3100 matches found
Microsoft Edge - JSON.parse Info Leak Vulnerability
Exploit for windows platform in category dos / poc var once = false; var a = 1; function f if!once a = new Array1, 2, 3; this2 = a; once = true; //alert"f " + this; return ; JSON.parse"1, 2, 4, 5", f; var n = new Numbera0; n = n 1; var s = n.toString16; n = new Numbera1; n = n 1; s = s +...
Disk Savvy Enterprise GET buffer overflow
Added: 12/01/2016 Background Disk Savvy Enterprise is a disk space usage analyzer. Problem A buffer overflow in Disk Savvy Enterprise when handling GET requests could allow remote code execution. Resolution Upgrade to a version higher than 9.1.14 when available. References...
Disk Sorter Enterprise 9.1.12 - Buffer Overflow Exploit
Exploit for windows platform in category remote exploits !/usr/bin/python print "Disk Sorter Enterprise 9.1.12 Login Buffer Overflow" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM...
InvoicePlane 1.4.8 Incorrect Access Control
Exploit Title: InvoicePlane v1.4.8 Incorrect Access Control for password reset Date: 12-11-2016 Exploit Author: feedersec Contact: [email protected] Vendor Homepage: https://invoiceplane.com Software Link: https://invoiceplane.com/download/v1.4.8 Version: v1.4.8=20 Tested on: ubuntu 16.04 LTS...
InvoicePlane 1.4.8 - Password Reset
Exploit Title: InvoicePlane v1.4.8 Incorrect Access Control for password = reset Date: 12-11-2016 Exploit Author: feedersec Contact: [email protected] Vendor Homepage: https://invoiceplane.com Software Link: https://invoiceplane.com/download/v1.4.8 Version: v1.4.8=20 Tested on: ubuntu 16.04 LTS...
FireStorm Shopping Cart eCommerce Plugin 2.07.02 - Authenticated SQL Injection
$POST ‘pid’ is not escaped. Url is accessible for administrator user. Url with problem: http://localhost:1406/wp/wp-admin/admin.php?page=fssc-products=general=edit=0=0 http://target/wp-admin/admin.php?page=fssc-products&fp=general&f=edit&cid=0&pid=0+UNION+SELECT+name+FROM+wpterms+WHERE+termid=1...
eFront 3.6.15 Code Execution
TL,DR; A friend reminded me a couple of days ago to publish something, since its been a while last I published a post. so this is going to be a short post about an interesting-ish RCE found in all versions of eFront LMS - unfortunately, since the report have passed 90 days since initial report, I...
Redaxo 5.2.0 - Cross-Site Request Forgery
Redaxo 5.2.0 - Cross-Site Request Forgery Exploit Title : redaxo CMS CSRFAdd Admin Author : Ashiyane Digital Security Team Google Dork : intitle:Login · REDAXO Date : 1/11/2016 Type : webapps Platform : PHP Vendor Homepage : http://www.redaxo.org/ Software link...
SweetRice 1.5.1 - Arbitrary File Download
SweetRice 1.5.1 - Arbitrary File Download /usr/bin/python -- Coding: utf-8 -- Exploit Title: SweetRice 1.5.1 - Local File Inclusion Exploit Author: Ashiyane Digital Security Team Date: 03-11-2016 Vendor: http://www.basic-cms.org/ Software Link:...
FreeFloat FTP Server 1.0 RENAME Buffer Overflow
!/usr/bin/env python -- coding: utf-8 -- Exploit Title: FreeFloat FTP Server RENAME Command Buffer Overflow Exploit Date: 29/10/2016 Exploit Author: Eagleblack Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: 1.00 Tested on: Windows XP Profesional SP3 Spanish versi...
WordPress Userpro Remote File Upload Exploit
This Metasploit module exploits an arbitrary PHP code upload in thewordpress Ifileupload plugin, The vulnerability allows for unauthorization file upload and remote code execution. Exploit Title : Wordpress Userpro Remote File Upload Exploit Author : Ashiyane Digital Security Team Vendor Homepage...
FreePBX 13 - Remote Command Execution Privilege Escalation
FreePBX 13 - Remote Command Execution Privilege Escalation !/usr/bin/env python ''' Title | FreePBX 13 Remote Command Execution and Privilege Escalation Date | 10/21/2016 Author | Christopher Davis Vendor | https://www.freepbx.org/ Version | FreePBX 13 & 14 System Recordings Module versions:...
Ruby on Rails Dynamic Render File Upload Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in the explicit render method when leveraging user parameters. This Metasploit module has been tested across multiple versions of Ruby on Rails. The technique used by this module requires the specified endpoint to be using...
Subrion CMS 4.0.5 Cross Site Request Forgery / Cross Site Scripting
Exploit Title: Subrion CMS 4.0.5 - CSRF Bypass to Persistent XSS and Add-Admin Date: 15-10-2016 Software Link: http://www.subrion.org/download/ Vendor: http://www.subrion.org Google Dork: "Powered by Subrion CMS" Exploit Author: Ahsan Tahir Contact: https://twitter.com/AhsanTahirAT |...
Colorful Blog - Persistent Cross-Site Scripting
Exploit Title : ----------- : Colorful Blog - Stored Cross Site Scripting Author : ----------------- : Besim Google Dork : --------- : - Date : -------------------- : 13/10/2016 Type : -------------------- : webapps Platform : --------------- : PHP Vendor Homepage :-- : - Software link : --------...
Vulnerability alert: JPEG 2 0 0 0 a vulnerability to execute arbitrary code-a vulnerability warning-the black bar safety net
Vulnerability number CVE-2 0 1 6-8 3 3 2 TALOS-2 0 1 6-0 1 9 3 Affected version OpenJpeg openjp2 2.1.1 Vulnerability description Recently, Cisco's Talos security team disclosed a JPEG 2 0 0 0 of a zero-day exploit, the vulnerability can execute arbitrary code. OpenJPEG is an open-source JPEG 2 0 ...
Entrepreneur Job Portal Script 2.06 - SQL Injection
x========================================================================================================================================x | Title : Entrepreneur Job Portal Script SQL Injection | Software : Entrepreneur Job Portal Script | Version : 2.06 | Vendor : http://www.i-netsolution.com/ |...
VX Search Enterprise 9.0.26 Buffer Overflow
!/usr/bin/python print "VX Search Enterprise 9.0.26 Buffer Overflow Exploit" print "Author: Tulpa / tulpaattulpa-securitydotcom" Author website: www.tulpa-security.com Author twitter: @tulpasecurity Exploit will land you NT AUTHORITY\SYSTEM You do not need to be authenticated, password below is...
Witbe - Remote Code Execution
!/usr/bin/python Exploit Title: Witbe RCE Remote Code Execution Exploit Author: BeLmar Date: 05/10/2016 DEMO : https://youtu.be/ooUFXfUfIs0 Contact : [email protected] Vendor Homepage: http://www.witbe.net Tested on: Windows7/10 & BackBox Category: Remote Exploits import urllib import urllib2...
VideoLAN VLC Media Player 2.2.1 - Buffer Overflow
VideoLAN VLC Media Player 2.2.1 - Buffer Overflow Exploit Title: VLC Media Player 2.2.1 Buffer Overflow 2016-09-28 Author: sultan albalawi Software Link: https://www.videolan.org/vlc/releases/2.2.1.html Tested on:win7 video...