47904 matches found
Axessh 4.2 - 'Log file name' Denial of Service (PoC)
Exploit Title: Axessh 4.2 'Log file name' - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-14 Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/axessh.exe Tested Version: 4.2 Tested on: Windows 7 Service Pack 1 x32 Steps to produce the...
SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service
!/usr/bin/env python coding: utf8 SEL AcSELerator Architect 2.2.24 Remote CPU Exhaustion Denial of Service Vendor: Schweitzer Engineering Laboratories, Inc. Product web page: https://www.selinc.com Affected version: 2.2.24.0 ICD package version: 2.38.0 Summary: Substation communications networks...
Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery / Cross-Site Scripting
input type="submit" value="Submit requ...
Tomabo MP4 Converter 3.25.22 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: MP4 Converter 3.25.22 - 'Name' Denial of Service PoC Date: 14/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.tomabo.com/ Software: http://www.tomabo.com/downloads/mp4-converter-setup.exe Version: 3.25.22 Tested on: Windows 10 Proof of Concept: 1.-...
CommSy 8.6.5 - SQL injection
Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-16 Send details to the vendor...
Microsoft Windows - 'Win32k' Local Privilege Escalation
CVE-2019-0803 Win32k Elevation of Privilege Poc Reference ----------------------------- steal Security token https://github.com/mwrlabs/CVE-2016-7255 EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46920.zip...
PHP-Fusion 9.03.00 - 'Edit Profile' Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusion 9.03.00 and prior versions. It is possible to execute commands i...
Selfie Studio 2.17 - 'Resize Image' Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: Selfie Studio 2.17 - 'Resize Image' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link http://www.pixarra.com/uploads/9/4/6/3/94635436/tbselfiestudioinstall.exe Version: 2.17 Tested on: Windows ...
PasteShr 1.6 - Multiple SQL Injection
=========================================================================================== Exploit Title: PasteShr - SQL İnj. Dork: N/A Date: 14-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://codecanyon.net/item/pasteshr-text-hosting-sharing-script/23019437 Software Link:...
TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link http://www.pixarra.com/uploads/9/4/6/3/94635436/tbrusha.exe Version: 24.06 Tested on: Windows...
TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link http://www.pixarra.com/uploads/9/4/6/3/94635436/tbrusha.exe Version: 24.06 Tested on: Windows 10 Proof o...
D-Link DWL-2600AP - Multiple OS Command Injection
Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use any web browser you like to login to the D-Link...
Sales ERP 8.1 - Multiple SQL Injection
=========================================================================================== Exploit Title: SalesERP v.8.1 SQL Inj. Dork: N/A Date: 13-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://codecanyon.net/category/php-scripts?term=sales%20erp Version: v8.1 Category: Webap...
TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link http://www.pixarra.com/uploads/9/4/6/3/94635436/tbrusha.exe Version: 24.06 Tested on: Windows 10...
Schneider Electric U.Motion Builder 1.3.4 - 'track_import_export.php object_id' Unauthenticated Command Injection
RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: OS Command Injection CWE-78 Date found: 2018-11-15 Date published: 2019-05-13 CVSSv3 Score: 9.8...
SOCA Access Control System 180612 - Information Disclosure
SOCA Access Control System 180612 Information Disclosure Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and fingerprint access control system, time and attendance, electric...
SpotMSN 2.4.6 - Denial of Service (PoC)
Exploit Title: SpotMSN 2.4.6 - 'Name/Key' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-12 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/spotmsnsetup.exe Tested Version: 2.4.6 Tested on: Windows Windows 10 Single Language x64 /...
SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)
SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximity and Fingerprint access control system, Time and Attendance, Electric...
OpenProject 5.0.0 - 8.3.1 - SQL Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 5.0.0 - 8.3.1 fixed version: 8.3.2 & 9.0.0 CVE number: CVE-2019-11600 impact: Critica...
Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds Read/Write
!-- Since commit https://chromium.googlesource.com/v8/v8.git/+/c22bb466d8934685d897708119543d099b9d2a9a turbofan supports inlining calls to array.includes and array.indexOf. The logic of the function is roughly: 1. Check the set of possible Maps of the array type with...
SOCA Access Control System 180612 - SQL Injection
SOCA Access Control System 180612 SQL Injection And Authentication Bypass Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and fingerprint access control system, time and...
