OpenProject 5.0.0 - 8.3.1 - SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 5.0.0 - 8.3.1 fixed version: 8.3.2 & 9.0.0 CVE number: CVE-2019-11600 impact: Critica...

Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write

!-- Since commit https://chromium.googlesource.com/v8/v8.git/+/c22bb466d8934685d897708119543d099b9d2a9a turbofan supports inlining calls to array.includes and array.indexOf. The logic of the function is roughly: 1. Check the set of possible Maps of the array type with...

SOCA Access Control System 180612 - Information Disclosure

SOCA Access Control System 180612 Information Disclosure Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and fingerprint access control system, time and attendance, electric...

RICOH SP 4510DN Printer - HTML Injection

Exploit Title: RICOH SP 4510DN Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.html Software: RICOH Printer Product Version...

SpotIM 2.2 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: SpotIM 2.2 - 'Name/Key' Denial of Service PoC Date: 09/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com Software Link http://www.nsauditor.com/downloads/spotimsetup.exe Version: 2.2 Tested on: Windows 10 Proof of Concept: 1.- Run the...

jetCast Server 2.0 - Denial of Service (PoC)

Exploit Title: jetCast Server 2.0 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: http://www.jetaudio.com/ Software Link: http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/Download/jetCast/build/JCS2000.exe Tested...

CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection

Exploit Title: CyberArk XML External Entity XXE Injection in SAML authentication Date: 10/05/2019 Exploit Author: Marcelo Toran @spamv Vendor Homepage: https://www.cyberark.com Version: =10.7 CVE : CVE-2019-7442 -----------Product description The CyberArk Enterprise Password Vault is a privileged...

RICOH SP 4520DN Printer - HTML Injection

Exploit Title: RICOH SP 4520DN Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.html Software: RICOH Printer Product Version...

dotCMS 5.1.1 - HTML Injection

Exploit Title: dotCMS 5.1.1 - HTML Injection Date: 2019-05-09 Exploit Author: Ismail Tasdelen Vendor Homepage: https://dotcms.com/ Software Link: https://github.com/dotCMS Software: dotCMS Product Version: 5.1.1 Vulernability Type: Code Injection Vulenrability: HTML Injection and Cross-site...

SpotPaltalk 1.1.5 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: SpotPaltalk 1.1.5 - 'Name/Key' Denial of Service PoC Date: 09/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com Software Link http://www.nsauditor.com/downloads/spotpaltalksetup.exe Version: 1.1.5 Tested on: Windows 10 Proof of Concept:...

PHPRunner 10.1 - Denial of Service (PoC)

Exploit Title: PHPRunner 10.1 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: https://xlinesoft.com/ Software Link: https://xlinesoft.com/phprunner/download.htm Tested Version: 10.1 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the...

Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery

Exploit Title: Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Date: 2/26/2019 Exploit Author: Alexandre Basquin Vendor Homepage: https://blog.thehive-project.org Software Link: https://github.com/TheHive-Project/Cortex Version: Cortex = 2.1.3 Tested on: 2.1.3 CVE : CVE-2019-7652...

ASPRunner.NET 10.1 - Denial of Service (PoC)

Exploit Title: ASPRunner.NET 10.1 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: https://xlinesoft.com/ Software Link: https://xlinesoft.com/asprunnernet/download.htm Tested Version: 10.1 Tested on: Windows 7 Service Pack 1 x64 Steps to produce...

Convert Video jetAudio 8.1.7 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: Convert Video jetAudio 8.1.7 - Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.jetaudio.com/ Software Link http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/JAD8107BASIC.exe Version: 8.1.7...

Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting

Zoho ManageEngine ADSelfService Plus 5.7 &searchType=contains&searchBy=ALLFIELDS&actionId=Search HTTP/1.1 &adscsrf= 4- Stored XSS in self-update layout implementation. /SelfService.do?meth...

Lyric Video Creator 2.1 - '.mp3' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: Lyric Video Creator 2.1 - '.mp3' Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://lyricvideocreator.com/ Software Link: https://lyricvideocreator.com/dwl/LyricVideoCreator.exe Version: 2.1 Tested on: Windows 10 Proof of...

