47884 matches found
MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module
--coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link: https://www.misp-project.org/download/ Version: 2.4.90 - 2.4.99 Tested on: 2.4.97 CVE: CVE-2018-19908...
qdPM 9.1 - 'type' Cross-Site Scripting
=========================================================================================== Exploit Title: qdPM 9.1 - 'type' XSS Injection CVE: CVE-2019-8391. Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...
Linux - 'kvm_ioctl_create_device()' NULL Pointer Dereference
kvmioctlcreatedevice contains the following code: dev = kzallocsizeofdev, GFPKERNEL; if !dev return -ENOMEM; dev-ops = ops; dev-kvm = kvm; mutexlock&kvm-lock; ret = ops-createdev, cd-type; if ret lock; kfreedev; return ret; listadd&dev-vmnode, &kvm-devices; mutexunlock&kvm-lock; if ops-init...
qdPM 9.1 - 'search_by_extrafields[]' SQL Injection
=========================================================================================== Exploit Title: qdPM 9.1 - 'searchbyextrafields' SQL Injection Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...
VSCO 1.1.1.0 - Denial of Service (PoC)
Exploit Title: VSCO 1.1.1.0 - Denial of Service PoC Date: 2/14/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NC1RLNH76PB Version: 1.1.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new file...
AirMore 1.6.1 - Denial of Service (PoC)
!/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar AirMore 1.6.1 Remote Denial of Service DoS & System Freeze Exploit Title: AirMore 1.6.1 Remote Denial of Service DoS & System Freeze Date: 2019-02-14 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: https://airmore.com...
MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / Cross-Site Request Forgery
Exploit Title: MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / CSRF Date: 7/17/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=957 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2018-14575 1. Description: Creates a...
UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload
Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage: https://github.com/UniSharp/laravel-filemanager Software Link:...
Jinja2 2.10 - 'from_string' Server Side Template Injection
''' Exploit Title: Jinja2 Command injection fromstring function Date: date Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: http://jinja.pocoo.org Software Link: https://pypi.org/project/Jinja2/files Version: 2.10 Tested on: Kali Linux CVE-2019-8341 // fromstring function is prone ...
Navicat for Oracle 12.1.15 - "Password" Denial of Service (PoC)
Exploit Title: Navicat for Oracle 12.1.15 - "Password" Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-02-14 Vendor Homepage: https://www.navicat.com/es/ Software Link: https://www.navicat.com/es/download/navicat-for-oracle Tested Version: 12.1.15 Tested on: Windows 10...
Free IP Switcher 3.1 - 'Computer Name' Denial of Service (PoC)
Exploit Title: Free IP Switcher 3.1 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-14 Vendor Homepage: http://www.eusing.com/index.html Software Link: http://www.eusing.com/ipscan/freeipscanner.htm Tested Version: 3.1 Tested on: Windows 10 Single Language x64 /...
MediaMonkey 4.1.23 - '.mp3' URL Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: MediaMonkey 4.1.23 - URL Denial of Service PoC Date: 13/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.mediamonkey.com/ Software Link: https://www.mediamonkey.com/sw/MediaMonkey4.1.23.1881.exe Version: 4.1.23.1881 Tested on: Windows 10 Proof of...
LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)
Exploit Title: LayerBB 1.1.2 - Cross-Site Request Forgery Date: 10/4/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com Version: 1.1.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-17996 1. Description: LayerBB is a free open-source forum software, the CSRF...
WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection
Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link: https://wordpress.org/plugins/booking/ Version: Tested on version 8.4.3 older versions may also be...
DomainMOD 4.11.01 - 'assets/add/dns.php' Cross-Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Kareem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19914 A Stored Cross-site...
DomainMOD 4.11.01 - 'category.php CatagoryName, StakeHolder' Cross-Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-20011 A Stored Cross-site...
Core FTP/SFTP Server 1.2 Build 589.42 - 'User domain' Denial of Service (PoC)
Exploit Title: Core FTP/SFTP Server 1.2 - Build 589.42 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-02-13 Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/server/download/archive/CoreFTPServer589.42.exe Tested Version: v2-Build 673 Test...
DomainMOD 4.11.01 - 'ssl-provider-name' Cross-Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-20009 A Stored Cross-site...
exacqVision ESM 5.12.2 - Privilege Escalation
Exploit Title: exacqVision ESM 5.12.2 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2019-02-13 Vulnerable Software: http://cdnpublic.exacq.com/5.12/exacqVisionEnterpriseSystemManager5.12.2.150128x86.exe Vendor Homepage: https://www.exacq.com Version: 5.12.2.150128 Tested Window...
ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)
!/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar ApowerManager Remote Denial of Service DoS / Application Crash Exploit Title: ApowerManager - Phone Manager Remote Denial of Service DoS / Application Crash Date: 2019-02-14 Exploit Author: Marcelo Vázquez aka s4vitar Vendor...
DomainMOD 4.11.01 - 'ssl-accounts.php username' Cross-Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-20010 A Stored Cross-site...
DomainMOD 4.11.01 - 'assets/edit/host.php?whid=5' Cross-Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Kareem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19915 A Stored Cross-site...
NetworkSleuth 3.0 - 'Name' Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: NetworkSleuth 3.0 - Denial of Service PoC Date: 12/02/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nsauditor.com/downloads/networksleuthsetup.exe Version: 3.0.0.0 Tested on: Windows 10 Proof of Concept: 1.-...
Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting
Exploit Title : Rukovoditel Project Management CRM 2.4.1 - XSS Vulnerability DOM BASED Author Discovered By : Mehmet EMIROGLU Date : 29/01/2019 Vendor Homepage : https://www.rukovoditel.net/ Software Link : https://sourceforge.net/projects/rukovoditel/ Affected Versions : 2.4.1 Tested On : Wampp,...
PilusCart 1.4.1 - 'send' SQL Injection
Exploit Title: PilusCart 1.4.1 - 'send' SQL Vulnerability Dork: N/A Date: 10-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/pilus/ Software Link: https://sourceforge.net/projects/pilus/ Version: 1.4.1 Category: Webapps Tested on: Wampp @Win CVE: N/A...
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (2)
CVE-2019-5736 This is exploit code for CVE-2019-5736 and it works for both runc and LXC. The simplest way to use it is to copy the exploit code into an existing container, and run make.sh. However, you could just as easily create a bad image and run that. console % docker run --rm --name pwnme -d...
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Admin Token Disclosure)
Exploit Title: Jiofi 4 JMR 1140 CSRF To Leak Admin Tokens to change wifi Password or Factory Reset Router Date: 12.02.2019 Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574...
Apple macOS 10.13.5 - Local Privilege Escalation
import import import import import import import "offsets.h" //utils define ENFORCEa, label \ do \ if builtinexpect!a, 0 \ \ timedlog"! %s is false l.%d\n", a, LINE; \ goto label; \ \ while 0 // from https://stackoverflow.com/questions/4415524/common-array-length-macro-for-c define COUNTOFx...
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (2)
!/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available...
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Cross-Site Request Forgery (Password Disclosure)
Exploit Title: Jiofi 4 JMR 1140 CSRF To View Wi-fi Password Date: 12.02.2019 Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574 Category: Hardware Wifi Router Version: JMR-11...
snapd < 2.37 (Ubuntu) - 'dirty_sock' Local Privilege Escalation (1)
!/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available...
Jiofi 4 (JMR 1140 Amtel_JMR1140_R12.07) - Reflected Cross-Site Scripting
Exploit Title: Jiofi 4 JMR 1140 Reflected Cross Site Scripting Date: 12.02.2019 Exploit Author: Ronnie T Baby Contact:https://www.linkedin.com/in/ronnietbaby Vendor Homepage: www.jio.com Hardware Link: https://www.jio.com/shop/en-in/jmr-1140/p/491193574 Category: Hardware Wifi Router Version:...
Skyworth GPON HomeGateways and Optical Network Terminals - Stack Overflow
''' ======================================================== Unauthenticated Stack Overflow in Multiple Gpon Devices ======================================================== . contents:: Table Of Content Overview ======== Title:- StackOverflow in Multiple Skyworth GPON HomeGateways and Optical...
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins users who has JOB creation and BUILD privileges. The...
OPNsense < 19.1.1 - Cross-Site Scripting
Exploit Title: OPNsense 19.1 | Cross-Site Scripting Date: 01.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://opnsense.org Software Link: http://mirror.ams1.nl.leaseweb.net/opnsense/releases/19.1/OPNsense-19.1-OpenSSL-dvd-amd64.iso.bz2 Version: 19.1 Introduction OPNsense is an open...
runc < 1.0-rc6 (Docker < 18.09.2) - Container Breakout (1)
Usage Edit HOST inside payload.c, compile with make. Start nc and run pwn.sh inside the container. Notes - This exploit is destructive: it'll overwrite /usr/bin/docker-runc binary on the host with the payload. It'll also overwrite /bin/sh inside the container. - Tested only on Debian 9. - No...
