Apple macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - AIR Optimization Incorrectly Removes Assignment to Register

While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc from current HEAD git commit 3c46422e45fef2de6ff13b66cd45705d63859555 in debug and release builds ./Tools/Scripts/build-jsc --jsc-only --debug or --release: // Run with --useConcurrentJIT=false...

Brocade Network Advisor 14.4.1 - Unauthenticated Remote Code Execution

/ Exploit Title: Brocade Network Advisor - Unauthenticated Remote Code Execution Date: 2017-03-29 Exploit Author: Jakub Palaczynski Vendor Homepage: https://www.broadcom.com/ CVE: CVE-2018-6443 Version: Tested on Brocade Network Advisor 14.X.X versions. Other may also be affected. Tested on EMC...

docPrint Pro 8.0 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: Document Converter docPrint Pro v8.0 - Denial of Service PoC Date: 19/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Tested on: Windows 10 Proof of Concept: 1.- Run the...

GetSimpleCMS - Unauthenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "GetSimpleCMS Unauthenticated RCE", 'Description' = %q This module exploits a vulnerability found in GetSimpleCMS, which allows unauthenticated...

AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 10.16 - 'License name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-19 Vendor Homepage: https://www.celestialsoftware.net/ Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet10.16.exe Tested Version: 10.16 Tested on:...

Encrypt PDF 2.3 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: Encrypt PDF v2.3 - Denial of Service PoC Date: 19/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://www.verypdf.com/encryptpdf/encryptpdf.exe Version: 2.3 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...

Huawei eSpace 1.1.11.103 - 'ContactsCtrl.dll' / 'eSpaceStatusCtrl.dll' ActiveX Heap Overflow

Huawei eSpace Meeting ContactsCtrl.dll and eSpaceStatusCtrl.dll ActiveX Heap Overflow Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC eSpace UC V200R002C02 Summary: Create...

BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service (PoC)

Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'Storage-Path' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Teste...

eLabFTW 1.8.5 - Arbitrary File Upload / Remote Code Execution

Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version : 1.8.5 Software Link : https://github.com/elabftw/elabftw Tested On : Linux / PH...

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow

Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient Enhanced...

Huawei eSpace 1.1.11.103 - DLL Hijacking

/ Huawei eSpace Desktop DLL Hijacking Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpace UC Summary: Create more convenient Enhanced Communications EC services for...

BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service (PoC)

Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested...

PCL Converter 2.7 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: VeryPDF PCL Converter v2.7 - Denial of Service PoC Date: 19/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://www.verypdf.com/pcltools/pcl-converter.exe Version: 2.7 Tested on: Windows 10 Proof of Concept: 1.- Run the...

Huawei eSpace Meeting 1.1.11.103 - 'cenwpoll.dll' SEH Buffer Overflow (Unicode)

!/usr/bin/env python -- coding: utf-8 -- Huawei eSpace Meeting cenwpoll.dll Unicode Stack Buffer Overflow with SEH Overwrite Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected application: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop, eSpace Meeting, eSpac...

Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (2)

/ raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...

Solaris 10 1/13 (Intel) - 'dtprintinfo' Local Privilege Escalation (1)

/ raptordtprintnameintel.c - dtprintinfo 0day, Solaris/Intel Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...

Solaris 7/8/9 (SPARC) - 'dtprintinfo' Local Privilege Escalation (1)

/ raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerability and for his interesting research activities on...

CEWE Photo Importer 6.4.3 - '.jpg' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: CEWE PHOTO IMPORTER 6.4.3 - Denial of Service PoC Date: 16/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software: https://cewe-photoworld.com/creator-software/windows-download Version: 6.4.3 Tested on: Windows 10 Proof of...

Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal / Remote Code Execution

!/usr/bin/python """ Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal Remote Code Execution Vulnerability Steven Seeley mrme of Source Incite - 2019 SRC: SRC-2019-0034 CVE: CVE-2019-1821 Example: ======== saturn: mrme$ ./poc.py + usage: ./poc.py + eg: ./poc.py...

Sandboxie 5.30 - 'Programs Alerts' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: Sandboxie 5.30 - Denial of Service PoC Date: 16/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.sandboxie.com Software https://www.sandboxie.com/SandboxieInstall.exe Version: 5.30 Tested on: Windows 10 Proof of Concept: 1.- Run the python script...

Interspire Email Marketer 6.20 - 'surveys_submit.php' Remote Code Execution

Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6.20 $widget foreach $widget as $widgetKey = $fields foreach $fields as...

Iperius Backup 6.1.0 - Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link: https://www.iperiusbackup.com/download.aspx Tested on: Windows 10 x...

CEWE Photoshow 6.4.3 - 'Password' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: CEWE PHOTO SHOW 6.4.3 - Denial of Service PoC Date: 16/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software: https://cewe-photoworld.com/creator-software/windows-download Version: 6.4.3 Tested on: Windows 10 Proof of Concept:...

DeepSound 1.0.4 - SQL Injection

=========================================================================================== Exploit Title: DeepSound 1.0.4 - SQL Inj. Dork: N/A Date: 15-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470...

JetAudio jetCast Server 2.0 - 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow

Title: JetAudio jetCast Server 2.0 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 13th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: http://www.jetaudio.com/ Software Link:...

