47884 matches found
River Past Video Cleaner 7.6.3 - Local Buffer Overflow (SEH)
Exploit Title: River Past Video Cleaner Buffer Overflow SEH Date: 9-2-2019 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Software Link: https://river-past-video-cleaner.softonic.com/ Version: 7.6.3 Tested on: Windows 10 Pro x64 SPANISH Category: Windows Local Exploit How to...
Indusoft Web Studio 8.1 SP2 - Remote Code Execution
Exploit Title: Indusoft Web Studio Unauthenticated RCE Date: 02/04/2019 Exploit Author: Jacob Baines Vendor Homepage: http://www.indusoft.com/ Software http://www.indusoft.com/Products-Downloads/Download-Library Version: 8.1 SP2 and below Tested on: Windows 7 running the Web Studio 8.1 SP2 demo a...
River Past Cam Do 3.7.6 - Local Buffer Overflow (SEH)
Exploit Title: River Past CamDo SEH Local Exploit Date: 07.02.2019 Vendor Homepage:www.riverpast.com Software Link: https://en.softonic.com/download/river-past-cam-do/windows/post-download?sl=1 Exploit Author: Achilles Tested Version: 3.7.6 Tested on: Windows XP SP3 EN 1.- Run python code :...
Smoothwall Express 3.1-SP4 - Cross-Site Scripting
Exploit Title: Smoothwall Express 3.1-SP4-polar-x8664-update9 | Cross-Site Scripting Date: 06.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://www.smoothwall.org Software Link: https://sourceforge.net/projects/smoothwall/files/SmoothWall/3.1%20SP4/Express-3.1-SP4-x8664.iso/download...
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
!/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: IP-Tools 2.5 - Local Buffer OverflowEggHunter Date: 2019-02-06 Author: Juan Prescotto Tested Against: Win7 Pro SP1 64 bit Software...
CentOS Web Panel 0.9.8.763 - Persistent Cross-Site Scripting
Exploit Title: CentOS Web Panel 0.9.8.763 - Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 10 - January - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software Link: http://centos-webpanel.com Version: v0.9.8.763 Tested on: CentOS 7 CVE : CVE-2019-7646...
VA MAX 8.3.4 - (Authenticated) Remote Code Execution
root@nippur:/home/c/src/nippur cat vamax3.py !/usr/bin/env python quick poc for postauth rce bug in va max 8.3.4 more: https://code610.blogspot.com 10.02.2019 p.s. listening on any 4444 ... 192.168.1.126: inverse host lookup failed: Unknown host connect to 192.168.1.160 from UNKNOWN 192.168.1.126...
Adobe Flash Player - DeleteRangeTimelineOperation Type Confusion (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion', 'Description' = %q This module exploits a type confusion on Adobe Flash Player,...
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
Exploit Title: Coship Wireless Router – Wireless SSID Unauthenticated Password Reset Date: 07.02.2019 Exploit Author: Adithyan AK Vendor Homepage: http://en.coship.com/ Category: Hardware WiFi Router Affected Versions : Coship RT3052 - 4.0.0.48, Coship RT3050 - 4.0.0.40, Coship WM3300 - 5.0.0.54,...
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with an affine transform and used as a clipping region for drawing...
osCommerce 2.3.4.1 - 'reviews_id' SQL Injection
Exploit Title: osCommerce 2.3.4.1 - 'reviewsid' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webapps Tested on: Wampp @Win CVE: N/A Software...
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
Exploit Title: RiverPastAudioConverter - Buffer Overflow SEH Date: 06.02.2019 Vendor Homepage: www.riverpast.com Software Link: https://en.softonic.com/download/river-past-audio-converter/windows/post-download?sl=3D1 Exploit Author: Matteo Malvica Tested Version: 7.7.16 Tested on: Windows 10 -...
osCommerce 2.3.4.1 - 'currency' SQL Injection
Exploit Title: osCommerce 2.3.4.1 - 'currency' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webapps Tested on: Wampp @Win CVE: N/A Software...
osCommerce 2.3.4.1 - 'products_id' SQL Injection
Exploit Title: osCommerce 2.3.4.1 - 'productsid' SQL Vulnerabilities Dork: N/A Date: 05-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.oscommerce.com Software Link: https://www.oscommerce.com/Products Version: 2.3.4.1 Category: Webapps Tested on: Wampp @Win CVE: N/A Software...
Zyxel VMG3312-B10B DSL-491HNU-B1B v2 Modem - Cross-Site Request Forgery
Exploit Title: Zyxel VMG3312-B10B DSL-491HNU-B1B v2 modem CSRF Exploit Version: Zyxel VMG3312-B10B Tested on : Parrot Os Author: Yusuf Furkan Twitter: h1yusuf CVE: CVE-2019-7391 model name: DSL-491HNU-B1B v2 history.pushState'', '', '/'...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
BEWARD N100 H.264 VGA IP Camera M2.1.6 Root Remote Code Execution Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks...
devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery
devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative f...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Cross-Site Request Forgery (Add Admin)
BEWARD N100 H.264 VGA IP Camera M2.1.6 CSRF Add Admin Exploit Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks,...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure
BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for...
devolo dLAN 550 duo+ Starter Kit - Remote Code Execution
devolo dLAN 550 duo+ Starter Kit Remote Code Execution Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter which is a cost-effective and helpful networking alternative for an...
