exploit Author: Berk Cem Göksel Contact: twitter.com/berkcgoksel ||...

Match Clone Script 1.0.4 - Cross-Site Scripting

Match Clone Script 1.0.4 - Cross-Site Scripting Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Date: 23.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho...

SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH)

SysGauge Pro 4.6.12 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title : SysGauge Pro v4.6.12 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software :...

LineageOS 14.1 Blueborne - Remote Code Execution Vulnerability

Exploit for Android platform in category remote exploits Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and testing...

WordPress WP Security Audit Log 3.1.1 Information Disclosure

Exploit Title: WP Security Audit Log Plugin, Sensitive Information Disclosure CheckDirectory $useruploadpath wpmkdirp $useruploadpath ;...

MiniCMS 1.10 - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications test document.forms0.submit; 0day.today 2018-04-08...

Crashmail 1.6 - Stack-Based Buffer Overflow (ROP)

Crashmail 1.6 - Stack-Based Buffer Overflow ROP Exploit author: Juan Sacco Website: http://exploitpack.com Description: Crashmail is prone to a stack-based buffer overflow because the application fails to perform adequate boundary checks on user supplied input. Impact: An attacker could exploit...

XenForo 2 CSS Loader Denial Of Service

Exploit Title: XenForo CSS Loader DoS Google Dork: intext:"Forum software by XenForoaC/" inurl:css.php ext:php Date: 22-03-18 Exploit Author: LockedByte Vendor Homepage: https://xenforo.com/ Software Link: https://xenforo.com/help/installation/ Version: XenForo 2 Tested on: Linux...

Vehicle Sales Management System - Multiple Vulnerabilities

Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link: https://sourceforge.net/projects/vsms-php/?source=typredirect Version: 07/2017 possible v1.2 Tested on:...

Intelbras Telefone IP TIP200 LITE - Local File Disclosure Vulnerability

Exploit for hardware platform in category web applications Exploit Title: INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include Exploit Author: Matheus Goncalves - anhax0r Vendor Homepage: https://www.facebook.com/anhaxteam/ Software Link: Version: 60.0.75.29 REQUIRED Tested on: Debian CVE : i...

Vehicle Sales Management System XSS / Shell Upload / SQL Injection

Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link: https://sourceforge.net/projects/vsms-php/?source=typredirect Version: 07/2017 possible v1.2 Tested on:...

Spring Data REST 2.6.9 (Ingalls SR9) 3.0.1 (Kay SR1) - PATCH Request Remote Code Execution

Spring Data REST 2.6.9 Ingalls SR9 3.0.1 Kay SR1 - PATCH Request Remote Code Execution // Exploit Title: RCE in PATCH requests in Spring Data REST // Date: 2018-03-10 // Exploit Author: Antonio Francesco Sardella // Vendor Homepage: https://pivotal.io/ // Software Link:...

Dup Scout Enterprise 10.5.12 - 'Share Username' Local Buffer Overflow

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Dup Scout Enterprise 10.5.12 - Local Buffer Overflow Date: 02-22-2018 Vulnerable Software: Dup Scout Enterprise v10.5.12 Vendor Homepage: http://www.dupscout.com Version: 10.5.12 Software Link:...

GetGo Download Manager 5.3.0.2712 Buffer Overflow

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: GetGo Download Manager 5.3.0.2712 - Remote Buffer Overflow SEH Date: 02-24-2018 Vulnerable Software: GetGo Download Manager 5.3.0.2712 Vendor Homepage: http://www.getgosoft.com/ Version: 5.3.0.2712 Software Link:...

GetGo Download Manager 5.3.0.2712 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: GetGo Download Manager 5.3.0.2712 - Remote Buffer Overflow SEH Date: 02-24-2018 Vulnerable Software: GetGo Download Manager 5.3.0.2712 Vendor Homepage:...

CMS Made Simple 2.1.6 Remote Code Execution Vulnerability

Exploit for php platform in category web applications Exploit Title: CMS Made Simple 2.1.6 - Remote Code Execution Date: 2018-02-26 Exploit Author: Keerati T. Vendor Homepage: http://www.cmsmadesimple.org/ Software Link: http://s3.amazonaws.com/cmsms/downloads/13570/cmsms-2.1.6-install.zip Versio...

Joomla! Component CheckList 1.1.1 - SQL Injection

Joomla! Component CheckList 1.1.1 - SQL Injection Exploit Title: Joomla! Component CheckList 1.1.1 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.joomplace.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/personal-life/checklist/ Version: 1.1....

EChat Server 3.1 - 'CHAT.ghp' Buffer Overflow

Exploit Author: Juan Sacco Vulnerability found using Exploit Pack v10 - http://exploitpack.com Impact: An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in adenial-of-service condition. Program description...