47904 matches found
Sentrifugo 3.2 - Persistent Cross-Site Scripting
Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
Exploit Title: WordPress Plugin WooCommerce Product Feed = 2.2.18 - Cross-Site Scripting Date: 30 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/ Version: = 2.2.18 Tested on: Ubuntu 18.04.1 CV...
Sentrifugo 3.2 - File Upload Restriction Bypass
Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabilities were found in...
Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service
!/usr/bin/python SWAMI KARUPASAMI THUNAI print""" Exploit Title: Easy MP3 Downloader Denial of Service Date: 2019-08-29 Exploit Author: Mohan Ravichandran & Snazzy Sanoj Organization : StrongBox IT Vulnerable Software: Easy MP3 Downloader Version: 4.7.8.8 Software Link:...
Asus Precision TouchPad 11.0.0.25 - Denial of Service
!/usr/bin/python Exploit Title: Asus Precision TouchPad 11.0.0.25 - DoS/Privesc Date: 29-08-2019 Exploit Author: Athanasios Tserpelis of Telspace Systems Vendor Homepage: https://www.asus.com Version: 11.0.0.25 Software Link : https://www.asus.com Contact: [email protected] Twitter:...
SQL Server Password Changer 1.90 - Denial of Service
Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Date: 29.08.2019 Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested on: Windows 8 x64 Windows 7 x64 1.- Run python code...
Canon PRINT 2.5.5 - Information Disclosure
Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...
VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service
Exploit Title: VX Search Enterprise v10.4.16 DoS Google Dork: N/A Date: 17.01.2018 Exploit Author: James Chamberlain chumb0 Vendor Homepage: http://www.vxsearch.com/downloads.html Software Link: http://www.vxsearch.com/setups/vxsearchentsetupv10.4.16.exe Version: v10.4.16 Tested on: Windows 7 Hom...
YouPHPTube 7.4 - Remote Code Execution
Exploit Title: YouPHPTube &webSiteTitle=Zerodays.lol&databaseHost=&databaseName=&databasePass=&databasePort=&databaseUser="...
Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform
https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...
PilusCart 1.4.1 - Local File Disclosure
Exploit Title: PilusCart = 1.4.1 - Local File Disclosure Date: 29 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://sourceforge.net/projects/pilus/ Version: = 1.4.1 Tested on: Ubuntu 18.04.1 The e-commerce software 'PilusCart' is not validating the...
Jobberbase 2.0 - 'subscribe' SQL Injection
!/bin/bash Exploit Title: Jobberbase 2.0 - 'subscribe' SQL injection Date: 29 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: http://www.jobberbase.com/ Version: 2.0 Tested on: Ubuntu 18.04.1 : ' The page "/subscribe/" is vulnerable for SQL injection. Simply mak...
Outlook Password Recovery 2.10 - Denial of Service
Exploit Title: Outlook Password Recovery v2.10 Denial of Service Exploit Date: 16.08.2019 Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/outlook-password-recovery.html Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested...
SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection
!-- Exploit Title: Blind SQL injection in SQLiteManager 1.2.0 and 1.2.4 Date: 17-02-2019 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.sqlitemanager.org/ Software Link: http://www.sqlitemanager.org/ Version: SQLiteManager 1.2.0 and 1.2.4 Tested on: All CVE : CVE-2019-9083 Category:...
Jobberbase 2.0 CMS - 'jobs-in' SQL Injection
Exploit Title: Jobberbase 2.0 CMS - 'jobs-in' SQL Injection Google Dork: N/A Date: 28, August 2019 Exploit Author: Suvadip Kar Vendor Homepage: http://jobberbase.com/ Software Link: https://github.com/filipcte/jobberbase/zipball/master Version: 2.0 Tested on: Linux CVE : N/A...
Tableau - XML External Entity
Exploit Title: Tableau XXE Google Dork: N/A Date: Reported to vendor July 2019, fix released August 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.tableau.com/ Software Link: Tableau Desktop downloads: https://www.tableau.com/products/desktop/download Version/Products: See Tableau...
WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting
Exploit Title: UserPro https://github.com/cosenary/Instagram-PHP-API/blob/master/example/success.phpL36 Proof-of-Concept: https://domain.tld/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&errordescription=...
WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection
Exploit Title: Wordpress Plugin Import Export WordPress Users = 1.3.1 - CSV Injection Exploit Author: Javier Olmedo Contact: @jjavierolmedo Website: https://sidertia.com Date: 2018-08-22 Google Dork: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce" Vendor: WebToffee...
LSoft ListServ < 16.5-2018a - Cross-Site Scripting
Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501...
Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Exim 4.87 - 4.91 Local Privilege Escalation', 'Description' = %q This module exploits a flaw in Exim versions 4.87 to 4.91...
openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery
Exploit Title: openITCOCKPIT 3.6.1-2 - CSRF 2 RCE Google Dork: N/A Date: 26-08-2019 Exploit Author: Julian Rittweger Vendor Homepage: https://openitcockpit.io/ Software Link: https://github.com/it-novum/openITCOCKPIT/releases/tag/openITCOCKPIT-3.6.1-2 Fixed in: 3.7.1 |...
Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass
Windows: SETREPARSEPOINTEX Mount Point Security Feature Bypass Platform: Windows 10 1903, 1809 not tested earlier Class: Security Feature Bypass Summary: The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn’t support allowing a sandboxed...
Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal
Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal Exploit Author: MAYASEVEN Source at "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/" Published on 08/04/2019 Vendor Homepage at "https://wmspanel.com/nimble" Affected Version 3.0.2-2 to 3.5.4-9...
Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation
?php / A vulnerability exists in Nagios XI = 5.6.5 allowing an attacker to leverage an RCE to escalate privileges to root. The exploit requires access to the server as the 'nagios' user, or CCM access via the web interface with perissions to manage plugins. The getprofile.sh script, invoked by...
Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities
Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data Discovered by Pedro Ribeiro [email protected] from Agile Information Security...
Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)
Exploit Title: File disclosure in Pulse Secure SSL VPN metasploit Google Dork: inurl:/dana-na/ filetype:cgi Date: 8/20/2019 Exploit Author: 0xDezzy Justin Wagner, Alyssa Herrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before...
LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Python Code Execution', 'Description' = %q LibreOffice comes bundled with sample macros written in Python and allows the abilit...
QEMU - Denial of Service
include include include include include include include include include include include include include include include include include define diex do \ perrorx; \ exitEXITFAILURE; \ while0; // Constans define SRCADDR "10.0.2.15" define DSTADDR "10.0.2.2" define INTERFACE "ens3" define ETHHDRLEN ...
WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery
Exploit Title: CSRF vulnerabilities in WP Add Mime Types Plugin...
YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection
Exploit Title: YouPHPTube 7.3 SQL Injection Google Dork: / Date: 19.08.2019 Exploit Author: Fabian Mosch, r-tec IT Security GmbH Vendor Homepage: https://www.youphptube.com/ Software Link: https://github.com/YouPHPTube/YouPHPTube Version: 7.3 Tested on: Linux/Windows CVE : CVE-2019-14430 The...
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure
Exploit Title: Fortinet FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...
RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service
Exploit Title: RAR Password Recovery v1.80 Denial of Service Exploit Date: 16.08.2019 Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/download/RARPRSetup.exe Exploit Author: Achilles Tested Version: v1.80 Tested on: Windows 7 x64 Windows XP SP3 1.- Run...
Webmin 1.920 - Remote Code Execution
!/bin/sh CVE-2019-15107 Webmin Unauhenticated Remote Command Execution based on Metasploit module https://www.exploit-db.com/exploits/47230 Original advisory: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html Alternative advisory spanish:...
Neo Billing 3.5 - Persistent Cross-Site Scripting
Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Date: 18.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-79 CVE: CVE-2020-23518 Description Neo Billing os a...
Kimai 2 - Persistent Cross-Site Scripting
Exploit Title: Kimai 2- persistent cross-site scripting XSS Date: 07/15/2019 Exploit Author: osamaalaa Vendor Homepage: link Software Link: https://github.com/kevinpapst/kimai2 Fixed on Github : https://github.com/kevinpapst/kimai2/pull/962 Version: 2 1-Normal user will try to add timesheet from...
Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)
Exploit Title: Fortinet FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...
EyesOfNetwork 5.1 - Authenticated Remote Command Execution
Exploit Title: EyesOfNetwork 5.1 - Authenticated Remote Command Execution Google Dork: N/A Date: 2019-08-14 Exploit Author: Nassim Asrir Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: https://www.eyesofnetwork.com/?pageid=48&lang=fr Version: 5.1 "; while$read = fread$handle,100 ec...
Integria IMS 5.0.86 - Arbitrary File Upload
Exploit Title: Integria IMS 5.0.86 - Arbitrary File Upload Date: 2019-08-16 Exploit Author: Greg.Priest Vendor Homepage: https://integriaims.com/ Software Link: https://sourceforge.net/projects/integria/files/5.0.86/ Version: Integria IMS 5.0.86 Tested on: Windows CVE : N/A...
GetGo Download Manager 6.2.2.3300 - Denial of Service
Exploit Title : GetGo Download Manager 6.2.2.3300 - Denial of Service Date: 2019-08-15 Author - Malav Vyas Vulnerable Software: GetGo Download Manager 6.2.2.3300 Vendor Home Page: www.getgosoft.com Software Link: http://www.getgosoft.com/getgodm/ Tested On: Windows 7 64Bit, Windows 10 64Bit Attac...
Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion
Exploit Title: Joomla! component comjsjobs 1.2.6 - Arbitrary File Deletion Dork: inurl:"index.php?option=comjsjobs" Date: 2019-08-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/5/download/1 Version: 1.2.6 Tested on: Debian/nginx/joomla...
Web Wiz Forums 12.01 - 'PF' SQL Injection
Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection Date: 2019-09-16 Exploit Author: n1x MS-WEB Vendor Homepage: https://www.webwiz.net/web-wiz-forums/forum-downloads.htm Version: 12.01 Tested on Windows Vulnerable parameter: PF memberprofile.asp GET Request GET /memberprofile.asp?PF=10'...
Adobe Acrobat Reader DC for Windows - free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 4970.179c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...
Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 2728.1fa8: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow While Processing Malformed PDF
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 36ec.3210: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Adobe Acrobat Reader DC for Windows - Heap-Based Out-of-Bounds read due to Malformed JP2 Stream
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 180c.327c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...
Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...
Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList
-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...