Android - binder Use-After-Free of VMA via race Between reclaim and munmap
The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. There is a race condition between the direct reclaim path enters binder through the...
Ubuntu snapd < 2.37.1 - Local Privilege Escalation
dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository contains the original exploit POC, which is being made available for research and educatio...
LayerBB 1.1.2 - Cross-Site Scripting
Exploit Title: LayerBB 1.1.2 - Cross-Site Scripting Date: 11/19/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=28 Version: 1.1.2 Tested on: Ubuntu 18.04 CVE: CVE-2019-7688 1. Description: LayerBB is a free open-source...
Android - binder Use-After-Free via fdget() Optimization
This bug report describes two different issues in different branches of the binder kernel code. The first issue is in the upstream Linux kernel, commit 7f3dc0088b98 "binder: fix proc-files use-after-free"; the second issue is in the wahoo kernel and maybe elsewhere? but at least the android commo...
BlogEngine.NET 3.3.6 - Directory Traversal / Remote Code Execution
Exploit Title: BlogEngine.NET = 3.3.6 Directory Traversal RCE Date: 02-11-2019 Exploit Author: Dustin Cobb Vendor Homepage: https://github.com/rxtur/BlogEngine.NET/ Software Link: https://github.com/rxtur/BlogEngine.NET/releases/download/v3.3.6.0/3360.zip Version: = 3.3.6 Tested on: Windows 2016...
Webiness Inventory 2.3 - 'email' SQL Injection
=========================================================================================== Exploit Title: Webiness Inventory 2.3 - 'email' SQL Vulnerability Dork: N/A Date: 10-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/webinessinventory/files/...
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure
Exploit Title: Avast Anti-Virus Local Credentials Disclosure 19.1.2360 Date: 01/18/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Version: before 19.1.2360 build 19.1.4142.0 Tested on: Windows 10 x64 CVE: CVE-2018-12572 Based on LiquidWorm's and Yakir Wizman's proof of concepts...
MyBB Bans List 1.0 - Cross-Site Scripting
Exploit Title: MyBB Bans List - Cross Site Scripting Date: 7/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=423 Version: 1.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-14724 1. Description: Adds bans.php page, showing a li...
IPFire 2.21 - Cross-Site Scripting
Exploit Title: IPFire 2.21 - Core Update 127 | Cross-Site Scripting Date: 08.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.ipfire.org Software Link: https://downloads.ipfire.org/releases/ipfire-2.x/2.21-core127/ipfire-2.21.x8664-full-core127.iso Version: IPFire 2.21 - Core Updat...
FutureDj Pro 1.7.2.0 - Denial of Service
Exploit Title: FutureDj Pro Local Dos Exploit Date: 07.02.2019 Vendor Homepage: https://www.xylio.com Software Link: https://www.xylio.com/future-dj-pro-a-new-level-of-mixing-perfection/ Exploit Author: Achilles Tested Version: 1.7.2.0 32bit Tested on: Windows 7 SP1 Ultimate 1.- Run python code :...
NUUO NVRmini - upgrade_handle.php Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'NUUO NVRmini upgradehandle.php Remote Command Execution', 'Description' = %q This exploits a vulnerability in the web application of NUUO NVRmini...
NordVPN 6.19.6 - Denial of Service (PoC)
-- coding: utf-8 -- Exploit Title: NordVPN 6.19.6 - Denial of Service PoC Date: 07/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://nordvpn.com/ Software Link: https://downloads.nordcdn.com/apps/windows/10/NordVPN/latest/NordVPNSetup.exe Version: 6.19.6 Tested on: Windows 10 Proof of...
Evince - CBT File Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/zip' class MetasploitModule 'Evince CBT File Command Injection', 'Description' = %q This module exploits a command injection vulnerability in Evince before...
AirDroid 4.2.1.6 - Denial of Service
!/bin/bash Author: Marcelo Vázquez aka s4vitar AirDroid Denial of Service DoS & System Crash + Forced Reboot Exploit Title: AirDroid Remote Denial of Service DoS & System Crash + Forced Reboot Date: 2019-02-13 Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendo...