WebKit JSC - reifyStaticProperty Needs to set the PropertyAttribute::CustomAccessor flag for CustomGetterSetter

/ https://github.com/WebKit/webkit/blob/3fff8c40c665a09de5e3ede46fc35908f69353c3/Source/JavaScriptCore/runtime/Lookup.hL392 if value.attributes & PropertyAttribute::PropertyCallback JSValue result = value.lazyPropertyCallbackvm, &thisObj; thisObj.putDirectvm, propertyName, result,...

Micro Focus Filr 3.4.0.217 - Path Traversal / Local Privilege Escalation

SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Micro Focus Filr Multiple Vulnerabilities 1. Advisory Information Title: Micro Focus Filr Multiple Vulnerabilities Advisory ID: SAUTH-2019-0001 Advisory URL:...

Quest NetVault Backup Server < 11.4.5 - Process Manager Service SQL Injection / Remote Code Execution

Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding the bug Version: Quest NetVault Backup Server 11.4.5 CVE : CVE-2017-17417 There is a decent...

Nuuo Central Management - (Authenticated) SQL Server SQL Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nuuo Central Management Authenticated SQL Server SQLi', 'Description' = %q The Nuuo Central Management Server allows an authenticated user to que...

RealTerm Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow (SEH)

Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Buffer Overflow - SEH Date: 21.02.2019 Exploit Author: Matteo Malvica Vendor Homepage: https://realterm.sourceforge.io/ Software Link: https://sourceforge.net/projects/realterm/files/ Version: 2.0.0.70 Category: Local Contact:...

Virtual VCR Max .0a - '.vcr' Buffer Overflow (PoC)

!/usr/bin/python Exploit Title: VirtualVCR-Max .0a Overflow PoC Google Dork: N/A Date: 21/02/2019 Exploit Author: Wade Guest Vendor Homepage: http://virtualvcr.sourceforge.net/ Software Link: https://sourceforge.net/projects/virtualvcr/ Version: Max Version .0a Tested on: Win XP SP3 CVE : N/A...

Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow (PoC)

-- coding: utf-8 -- Exploit Title: Valentina Studio 9.0.5 Linux - 'Host' Buffer Overflow PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://valentina-db.com/en/ Software Link: https://www.valentina-db.com/en/all-downloads/vstudio/current/vstudiox64lin-deb?format=raw Version:...

Memu Play 6.0.7 - Privilege Escalation

Exploit Title: Memu Play 6.0.7 - Privilege Escalation PoC Date: 20/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.memuplay.com/ Software Link: https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Version: 6.0.7 Tested on: Windows 10 / Windows 7...

C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection

Exploit Title: C4G Basic Laboratory Information System BLIS 3.4 - Multiples SQL Injection Date: 01/31/2019 Software Links/Project: https://github.com/C4G/BLIS | http://blis.cc.gatech.edu/index.php Version: C4G Basic Laboratory Information System v3.4 Exploit Author: Carlos Avila Category: webapps...

AirDrop 2.0 - Denial of Service (DoS)

include include include include include include include include include include include // // Author: Marcelo Vázquez aka s4vitar // AirDrop 2.0 Remote Denial of Service DoS // // Exploit Title: AirDrop 2.0 Remote Denial of Service DoS // Date: 2019-02-21 // Exploit Author: Marcelo Vázquez aka...

ScreenStream 3.0.15 - Denial of Service

!/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar ScreenStream 3.0.15 Remote Denial of Service DoS Exploit Title: ScreenStream 3.0.15 Remote Denial of Service DoS Date: 2019-02-21 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: http://mobzapp.com/mirroring/index.html...

EI-Tube 3 - SQL Injection

Exploit Title: PHP EI-Tube Script - Sql Injection Date: 2019-02-21 Exploit Author: Meisam Monsef - [email protected] Vendor Homepage: https://codecanyon.net/item/eitube-youtube-api-v3-site-builder/22722912?srank=17 Version: 3 Tested on: ubuntu special thanks : Alireza Noorkazemi - A-H - Akhzari...

MikroTik RouterOS < 6.43.12 (stable) / < 6.42.12 (long-term) - Firewall and NAT Bypass

CVE-2019-3924 A remote, unauthenticated attacker can proxy traffic through RouterOS via probes sent to the agent binary. This PoC demonstrates how to exploit a LAN host from the WAN. A video demonstrating the attack can be found here: https://www.youtube.com/watch?v=CxyOtsNVgFg A Tenable Research...

