47904 matches found
RarmaRadio 2.72.3 - 'Server' Denial of Service (PoC)
Exploit Title: RarmaRadio 2.72.3 - 'Server' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-21 Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.3 Tested on: Windows 7 Service Pack 1 x64...
Carel pCOWeb < B1.2.1 - Credentials Disclosure
Exploit Title: Carel pCOWeb - Unprotected Storage of Credentials Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.carel.com/ Version: Carel pCOWeb all versions prior to B1.2.1 Tested on: It is a proprietary devices: http://www.carel.com/product/pcoweb-card 1. Description:...
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting
Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting Date: 2019-05-21 Exploit Author: Enter of VinCSS Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho ManageEngine ServiceDesk Plus 9.3 CVE : CVE-2019-12189 An issue was discovered in...
AUO Solar Data Recorder < 1.3.0 - 'addr' Cross-Site Scripting
Exploit Title: AUO Solar Data Recorder - Stored XSS Date: 2019-04-16 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO Solar Data Recorder all versions prior to v1.3.0 Tested on: It is a proprietary devices:...
RarmaRadio 2.72.3 - 'Username' Denial of Service (PoC)
Exploit Title: RarmaRadio 2.72.3 - 'Username' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-21 Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.3 Tested on: Windows 7 Service Pack 1 x64...
Zoho ManageEngine ServiceDesk Plus < 10.5 - Improper Access Restrictions
Exploit Title: Zoho ManageEngine ServiceDesk Plus 10.5 Incorrect Access Control Date: 2019-05-21 Exploit Author: Enter of VinCSS Vingroup Vendor Homepage: https://www.manageengine.com/products/service-desk Version: Zoho ManageEngine ServiceDesk Plus 10.5 CVE : CVE-2019-12252 In Zoho ManageEngine...
BlueStacks 4.80.0.1060 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: BlueStacks 4.80.0.1060 - Denial of Service PoC Date: 21/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.bluestacks.com Software: https://www.bluestacks.com/download.html?utmcampaign=bluestacks-4-en Version: 4.80.0.1060 Tested on: Windows 10 Proof ...
Horde Webmail 5.2.22 - Multiple Vulnerabilities
Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...
TapinRadio 2.11.6 - 'Address' Denial of Service (PoC)
Exploit Title: TapinRadio 2.11.6 - 'Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-21 Vendor Homepage: http://www.raimersoft.com/ Software Link: www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.11.6 Tested on: Windows 7 Service Pack 1 x6...
Microsoft Windows 7/2003/2008 RDP - Remote Code Execution
RDP Blue POC by k8gege Local: Win7 python Target: Win2003 & Win2008 open 3389 import socket import sys import os import platform buf="" buf+="\x03\x00\x00\x13" TPKT, Version 3, lenght 19 buf+="\x0e\xe0\x00\x00\x00\x00\x00\x01\x00\x08\x00\x00\x00\x00\x00" ITU-T Rec X.224 buf+="\x03\x00\x01\xd6"...
Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution
/ Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Network Advisor 14.X.X versions. Other may also be affected. Tested on EMC...
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
While fuzzing JavaScriptCore, I encountered the following modified and commented JavaScript program which crashes jsc from current HEAD and release: // Run with --useConcurrentJIT=false // Fill the stack with the return value of the provided function. function stacksprayf // This function will...
WordPress Plugin WPGraphQL 0.2.3 - Multiple Vulnerabilities
!/usr/bin/env python Author: Simone Quatrini of Pen Test Partners CVEs: 2019-9879, 2019-9880, 2019-9881 Tested on Wordpress 5.1.1 and wp-graphql 0.2.3 https://www.pentestpartners.com/security-blog/pwning-wordpress-graphql/ import argparse import requests import base64 import json import sys parse...
Deluge 1.3.15 - 'URL' Denial of Service (PoC)
Exploit Title: Deluge 1.3.15 - 'URL' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-20 Vendor Homepage: https://dev.deluge-torrent.org/ Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe Tested Version: 1.3.15 Tested on: Windows 7...
