Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection

Exploit Title: Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link: https://sourceforge.net/projects/timetableacademic/files/latest/download Version: 7.0a-7.0b Category:...

HaPe PKH 1.1 - Arbitrary File Upload

HaPe PKH 1.1 - Arbitrary File Upload Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Test...

MicroTik RouterOS 6.43rc3 - Remote Root

MicroTik RouterOS 6.43rc3 - Remote Root / Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on:...

Seqrite End Point Security 7.4 Privilege Escalation

Exploit Title : Seqrite End Point Security v7.4 - Weak Folder Permissions Privilege Escalation Date : 09/13/2018 Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : https://www.seqrite.com/ Tested on : Windows 7 Enterprise SP1 x64 Description: ============ Seqrite End Point Security...

Joomla! Questions 1.4.3 SQL Injection

Exploit Title: Joomla! Component Questions 1.4.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://extensiondeveloper.com/ Software Link: https://extensions.joomla.org/extensions/extension/communication/question-a-answers/questions/ Version: 1.4.3 Category: Webapps Tested on:...

Staubli Jacquard Industrial System JC6 Shellshock Vulnerability

Staubli Jacquard Industrial System JC6 suffers from a bash environment variable handling code injection vulnerability. Exploit Title: Staubli Jacquard Industrial System | GNU Bash Environment Variable Handling Code Injection Shellshock Exploit Author: t4rkd3vilz Vendor Homepage:...

Wordpress Survey & Poll 1.5.7.3 Plugin - sss_params SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Wordpress Plugin Survey & Poll 1.5.7.3 - 'sssparams' SQL Injection Exploit Author: Ceylan Bozogullarindan Vendor Homepage: http://modalsurvey.pantherius.com/ Software Link:...

Apache Syncope 2.0.7 - Remote Code Execution

Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory: https://syncope.apache.org/security CVE:...

jiNa OCR Image To Text 1.0 Denial Of Service

Exploit Title: jiNa OCR Image to Text 1.0 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-10 Software Link: http://www.convertimagetotext.net/downloadsoftware.php Tested Version: 1.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it...

Easy File Sharing Web Server 6.9 Buffer Overflow Exploit

Easy File Sharing Web Server version 6.9 POST msg.ghp UserID remote buffer overflow SEH exploit with DEP bypass and ROP. !/usr/bin/python Exploit Title: Easy File Sharing Web Server 6.9 - 'POST' msg.ghp 'UserID' Remote Buffer Overflow SEHDEP Bypass + ROP Google Dork: intitle:"Login - powered by...

RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)

Exploit Title: RICOH MP C4504ex Printer - Cross-Site Request Forgery Add Admin Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...

Switch Port Mapping Tool 2.81.2 Denial Of Service

Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-13 Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download/spm2812.zip...

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH) Exploit

Exploit for windows platform in category local exploits Exploit Title: AgataSoft Auto PingMaster 1.5 - Buffer Overflow SEH Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: AgataSoft Auto PingMaster 1.5 Vendor Homepage: http://agatasoft.com/ Version: 1.5 Software Link :...

FB Inboxer 1.2 SQL Injection

Exploit Title: FB Inboxer 1.2 - 'searchfield' SQL Injection Google Dork: N/A Date: 02.08.2018 Exploit Author: Azkan Mustafa AkkuA AkkuS Vendor Homepage: https://codecanyon.net/item/pageresponse-a-fb-inboxer-addon-facebook-auto-commentprivate-reply-likeshare-for-full-page/21486371 Version: 1.2...

Modx Revolution < 2.6.4 - Remote Code Execution

Exploit Title: Modx Revolution ' if requests.get target + '/connectors/system/phpthumb.php', verify=verify.statuscode != 404: printFore.GREEN + '/connectors/system/phpthumb.php - found' url = target + '/connectors/system/phpthumb.php' payload = 'ctx': 'web', 'cachefilename': '../../payload.php'...

VLC media player 2.2.8 Arbitrary Code Execution PoC(CVE-2018-11529)

Exploit Title: VLC media player 2.2.8 Arbitrary Code Execution PoC Date: 6-6-2018 Exploit Author: Eugene Ng Vendor Homepage: https://www.videolan.org/vlc/index.html Software Link: http://download.videolan.org/pub/videolan/vlc/2.2.8/win64/vlc-2.2.8-win64.exe Version: 2.2.8 Tested on: Windows 10 x6...

Airties AIR5444TT - Cross-Site Scripting

Airties AIR5444TT - Cross-Site Scripting Exploit Title: Airties AIR5444TT - Cross-Site Scripting Date: 2018-07-06 Exploit Author: Raif Berkay Dincel Vendor Homepage: airties.com Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 CVE-ID: CVE-2018-8738 Tested on: MacOS High Sierr...

ManageEngine Exchange Reporter Plus < Build 5311 - Remote Code Execution

Exploit Title: ManageEngine Exchange Reporter Plus = 5310 Unauthenticated RCE Date: 28-06-2018 Software Link: https://www.manageengine.com/products/exchange-reports/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ YouTube:...

AsusWRT #RTAC750GF - Cross-Site Request Forgery (Change Admin Password) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: AsusWRT RT-AC750GF - Cross-Site Request Forgery Change Admin Password Exploit Author: Wadeek Vendor Homepage: https://www.asus.com/ Firmware Link:...

GreenCMS 2.3.0603 Information Disclosure

Exploit Title: GreenCMS 2.3.0603 - remote obtain sensitive information Date: 2018-06-21 Exploit Author: vrsystem Vendor Homepage: https://github.com/GreenCMS/GreenCMS/ Software Link: https://github.com/GreenCMS/GreenCMS/ Version: GreenCMS 2.3.0603 Tested on: windows 7 CVE : CVE-2018-12604...