DNSS 2.1.8 - Denial of Service (PoC)
Exploit Title: DNSS Domain Name Search Software 2.1.8 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-12 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/dnsssetup.exe Tested Version: 2.1.8 Tested on: Windows Windows 10 Single...
XOOPS 2.5.9 - SQL Injection
Sql Injection on XOOPS CMS v.2.5.9 + Date: 12/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://xoops.org/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:gerarpdf.php inurl:modules // use your brain ; +...
SpotPaltalk 1.1.5 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: SpotPaltalk 1.1.5 - 'Name/Key' Denial of Service PoC Date: 09/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com Software Link http://www.nsauditor.com/downloads/spotpaltalksetup.exe Version: 1.1.5 Tested on: Windows 10 Proof of Concept:...
SpotIM 2.2 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: SpotIM 2.2 - 'Name/Key' Denial of Service PoC Date: 09/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com Software Link http://www.nsauditor.com/downloads/spotimsetup.exe Version: 2.2 Tested on: Windows 10 Proof of Concept: 1.- Run the...
Cortex Unshortenlink Analyzer < 1.1 - Server-Side Request Forgery
Exploit Title: Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Date: 2/26/2019 Exploit Author: Alexandre Basquin Vendor Homepage: https://blog.thehive-project.org Software Link: https://github.com/TheHive-Project/Cortex Version: Cortex = 2.1.3 Tested on: 2.1.3 CVE : CVE-2019-7652...
jetCast Server 2.0 - Denial of Service (PoC)
Exploit Title: jetCast Server 2.0 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: http://www.jetaudio.com/ Software Link: http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/Download/jetCast/build/JCS2000.exe Tested...
CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection
Exploit Title: CyberArk XML External Entity XXE Injection in SAML authentication Date: 10/05/2019 Exploit Author: Marcelo Toran @spamv Vendor Homepage: https://www.cyberark.com Version: =10.7 CVE : CVE-2019-7442 -----------Product description The CyberArk Enterprise Password Vault is a privileged...
RICOH SP 4510DN Printer - HTML Injection
Exploit Title: RICOH SP 4510DN Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.html Software: RICOH Printer Product Version...
RICOH SP 4520DN Printer - HTML Injection
Exploit Title: RICOH SP 4520DN Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.html Software: RICOH Printer Product Version...
dotCMS 5.1.1 - HTML Injection
Exploit Title: dotCMS 5.1.1 - HTML Injection Date: 2019-05-09 Exploit Author: Ismail Tasdelen Vendor Homepage: https://dotcms.com/ Software Link: https://github.com/dotCMS Software: dotCMS Product Version: 5.1.1 Vulernability Type: Code Injection Vulenrability: HTML Injection and Cross-site...
PHPRunner 10.1 - Denial of Service (PoC)
Exploit Title: PHPRunner 10.1 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: https://xlinesoft.com/ Software Link: https://xlinesoft.com/phprunner/download.htm Tested Version: 10.1 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the...
ASPRunner.NET 10.1 - Denial of Service (PoC)
Exploit Title: ASPRunner.NET 10.1 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: https://xlinesoft.com/ Software Link: https://xlinesoft.com/asprunnernet/download.htm Tested Version: 10.1 Tested on: Windows 7 Service Pack 1 x64 Steps to produce...
Convert Video jetAudio 8.1.7 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: Convert Video jetAudio 8.1.7 - Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.jetaudio.com/ Software Link http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/JAD8107BASIC.exe Version: 8.1.7...
Lyric Video Creator 2.1 - '.mp3' Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: Lyric Video Creator 2.1 - '.mp3' Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://lyricvideocreator.com/ Software Link: https://lyricvideocreator.com/dwl/LyricVideoCreator.exe Version: 2.1 Tested on: Windows 10 Proof of...
Zoho ManageEngine ADSelfService Plus 5.7 < 5702 build - Cross-Site Scripting
Zoho ManageEngine ADSelfService Plus 5.7 &searchType=contains&searchBy=ALLFIELDS&actionId=Search HTTP/1.1 &adscsrf= 4- Stored XSS in self-update layout implementation. /SelfService.do?meth...