Oracle CTI Web Service - 'EBS_ASSET_HISTORY_OPERATIONS' XML Entity Injection
Exploit Title: Oracle CTI Web Service XML Entity Exp. Exploit Author: omurugur Author Web: https://www.justsecnow.com Author Social: @omurugurrr URL : http://server/EBSASSETHISTORYOPERATIONS As can be seen in the following request / response example, the xml entity expansion attack can be...
Apple macOS < 10.14.5 / iOS < 12.3 DFG JIT Compiler - 'HasIndexedProperty' Use-After-Free
See also https://bugs.chromium.org/p/project-zero/issues/detail?id=1699 for a similar issue. The DFG JIT compiler attempts to determine whether a DFG IR operation could cause garbage collection GC during its execution 1. With this, it is then possible for the compiler to determine whether there...
TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting
Exploit Title: TL-WR840N v5 00000005 Date: 5/10/2019 Exploit Author: purnendu ghosh Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Category: Hardware Firmware Version:0.9.1 3.16 v0001.0 Build 171211 Rel.5880...
Moodle Jmol Filter 6.1 - Directory Traversal / Cross-Site Scripting
Exploit Title: Moodle filterjmol multiple vulnerabilities Directory Traversal and XSS Date: 20 May 2019 Exploit Author: Dionach Ltd Exploit Author Homepage: https://www.dionach.com/blog/moodle-jmol-plugin-multiple-vulnerabilities Software Link: https://moodle.org/plugins/filterjmol Version: =6.1...
Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC)
Exploit Title: Deluge 1.3.15 - 'Webseeds' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-20 Vendor Homepage: https://dev.deluge-torrent.org/ Software Link: http://download.deluge-torrent.org/windows/deluge-1.3.15-win32-py2.7.exe Tested Version: 1.3.15 Tested on:...
Apple macOS < 10.14.5 / iOS < 12.3 XNU - Wild-read due to bad cast in stf_ioctl
/ Reproduction Tested on macOS 10.14.3: $ clang -o stfwildread stfwildread.cc $ ./stfwildread Explanation SIOCSIFADDR is an ioctl that sets the address of an interface. The stf interface ioctls are handled by the stfioctl function. The crash occurs in the following case where a struct ifreq is re...
Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register
While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc from current HEAD git commit 3c46422e45fef2de6ff13b66cd45705d63859555 in debug and release builds ./Tools/Scripts/build-jsc --jsc-only --debug or --release: // Run with --useConcurrentJIT=false...
Apple macOS < 10.14.5 / iOS < 12.3 XNU - 'in6_pcbdetach' Stale Pointer Use-After-Free
Reproduction Repros on 10.14.3 when run as root. It may need multiple tries to trigger. $ clang -o in6selectsrc in6selectsrc.cc $ while 1; do sudo ./in6selectsrc; done res0: 3 res1: 0 res1.5: -1 // failure expected here res2: 0 done ... crash Explanation The following snippet is taken from...
PCL Converter 2.7 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: VeryPDF PCL Converter v2.7 - Denial of Service PoC Date: 19/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://www.verypdf.com/pcltools/pcl-converter.exe Version: 2.7 Tested on: Windows 10 Proof of Concept: 1.- Run the...
Encrypt PDF 2.3 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: Encrypt PDF v2.3 - Denial of Service PoC Date: 19/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://www.verypdf.com/encryptpdf/encryptpdf.exe Version: 2.3 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...
docPrint Pro 8.0 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: Document Converter docPrint Pro v8.0 - Denial of Service PoC Date: 19/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Tested on: Windows 10 Proof of Concept: 1.- Run the...
BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service (PoC)
Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Teste...
BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service (PoC)
Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested...
AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC)
Exploit Title: AbsoluteTelnet 10.16 - 'License name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-19 Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet10.16.exe Tested Version: 10.16 Tested on:...
Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow
Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient Enhanced...
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)
/ raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...