VMware Workstation 15.1.0 - DLL Hijacking

--------------------------------------------------------- Title: VMware Workstation DLL hijacking DLLIMPORT void SHGetFolderPathW MessageBox0, "s1kr10s", "VMWare-Poc", MBICONINFORMATION; exit0; -------------------------- https://www.vmware.com/security/advisories/VMSA-2019-0007.html...

WeChat for Android 7.0.4 - 'vcodec2_hls_filter' Denial of Service

Exploit Title: DoS Wechat with an emoji Date: 16-May-2019 Exploit Author: Hong Nhat Pham Vendor Homepage: http://www.tencent.com/en-us/index.html Software Link: https://play.google.com/store/apps/details?id=com.tencent.mm Version: 7.0.4 Tested on: Android 9.0 CVE : CVE-2019-11419 Description:...

Axessh 4.2 - 'Log file name' Denial of Service (PoC)

Exploit Title: Axessh 4.2 'Log file name' - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-14 Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/axessh.exe Tested Version: 4.2 Tested on: Windows 7 Service Pack 1 x32 Steps to produce the...

ZOC Terminal v7.23.4 - 'Private key file' Denial of Service (PoC)

Exploit Title: ZOC Terminal v7.23.4 - 'Private key file' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack...

ZOC Terminal v7.23.4 - 'Shell' Denial of Service (PoC)

Exploit Title: ZOC Terminal v7.23.4 - 'Shell' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Step...

ZOC Terminal 7.23.4 - 'Script' Denial of Service (PoC)

Exploit Title: ZOC Terminal v7.23.4 - 'Script' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version: 7.23.4 Tested on: Windows 7 Service Pack 1 x64 Ste...

SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service

!/usr/bin/env python coding: utf8 SEL AcSELerator Architect 2.2.24 Remote CPU Exhaustion Denial of Service Vendor: Schweitzer Engineering Laboratories, Inc. Product web page: https://www.selinc.com Affected version: 2.2.24.0 ICD package version: 2.38.0 Summary: Substation communications networks...

CommSy 8.6.5 - SQL injection

Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-16 Send details to the vendor...

Tomabo MP4 Converter 3.25.22 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: MP4 Converter 3.25.22 - 'Name' Denial of Service PoC Date: 14/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.tomabo.com/ Software: http://www.tomabo.com/downloads/mp4-converter-setup.exe Version: 3.25.22 Tested on: Windows 10 Proof of Concept: 1.-...

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting

input type="submit" value="Submit requ...

Microsoft Windows - 'Win32k' Local Privilege Escalation

CVE-2019-0803 Win32k Elevation of Privilege Poc Reference ----------------------------- steal Security token https://github.com/mwrlabs/CVE-2016-7255 EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46920.zip...

PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusion 9.03.00 and prior versions. It is possible to execute commands i...

Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: Selfie Studio 2.17 - 'Resize Image' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link http://www.pixarra.com/uploads/9/4/6/3/94635436/tbselfiestudioinstall.exe Version: 2.17 Tested on: Windows ...

Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: OS Command Injection CWE-78 Date found: 2018-11-15 Date published: 2019-05-13 CVSSv3 Score: 9.8...

TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link http://www.pixarra.com/uploads/9/4/6/3/94635436/tbrusha.exe Version: 24.06 Tested on: Windows 10 Proof o...

PasteShr 1.6 - Multiple SQL Injection

=========================================================================================== Exploit Title: PasteShr - SQL İnj. Dork: N/A Date: 14-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437 Software Link:...

TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link http://www.pixarra.com/uploads/9/4/6/3/94635436/tbrusha.exe Version: 24.06 Tested on: Windows 10...

TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link http://www.pixarra.com/uploads/9/4/6/3/94635436/tbrusha.exe Version: 24.06 Tested on: Windows...

D-Link DWL-2600AP - Multiple OS Command Injection

Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use any web browser you like to login to the D-Link...

Sales ERP 8.1 - Multiple SQL Injection

=========================================================================================== Exploit Title: SalesERP v.8.1 SQL Inj. Dork: N/A Date: 13-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://codecanyon.net/category/php-scripts?term=sales%20erp Version: v8.1 Category: Webap...

XOOPS 2.5.9 - SQL Injection

Sql Injection on XOOPS CMS v.2.5.9 + Date: 12/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://xoops.org/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:gerarpdf.php inurl:modules // use your brain ; +...

SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)

SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximity and Fingerprint access control system, Time and Attendance, Electric...

DNSS 2.1.8 - Denial of Service (PoC)

Exploit Title: DNSS Domain Name Search Software 2.1.8 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-12 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/dnsssetup.exe Tested Version: 2.1.8 Tested on: Windows Windows 10 Single...

SOCA Access Control System 180612 - SQL Injection

SOCA Access Control System 180612 SQL Injection And Authentication Bypass Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and fingerprint access control system, time and...

SpotMSN 2.4.6 - Denial of Service (PoC)

Exploit Title: SpotMSN 2.4.6 - 'Name/Key' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-12 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/spotmsnsetup.exe Tested Version: 2.4.6 Tested on: Windows Windows 10 Single Language x64 /...