47904 matches found
Simple Online Hotel Reservation System - SQL Injection
Exploit Title: Simple Online Hotel Reservation System - SQL Injection / Authentication Bypass Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage: https://code-projects.org/ Software Link :...
Joomla! Component J2Store < 3.3.7 - SQL Injection
Exploit Title: J2Store Plugin for Joomla! 3.3.6 - SQL Injection Date: 19/02/2019 Author: Andrei Conache Twitter: @andreiconache Contact: andrei.conacheatprotonmail.com Software Link: https://www.j2store.org Version: 3.x-3.3.6 Tested on: Linux CVE: CVE-2019-9184 1. Description: J2Store is the most...
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage: https://code-projects.org/ Software Link :...
Alcatel-Lucent (Nokia) GPON I-240W-Q - Buffer Overflow
!/usr/bin/python3 import argparse import requests import urllib.parse import binascii import re def runtarget: """ Execute exploitation """ We're using CVE-2018-10561 and/or it's extension in order to exploit this Authenticated RCE in usbForm method of GPON ONT. We can also exploit this issue aft...
TransMac 12.3 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: TransMac 12.3 - 'Volume name' Denial of Service PoC Date: 27/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.acutesystems.com/ Software Link: https://www.acutesystems.com/tmac/tmsetup.exe Version: 12.3 Tested on: Windows 10 Proof of Concept: 1.- R...
Usermin 1.750 - Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Usermin 1.750 - Remote Command Execution', 'Description' = %q This module exploits an arbitrary command execution...
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
Exploit Title: Simple Online Hotel Reservation System - Cross-Site Request Forgery Add Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 25, 2019 Vendor Homepage: https://code-projects.org/ Software Link :...
Feng Office 3.7.0.5 - Remote Command Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Feng Office 3.7.0.5 - Unauthenticated Remote Command Execution', 'Description' = %q This module exploits arbitrar...
WebKitGTK 2.23.90 / WebKitGTK+ 2.22.6 - Denial of Service
Exploit Title: Buffer overflow Date: 27-02-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://webkit.org/ Software Link: https://gitlab.gnome.org/GNOME/epiphany Version: 2.23.90 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-8375 References: https://nvd.nist.gov/vuln/detail/CVE-2019-83...
PHP 7.2 - 'imagecolormatch()' Out of Band Heap Write
&c= Example: GET/POST /exploit.php?f=0x7fe83d1bb480&c=id++/dev/shm/titi Target: PHP 7.2.x Tested on: PHP 7.2.12 / buf = unsigned long safeemallocsizeofunsigned long, 5 im2-colorsTotal, 0; for x=0; xsx; x++ for y=0; ysy; y++ color = im2-pixelsyx; rgb = im1-tpixelsyx; bp = buf + color 5; bp++++; bp...
Jenkins Plugin Script Security 1.49/Declarative 1.3.4/Groovy 2.60 - Remote Code Execution
!/usr/bin/env python Exploit Title : jenkins-preauth-rce-exploit.py Date : 02/23/2019 Authors : wetw0rk & 0xtavian Vendor Homepage : https://jenkins.oi Software Link : https://jenkins.io/download/ Tested on : jenkins=v2.73 Plugins: Script Security=v1.49, Pipeline: Declarative=v1.3.4, Pipeline:...
News Website Script 2.0.5 - SQL Injection
Exploit Title: News Website Script 2.0.5 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link : https://www.phpscriptsmall.com/product/news-website-script/ Tested Version...
zzzphp CMS 1.6.1 - Remote Code Execution
Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 24/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip Version: 1.6.1 Tested on: windows/Linux,iis/apache C...
Advance Gift Shop Pro Script 2.0.3 - SQL Injection
Exploit Title: Advance Gift Shop Pro Script 2.0.3 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 21, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link : https://www.phpscriptsmall.com/product/gifts-shop/ Tested Version...