FTPShell Server 6.83 - 'Account name to ban' Denial of Service (PoC)

Exploit Title: FTPShell Server 6.83 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-20 Vendor Homepage: http://www.ftpshell.com/index.htm Software Link: http://www.ftpshell.com/downloadserver.htm Tested Version: 6.83 Tested on: Windows 7 x64 Service Pack 1 Steps to...

HotelDruid 2.3 - Cross-Site Scripting

=========================================================================================== Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection CVE: CVE-2019-8937 Date: 18-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/hoteldruid/ Software Link:...

MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates

I happened to notice that a public X.509 certificate testcase for CVE-2014-1569 caused a stack buffer overflow in MatrixSSL. I cleaned up the testcase a bit, to make a better demonstration. You can test it with the certValidate tool that comes with MatrixSSL. $ gdb -q --args...

Android Kernel < 4.8 - ptrace seccomp Filter Bypass

/ The seccomp.2 manpage http://man7.org/linux/man-pages/man2/seccomp.2.html documents: Before kernel 4.8, the seccomp check will not be run again after the tracer is notified. This means that, on older ker‐ nels, seccomp-based sandboxes must not allow use of ptrace2—even of other sandboxed...

FaceTime - Texture Processing Memory Corruption

There is a memory corruption issue that occurs when processing a malformed RTP video stream in FaceTime. It appears to be related to processing textures. thread 7, stop reason = EXCBADACCESS code=EXCI386GPFLT frame 0: 0x00007fff56baaa92 CoreVideoCVMetalTextureBacking::releaseBackingUsage + 20 fra...

Belkin Wemo UPnP - Remote Code Execution (Metasploit)

V This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Belkin Wemo UPnP Remote Code Execution', 'Description' = %q This module exploits a command injection in the Belkin Wemo UPnP API via the...

WinRAR 5.61 - '.lng' Denial of Service

Exploit Title: WinRAR 5.61 - Denial of Service Author: Kağan Çapar Discovery Date: 2019-02-20 Software Link: https://win-rar.com/predownload.html?spV=true&subD=true&f=wrar561tr.exe Vendor Homepage : https://www.win-rar.com Tested Version: 5.61 32 Bit Tested on OS: Windows 10 Education 64 Bit Step...

eDirectory - SQL Injection

Exploit Title: Admin auth bypass, SQLi and File Disclosure Google Dork: no defacers please ! Date: March 2019 reported to vendor without response :D Exploit Author: Efren Diaz Author contact: https://twitter.com/elefr3n Vendor Homepage: https://www.edirectory.com/ Software Link: not available...

BulletProof FTP Server 2019.0.0.50 - 'SMTP Server' Denial of Service (PoC)

Exploit Title: BulletProof FTP Server 2019.0.0.50 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-19 Vendor Homepage: http://bpftpserver.com/ Software Link: http://bpftpserver.com/products/bpftpserver/windows/download Tested Version: 2019.0.0.50 Tested on: Windows 7...

Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection

Exploit Title: Find a Place CMS Directory 1.5 - 'assets/external/data2.php cate' SQL Injection Google Dork: inurl:"assets/external/data.php" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/...

NetSetMan 4.7.1 - 'Workgroup' Denial of Service (PoC)

Exploit Title: NetSetMan 4.7.1 'Workgroup' - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-17 Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1 Tested on: Windows 10 Single Language x64 / Windows...

Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection

Exploit Title: Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 19, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...

Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)

In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by Grape. However, the next problem is how to execute code? By diving into Grape implementation on...

Valentina Studio 9.0.4 - 'Host' Denial of Service (PoC)

Exploit Title: Valentina Studio 9.0.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-19 Vendor Homepage: https://valentina-db.com/en/ Software Link: https://valentina-db.com/en/developer/database/download-valentina-database-adk Tested Version: 9.0.4 Tested on:...

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation

Exploit Title: MaxxAudio Drivers WavesSysSvc64.exe File Permissions SYSTEM Privilege Escalation Google Dork: Date: 2/18/2019 Exploit Author: Mike Siegel @mlsiegel Vendor Homepage: https://maxx.com Software Link: Version: 1.6.2.0 May affect other versions Tested on: Win 10 64 bit CVE :...

XAMPP 5.6.8 - SQL Injection / Persistent Cross-Site Scripting

!-- Exploit Title: Cross Site Scripting in XAMPP 5.6.8 and previous Date: 17-02-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/ Software Link: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/ Version: XAMP...

Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting

Exploit Title: Zuz Music 2.1 - 'zuzconsole/contact ' Persistent Cross-site Scripting Google Dork: N/A Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://zuz.host/ Software Link:...

Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2 - Path Traversal / Cross-Site Scripting

!-- Exploit Title: Cross Site Scripting in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 Administration zone Date: 31-01-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.manageengine.com/products/netflow/?doc Software Link: https://www.ma...

Listing Hub CMS 1.0 - 'pages.php id' SQL Injection

Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Google Dork: inurl:"pages.php?title=privacy-policy" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage: https://themerig.com/ Software Link:...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of OpenType fonts. It manifests itself in the form of the following crash with AFL's libdislocator: --- cut --- gdb$ c Continuing...

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting

Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.arangodb.com Software Link: https://www.arangodb.com/download-major/ Version: 3.4.2-1 Introduction ArangoDB is a native multi-model, open-source databa...

WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass / Unauthorized Order Status Spoofing

?php Exploit Title: WordPress WooCommerce - GloBee cryptocurrency Payment Gateway Plugin Payment Bypass / Unauthorized Order Status Spoofing Discovery Date: 14.12.2018 Public Disclosure Date: 14.02.2019 Exploit Author: GeekHack Contact: https://t.me/GeekHack Vendor Homepage: https://globee.com/...

Zoho ManageEngine ServiceDesk Plus (SDP) < 10.0 build 10012 - Arbitrary File Upload

Exploit Title: Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 - arbitrary file upload Date: 18-02-2019 Exploit Author: Dao Duy Hung [email protected] Vendor Homepage: https://www.manageengine.com/products/service-desk/ Software Link:...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- Iteration 0,0 Iteration 0,1 A fatal...

Master IP CAM 01 3.3.4.2103 - Remote Command Execution

Exploit Title: Master IP CAM 01 Remote Command Execution Date: 09-02-2019 Remote: Yes Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Master IP CAM Version: 3.3.4.2103 CVE: CVE-2019-8387 import sys import requests if lensys.argv " print "- Example: python...

Apache CouchDB 2.3.0 - Cross-Site Scripting

Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.0 Introduction A CouchDB server hosts named databases, which store documents. Each...

Comodo Dome Firewall 2.7.0 - Cross-Site Scripting

Exploit Title: Comodo Dome Firewall 2.7.0 | Cross-Site Scripting Date: 18.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://cdome.comodo.com/firewall/ Software Link: https://secure.comodo.com/home/purchase.php?pid=106&license=try&track=9278&af=9278 Version: 2.7.0 Introduction Comodo Dom...

CMSsite 1.0 - 'post' SQL Injection

Exploit Title: CMSsite 1.0 - 'post' SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 17, 2019 Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link : https://github.com/VictorAlagwu/CMSsite/archive/master.zip Tested Versio...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp . DisplaySfntFont...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions

A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself in the form of the following or similar crash: --- cut --- $ bin/java -cp . DisplaySfntFont...

M/Monit 3.7.2 - Privilege Escalation

!/usr/env/python3 """ Vulnerability title: M/Monit = 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONITURL = 'http://ip.add.re.ss:8080' MMONITUSER = 'monit' Default built in unprivileged us...

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module

--coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99 Tested on: 2.4.97 CVE: CVE-2018-19908...

NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)

-- coding: utf-8 -- Exploit Title: NBMonitor 1.6.5 - 'Key' Denial of Service PoC Date: 15/02/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Version: 1.6.5.0 Tested on: Windows 10 Proof of Concept: 1.-...

Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload

=========================================================================================== Exploit Title: Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Dork: N/A Date: 10-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

qdPM 9.1 - 'search[keywords]' Cross-Site Scripting

=========================================================================================== Exploit Title: qdPM 9.1 - 'searchkeywords' XSS Injection CVE: CVE-2019-8390 Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

mIRC < 7.55 - 'Custom URI Protocol Handlers' Remote Command Execution

Exploit Title: RCE on mIRC 7.55 using argument injection through custom URI protocol handlers Date: 18/02/2019 Exploit Author: https://twitter.com/proofofcalc/ Vendor Homepage: https://www.mirc.com Software Link: https://www.mirc.com/get.php Version: 7.55 Tested on: Windows CVE : CVE-2019-6453 RC...

qdPM 9.1 - 'type' Cross-Site Scripting

=========================================================================================== Exploit Title: qdPM 9.1 - 'type' XSS Injection CVE: CVE-2019-8391. Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...