Lyric Maker 2.0.1.0 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: Lyric Maker 2.0.1.0 - Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.jetaudio.com/ Software Link http://www.jetaudio.com/download/5fc01426-741d-41b8-a120-d890330ec672/jetAudio/JAD8107BASIC.exe Version: 2.0.1.0 Tested...
MiniFtp - 'parseconf_load_setting' Buffer Overflow
Exploit Title: MiniFtp parseconfloadsetting local-bufferoverflow 318 bytes Google Dork: None Date: 11.04.2019 Exploit Author: strider Vendor Homepage: https://github.com/skyqinsc/MiniFtp Software Link: https://github.com/skyqinsc/MiniFtp Tested on: Debian 9 Stretch i386/ Kali Linux i386 CVE : Non...
NetNumber Titan ENUM/DNS/NP 7.9.1 - Path Traversal / Authorization Bypass
Exploit Title: NetNumber Titan ENUM/DNS/NP - Path Traversal - Authorization Bypass Google Dork: N/A Date: 4/29/2019 Exploit Author: MobileNetworkSecurity Vendor Homepage: https://www.netnumber.com/products/data Software Link: N/A Version: Titan Master 7.9.1 Tested on: Linux CVE : N/A Type: WEBAPP...
PostgreSQL 9.3 - COPY FROM PROGRAM Command Execution (Metasploit)
\ This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/postgres' class MetasploitModule 'PostgreSQL COPY FROM PROGRAM Command Execution', 'Description' = %q Installations running Postgres 9.3 and...
Google Chrome 72.0.3626.119 - 'FileReader' Use-After-Free (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Chrome 72.0.3626.119 FileReader UaF exploit for Windows 7 x86', 'Description' = %q This exploit takes advantage of a use after free vulnerability...
Lotus Domino 8.5.3 - 'EXAMINE' Stack Buffer Overflow DEP/ASLR Bypass (NSA's EMPHASISMINE)
Here is a working version of the NSA's EMPHASISMINE for IMAP Server Lotus Domino 8.5.3 FP0 DEP/ASLR bypass Replace breakpoints with msfvenom payload ALPHANUMERIC I love you Alison Thompson OAM @ThirdWaveORG Author: Charles Truscott @r0ss1n1 import base64 import struct import socket import time...
jetAudio 8.1.7.20702 Basic - 'Enter URL' Denial of Service (PoC)
Exploit Title: jetAudio 8.1.7.20702 Basic - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-07 Vendor Homepage: http://www.jetaudio.com/ Software Link: http://www.jetaudio.com/download/ Tested Version: 8.1.7.20702 Tested on: Windows 7 Service Pack 1 x64 / Windows 10...
Oracle Weblogic Server - 'AsyncResponseService' Deserialization Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - AsyncResponseService ', 'Description' = %q An unauthenticated attacker with network access to the...
Admin Express 1.2.5.485 - 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow
Title: Admin Express v1.2.5.485 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 6th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage: https://admin-express.en.softonic.com/ Software Link: https://admin-express.en.softonic.com/download Version...
Easy Chat Server 3.1 - 'message' Denial of Service (PoC)
!/usr/bin/python --------------------------------------------------------- Title: Easy Chat Server Version 3.1 - DOS Date: 2019-05-07 Author: Miguel Mendez Z Team: www.exploiting.cl Vendor: http://www.echatserver.com Software Link: http://www.echatserver.com/ecssetup.exe Platforms: Windows Versio...
Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting
Details ================ Software: Prinect Archive System Version: v2015 Release 2.6 Homepage: https://www.heidelberg.com Advisory report: https://github.com/alt3kx/CVE-2019-10685 CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10685 CVSS: 6.1...
ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
https://twitter.com/gscamelo Vendor Homepage: https://smartbear.com/product/ready-api Software Link: https://smartbear.com/product/ready-api/overview/ Github: https://github.com/gscamelo/CVE-2018-20580 Version: 2.5.0 and 2.6.0 Tested on: Windows CVE : CVE-2018-20580 I found a new vulnerability in...
PHPads 2.0 - 'click.php3?bannerID' SQL Injection
Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo : https://github.com/blondishnet/PHPads/blob/master/readme.txt + Contact:...
Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)
Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Date: May 4, 2019 Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian Kloskowski Set up a multi handler listener in MSFConsole then run...