Xlight FTP Server 3.9.1 - Buffer Overflow (PoC)
Exploit Title: Xlight 3.9.1 FTP Server SEH Overwrite Google Dork: N/A Date: 2019-02-24 Exploit Author: Logan Whitmire Vendor Homepage: https://www.xlightftpd.com/index.htm Software Link: https://www.xlightftpd.com/download/xlight.zip Version: 3.9.1 Tested on: Windows XP CVE : N/A...
Drupal < 8.6.9 - REST Module Remote Code Execution
!/usr/bin/env python3 CVE-2019-6340 Drupal = 8.6.9 REST services RCE PoC 2019 @leonjza Technical details for this exploit is available at: https://www.drupal.org/sa-core-2019-003 https://www.ambionics.io/blog/drupal8-rce https://twitter.com/jcran/status/1099206271901798400 Sample usage: $ python...
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection
Exploit Title: PHP Ecommerce Script 2.0.6 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 22, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...
Drupal < 8.6.10 / < 8.5.11 - REST Module Remote Code Execution
Analyzing the patch By diffing Drupal 8.6.9 and 8.6.10, we can see that in the REST module, FieldItemNormalizer now uses a new trait, SerializedColumnNormalizerTrait. This trait provides the checkForSerializedStrings method, which in short raises an exception if a string is provided for a value...
Nuuo Central Management - (Authenticated) SQL Server SQL Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Authenticated SQL Server SQLi', 'Description' = %q The Nuuo Central Management Server allows an authenticated user to que...
Teracue ENC-400 - Command Injection / Missing Authentication
Introduction ============ Multiple vulnerabilities were identified within the Teracue ENC-400, including pre-authenticated remote code authentication. While the vendor has released updated firmware after these issues were identified, they are not all resolved with the latest version of the...
Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation
SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Micro Focus Filr Multiple Vulnerabilities 1. Advisory Information Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL:...
Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution
Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 CVE : CVE-2017-17417 There is a decent...
WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter
/ https://github.com/WebKit/webkit/blob/3fff8c40c665a09de5e3ede46fc35908f69353c3/Source/JavaScriptCore/runtime/Lookup.hL392 if value.attributes & PropertyAttribute::PropertyCallback JSValue result = value.lazyPropertyCallbackvm, &thisObj; thisObj.putDirectvm, propertyName, result,...
WinRAR 5.61 - Path Traversal
!/usr/bin/env python3 import os import re import zlib import binascii The archive filename you want rarfilename = "test.rar" The evil file you want to run evilfilename = "calc.exe" The decompression path you want, such shown below targetfilename = r"C:\C:C:../AppData\Roaming\Microsoft\Windows\Sta...
RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)
Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Category: Local Contact:...
C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection
Exploit Title: C4G Basic Laboratory Information System BLIS 3.4 - Multiples SQL Injection Date: 01/31/2019 Software Links/Project: https://github.com/C4G/BLIS | http://blis.cc.gatech.edu/index.php Version: C4G Basic Laboratory Information System v3.4 Exploit Author: Carlos Avila Category: webapps...
AirDrop 2.0 - Denial of Service (DoS)
include include include include include include include include include include include // // Author: Marcelo Vázquez aka s4vitar // AirDrop 2.0 Remote Denial of Service DoS // // Exploit Title: AirDrop 2.0 Remote Denial of Service DoS // Date: 2019-02-21 // Exploit Author: Marcelo Vázquez aka...
Memu Play 6.0.7 - Privilege Escalation
Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7 Tested on: Windows 10 / Windows 7...
ScreenStream 3.0.15 - Denial of Service
!/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar ScreenStream 3.0.15 Remote Denial of Service DoS Exploit Title: ScreenStream 3.0.15 Remote Denial of Service DoS Date: 2019-02-21 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: http://mobzapp.com/mirroring/index.html...
Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)
-- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link: https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudiox64lin-deb?format=raw Version:...