Huawei eSpace Meeting 1.1.11.103 - 'cenwpoll.dll' SEH Buffer Overflow (Unicode)
!/usr/bin/env python -- coding: utf-8 -- Huawei eSpace Meeting cenwpoll.dll Unicode Stack Buffer Overflow with SEH Overwrite Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected application: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpac...
GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "GetSimpleCMS Unauthenticated RCE", 'Description' = %q This module exploits a vulnerability found in GetSimpleCMS, which allows unauthenticated...
Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)
/ raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...
Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (1)
/ raptordtprintnameintel.c - dtprintinfo 0day, Solaris/Intel Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...
Huawei eSpace 1.1.11.103 - 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow
Huawei eSpace Meeting ContactsCtrl.dll and eSpaceStatusCtrl.dll ActiveX Heap Overflow Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC eSpace UC V200R002C02 Summary: Create...
Huawei eSpace 1.1.11.103 - DLL Hijacking
/ Huawei eSpace Desktop DLL Hijacking Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient Enhanced Communications EC services for...
eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution
Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version : 1.8.5 Software Link : https://github.com/elabftw/elabftw Tested On : Linux / PH...
Iperius Backup 6.1.0 - Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link: https://www.iperiusbackup.com/download.aspx Tested on: Windows 10 x...
CEWE Photo Importer 6.4.3 - '.jpg' Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: CEWE PHOTO IMPORTER 6.4.3 - Denial of Service PoC Date: 16/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software: https://cewe-photoworld.com/creator-software/windows-download Version: 6.4.3 Tested on: Windows 10 Proof of...
CEWE Photoshow 6.4.3 - 'Password' Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: CEWE PHOTO SHOW 6.4.3 - Denial of Service PoC Date: 16/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software: https://cewe-photoworld.com/creator-software/windows-download Version: 6.4.3 Tested on: Windows 10 Proof of Concept:...
Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution
Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6.20 $widget foreach $widget as $widgetKey = $fields foreach $fields as...
Sandboxie 5.30 - 'Programs Alerts' Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: Sandboxie 5.30 - Denial of Service PoC Date: 16/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.sandboxie.com Software https://www.sandboxie.com/SandboxieInstall.exe Version: 5.30 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...
Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution
!/usr/bin/python """ Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal Remote Code Execution Vulnerability Steven Seeley mrme of Source Incite - 2019 SRC: SRC-2019-0034 CVE: CVE-2019-1821 Example: ======== saturn: mrme$ ./poc.py + usage: ./poc.py + eg: ./poc.py...
SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service
!/usr/bin/env python coding: utf8 SEL AcSELerator Architect 2.2.24 Remote CPU Exhaustion Denial of Service Vendor: Schweitzer Engineering Laboratories, Inc. Product web page: https://www.selinc.com Affected version: 2.2.24.0 ICD package version: 2.38.0 Summary: Substation communications networks...
ZOC Terminal v7.23.4 - 'Shell' Denial of Service (PoC)
Exploit Title: ZOC Terminal v7.23.4 - 'Shell' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Step...
ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC)
Exploit Title: ZOC Terminal v7.23.4 - 'Private key file' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack...
ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC)
Exploit Title: ZOC Terminal v7.23.4 - 'Script' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Ste...
JetAudio jetCast Server 2.0 - 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow
Title: JetAudio jetCast Server 2.0 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 13th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: http://www.jetaudio.com/ Software Link:...
WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service
Exploit Title: DoS Wechat with an emoji Date: 16-May-2019 Exploit Author: Hong Nhat Pham Vendor Homepage: http://www.tencent.com/en-us/index.html Software Link: https://play.google.com/store/apps/details?id=com.tencent.mm Version: 7.0.4 Tested on: Android 9.0 CVE : CVE-2019-11419 Description:...
Axessh 4.2 - 'Log file name' Denial of Service (PoC)
Exploit Title: Axessh 4.2 'Log file name' - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-14 Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/axessh.exe Tested Version: 4.2 Tested on: Windows 7 Service Pack 1 x32 Steps to produce the...