Lyric Maker 2.0.1.0 - Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: Lyric Maker 2.0.1.0 - Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.jetaudio.com/ Software Link http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/JAD8107BASIC.exe Version: 2.0.1.0 Tested...

PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)

\ This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/postgres' class MetasploitModule 'PostgreSQL COPY FROM PROGRAM Command Execution', 'Description' = %q Installations running Postgres 9.3 and...

Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86', 'Description' = %q This exploit takes advantage of a use after free vulnerability...

Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - AsyncResponseService ', 'Description' = %q An unauthenticated attacker with network access to the...

MiniFtp - 'parseconf_load_setting' Buffer Overflow

Exploit Title: MiniFtp parseconfloadsetting local-bufferoverflow 318 bytes Google Dork: None Date: 11.04.2019 Exploit Author: strider Vendor Homepage: https://github.com/skyqinsc/MiniFtp Software Link: https://github.com/skyqinsc/MiniFtp Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : Non...

Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)

Here is a working version of the NSA's EMPHASISMINE for IMAP Server Lotus Domino 8.5.3 FP0 DEP/ASLR bypass Replace breakpoints with msfvenom payload ALPHANUMERIC I love you Alison Thompson OAM @ThirdWaveORG Author: Charles Truscott @r0ss1n1 import base64 import struct import socket import time...

NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass

Exploit Title: NetNumber Titan ENUM/DNS/NP - Path Traversal - Authorization Bypass Google Dork: N/A Date: 4/29/2019 Exploit Author: MobileNetworkSecurity Vendor Homepage: https://www.netnumber.com/products/data Software Link: N/A Version: Titan Master 7.9.1 Tested on: Linux CVE : N/A Type: WEBAPP...

jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC)

Exploit Title: jetAudio 8.1.7.20702 Basic - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-07 Vendor Homepage: http://www.jetaudio.com/ Software Link: http://www.jetaudio.com/download/ Tested Version: 8.1.7.20702 Tested on: Windows 7 Service Pack 1 x64 / Windows 10...

Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting

Details ================ Software: Prinect Archive System Version: v2015 Release 2.6 Homepage: https://www.heidelberg.com Advisory report: https://github.com/alt3kx/CVE-2019-10685 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10685 CVSS: 6.1...

Easy Chat Server 3.1 - 'message' Denial of Service (PoC)

!/usr/bin/python --------------------------------------------------------- Title: Easy Chat Server Version 3.1 - DOS Date: 2019-05-07 Author: Miguel Mendez Z Team: www.exploiting.cl Vendor: http://www.echatserver.com Software Link: http://www.echatserver.com/ecssetup.exe Platforms: Windows Versio...

Admin Express 1.2.5.485 - 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow

Title: Admin Express v1.2.5.485 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 6th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: https://admin-express.en.softonic.com/ Software Link: https://admin-express.en.softonic.com/download Version...

iOS 12.1.3 - 'cfprefsd' Memory Corruption

// c 2019 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes // Intended only for educational and defensive purposes only. // Use at your own risk. include import include include include include include define AGENT 1 define FILLDICTCOUNT 0x600 define FILLCOUNT 0x1000 define FREECOU...

LG Supersign EZ CMS - Remote Code Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Supersign EZ CMS RCE', 'Description' = %q LG SuperSignEZ CMS, that many LG SuperSign TVs have builtin, is prone to remote code execution due to...

ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution

https://twitter.com/gscamelo Vendor Homepage: https://smartbear.com/product/ready-api Software Link: https://smartbear.com/product/ready-api/overview/ Github: https://github.com/gscamelo/CVE-2018-20580 Version: 2.5.0 and 2.6.0 Tested on: Windows CVE : CVE-2018-20580 I found a new vulnerability in...

NSClient++ 0.5.2.35 - Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Date: 05-05-19 Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/ Tested on: Windows 10 x64 Details: When...

microASP (Portal+) CMS - 'pagina.phtml?explode_tree' SQL Injection

Sql Injection on microASP Portal+ CMS + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.microasp.it/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:"/pagina.phtml?explodetree" // use your...

PHPads 2.0 - 'click.php3?bannerID' SQL Injection

Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo : https://github.com/blondishnet/PHPads/blob/master/readme.txt + Contact:...

Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)

Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Date: May 4, 2019 Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian Kloskowski Set up a multi handler listener in MSFConsole then run...

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

Vendor: Solarwinds Site Vendor: https://www.dameware.com/ Product: Dameware Mini Remote Control Version: 10.0 x64 Platform: Windows Tested on: Windows 7 SP1 x64 Dscription: The DWRCC executable file is affected by a buffer overflow vulnerability. The buffer size passed in on the machine name...

WordPress Plugin Social Warfare < 3.5.3 - Remote Code Execution

Title: RCE in Social Warfare Plugin Wordpress =3D3.5.2 Date: March, 2019 Researcher: Luka Sikic Exploit Author: hash3liZer Download Link: https://wordpress.org/plugins/social-warfare/ Reference:...

Instagram Auto Follow - Authentication Bypass

Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Date: 2019-05-01 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux https://eowynlab.cf/autobot-follow/index.php username:...

Blue Angel Software Suite - Command Execution

Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CVE : N/A Description: Blue Angel Software Suite...

Crestron AM/Barco wePresent WiPG/Extron ShareLink/Teq AV IT/SHARP PN-L703WA/Optoma WPS-Pro/Blackbox HD WPS/InFocus LiteShow - Remote Command Injection

Exploit Title: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection Date: 05/01/2019 Exploit Author: Jacob Baines Tested on: Crestron AM-100 1.6.0.2 CVE : CVE-2019-3929 PoC Video: https://www.youtube.com/watch?v=q-PIjnPcu2k Advisory:...

Zotonic < 0.47.0 mod_admin - Cross-Site Scripting

Exploit Title: Zotonic prompt‘XSS’ Affected source code file zotonicmodadmin: - zotonicmodadminidentity\priv\templates\adminsortheader.tpl - zotonicmodadminidentity\priv\templates\adminusers.tpl References http://docs.zotonic.com/en/latest/developer-guide/releasenotes/rel0.47.0.html...

Microsoft Windows PowerShell ISE - Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product Windows PowerShell ISE The...

Ruby On Rails - DoubleTap Development Mode secret_key_base Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ruby On Rails DoubleTap Development Mode secretkeybase Vulnerability', 'Description' = %q This module exploits a vulnerability in Ruby on Rails. ...

CentOS Web Panel 0.9.8.793 (Free) / v0.9.8.753 (Pro) / 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting

Exploit Title: CentOS Web Panel - Domain Field Add DNS Zone Cross-Site Scripting Vulnerability Google Dork: N/A Date: 22 - April - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: v0.9.8.793 Free, v0.9.8.753 Pro and 0.9.8.807...

Oracle Weblogic 10.3.6.0.0 / 12.1.3.0.0 - Remote Code Execution

!/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link: https://www.oracle.com/technetwork/middleware/downloads/index.html Version: Oracl...

Joomla! Component JiFile 2.3.1 - Arbitrary File Download

Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 28, 2019 Vendor Homepage: http://www.isapp.it Software Link :...

Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery

Exploit Title: Veeam ONE Reporter - Cross-Site Request Forgery All Actions/Methods Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Software Link: https://www.veeam.com/virtual-server-management-one-free.ht...

Hyvikk Fleet Manager - Shell Upload

======================================================================================== | Fleet Manager hyvikk Shell Upload Date: 29-04-2019 Title : Fleet Manager by hyvikk All versions | Author : saxgy1331 - Kaieteur-Falls-1331 | Vendor Homepage: https://codecanyon.net/item/fleet-manager/200518...

Joomla! Component ARI Quiz 3.7.4 - SQL Injection

Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...

Agent Tesla Botnet - Information Disclosure

Exploit Title: Agent Tesla Botnet - Information Disclosure Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: http://www.agenttesla.com/ ¡ Down ! Version: unkn0wn Tested on: Windows 10, debian 7 CVE : n/a Greetz: Shell.root,...

Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery

IWR 3000N - CSRF on authenticated administrator Exploit! Click the button to get the login and password. function exploit $.get "http://localhost:80/v1/system/user" .done data = alert data ; .failfunction err, status alert status ; ;...