EI-Tube 3 - SQL Injection
Exploit Title: PHP EI-Tube Script - Sql Injection Date: 2019-02-21 Exploit Author: Meisam Monsef - [email protected] Vendor Homepage: https://codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912?srank=17 Version: 3 Tested on: ubuntu special thanks : Alireza Noorkazemi - A-H - Akhzari...
MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass
CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can be found here: https://www.youtube.com/watch?v=CxyOtsNVgFg A Tenable Research...
Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)
!/usr/bin/python Exploit Title: VirtualVCR-Max .0a Overflow PoC Google Dork: N/A Date: 21/02/2019 Exploit Author: Wade Guest Vendor Homepage: http://virtualvcr.sourceforge.net/ Software Link: https://sourceforge.net/projects/virtualvcr/ Version: Max Version .0a Tested on: Win XP SP3 CVE : N/A...
Belkin Wemo UPnP - Remote Code Execution (Metasploit)
V This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...
WinRAR 5.61 - '.lng' Denial of Service
Exploit Title: WinRAR 5.61 - Denial of Service Author: Kağan Çapar Discovery Date: 2019-02-20 Software Link: https://win-rar.com/predownload.html?spV=true&subD=true&f=wrar561tr.exe Vendor Homepage : https://www.win-rar.com Tested Version: 5.61 32 Bit Tested on OS: Windows 10 Education 64 Bit Step...
Android Kernel < 4.8 - ptrace seccomp Filter Bypass
/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...
FaceTime - Texture Processing Memory Corruption
There is a memory corruption issue that occurs when processing a malformed RTP video stream in FaceTime. It appears to be related to processing textures. thread 7, stop reason = EXCBADACCESS code=EXCI386GPFLT frame 0: 0x00007fff56baaa92 CoreVideoCVMetalTextureBacking::releaseBackingUsage + 20 fra...
HotelDruid 2.3 - Cross-Site Scripting
=========================================================================================== Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection CVE: CVE-2019-8937 Date: 18-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/hoteldruid/ Software Link:...
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate tool that comes with MatrixSSL. $ gdb -q --args...
FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)
Exploit Title: FTPShell Server 6.83 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-20 Vendor Homepage: http://www.ftpshell.com/index.htm Software Link: http://www.ftpshell.com/downloadserver.htm Tested Version: 6.83 Tested on: Windows 7 x64 Service Pack 1 Steps to...
Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting
Exploit Title: Zuz Music 2.1 - 'zuzconsole/contact ' Persistent Cross-site Scripting Google Dork: N/A Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://zuz.host/ Software Link:...
Listing Hub CMS 1.0 - 'pages.php id' SQL Injection
Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Google Dork: inurl:"pages.php?title=privacy-policy" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/ Software Link:...
Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)
In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by Grape. However, the next problem is how to execute code? By diving into Grape implementation on...
eDirectory - SQL Injection
Exploit Title: Admin auth bypass, SQLi and File Disclosure Google Dork: no defacers please ! Date: March 2019 reported to vendor without response :D Exploit Author: Efren Diaz Author contact: https://twitter.com/elefr3n Vendor Homepage: https://www.edirectory.com/ Software Link: not available...
Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection
Exploit Title: Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 19, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...
Valentina Studio 9.0.4 - 'Host' Denial of Service (PoC)
Exploit Title: Valentina Studio 9.0.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-19 Vendor Homepage: https://valentina-db.com/en/ Software Link: https://valentina-db.com/en/developer/database/download-valentina-database-adk Tested Version: 9.0.4 Tested on:...
BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC)
Exploit Title: BulletProof FTP Server 2019.0.0.50 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-19 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 7...
NetSetMan 4.7.1 - 'Workgroup' Denial of Service (PoC)
Exploit Title: NetSetMan 4.7.1 'Workgroup' - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-17 Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1 Tested on: Windows 10 Single Language x64 / Windows...
Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection
Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data2.php cate' SQL Injection Google Dork: inurl:"assets/external/data.php" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/...
Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting
!-- Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Date: 31-01-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.manageengine.com/products/netflow/?doc Software Link: https://www.ma...