River Past Audio Converter 7.7.16 - Denial of Service (PoC)
Exploit Title: RiverPastAudioConverterDoS Date: 05.02.2019 Vendor Homepage:www.riverpast.com Software Link :https://en.softonic.com/download/river-past-audio-converter/windows/post-download?sl=3D1 Exploit Author: Achilles Tested Version: 7.7.16 Tested on: Windows XP SP3 Vulnerability Type: Denial...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a more efficient compression format is optimized for low-speed networks,...
Device Monitoring Studio 8.10.00.8925 - Denial of Service (PoC)
Exploit Title: Device Monitoring Studio 8.10.00.8925 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-02-04 Tested Version: 8.10.00.8925 Tested on: Windows 7 Service Pack 1 x64 Steps to produce the crash: 1.- Run python code: DeviceMonitoringStudio8.10.00.8925.py 2.- Op...
OpenMRS Platform < 2.24.0 - Insecure Object Deserialization
Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N JAVA 8 ENVIRONMENT By injecting an XML payload ...
pfSense 2.4.4-p1 - Cross-Site Scripting
Exploit Title: pfSense 2.4.4-p1 | Cross-Site Scripting Date: 28.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.pfsense.org Software Link: https://frafiles.pfsense.org/mirror/downloads/pfSense-CE-2.4.4-RELEASE-p1-amd64.iso.gz Version: 2.4.4-p1 Introduction pfSense® software is a...
Nessus 8.2.1 - Cross-Site Scripting
Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting Date: 29.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.tenable.com Software Link: https://www.tenable.com/downloads/nessus Version: 8.2.1 Introduction Nessus is 1 For Vulnerability Assessment From the beginning, we've...
ResourceSpace 8.6 - 'watched_searches.php' SQL Injection
Exploit Title: ResourceSpace =8.6 'watchedsearches.php' SQL Injection Dork: intext:"Powered by ResourceSpace" Date: 2019-02-01 Exploit Author: dd [email protected] Vendor Homepage: https://www.resourcespace.com/ Software Link: https://www.resourcespace.com/get Version: Stable release: 8.6 Mino...
SuiteCRM 7.10.7 - 'record' SQL Injection
Exploit Title: SuiteCRM 7.10.7 - 'record' SQL Vulnerabilities Dork: N/A Date: 03-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://suitecrm.com/ Software Link: https://suitecrm.com/download/ Version: 7.10.7 Category: Webapps Tested on: Wampp @Win CVE: N/A Software Description:...
River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)
Exploit Title: River Past Ringtone Converter v2.7.6.1601 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.riverpast.com/ Software Link : http://www.riverpast.com/ Tested Version: v2.7.6.1601 Tested on: Windows XP SP3 Vulnerability Type:...
TaskInfo 8.2.0.280 - Denial of Service (PoC)
Exploit Title: TaskInfo v8.2.0.280 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.iarsn.com/ Software Link : http://www.iarsn.com/ Tested Version: v8.2.0.280 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS Local Buff...
SuiteCRM 7.10.7 - 'parentTab' SQL Injection
Exploit Title: SuiteCRM 7.10.7 - 'parentTab' SQL Vulnerabilities Dork: N/A Date: 03-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://suitecrm.com/ Software Link: https://suitecrm.com/download/ Version: 7.10.7 Category: Webapps Tested on: Wampp @Win CVE: N/A Software Description:...
MyVideoConverter Pro 3.14 - Denial of Service
Exploit Title: MyVideoConverter Pro 3.14 Denial of Service Date: 03.02.2019 Vendor Homepage: http://www.ivideogo.com/ Software Link : http://www.ivideogo.com/ Exploit Author: Achilles Tested Version: 3.14 Tested on: Windows 7 x64 Vulnerability Type: Denial of Service DoS Local Buffer Overflow Ste...
SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC)
Exploit Title: SpotAuditor v3.6.7 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.nsauditor.com/order.html Software Link : http://www.nsauditor.com/order.html Tested Version: v3.6.7 Tested on: Windows XP SP3 Vulnerability Type: Denial of...
SureMDM < 2018-11 Patch - Local / Remote File Inclusion
Exploit Title: SureMDM LFI/RFI Prior to 2018-11 Patch Google Dork: inurl:/api/DownloadUrlResponse.ashx Date: 2019-02-01 Exploit Author: Digital Interruption Vendor Homepage: https://www.42gears.com/ Software Link: https://www.42gears.com/products/suremdm-home/ Version: Versions prior to the...
PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit
Exploit Title: PassFab Excel Password Recovery SEH Local Exploit Date: 31.01.19 Vendor Homepage:https://www.passfab.com/products/excel-password-recovery.html Software Link: https://www.passfab.com/downloads/passfab-excel-password-recovery.exe Exploit Author: Achilles Tested Version: 8.3.1 Tested...
Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite)
Exploit Title: Remote Process Explorer v1.0.0.16 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://lizardsystems.com/action.php?action=home&product=rpexplorer&version=1.0.0.16 Software Link :...
Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC)
Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-30 Vendor Homepage: https://www.ks-soft.net Software Link : https://www.ks-soft.net/download/hm1190.exe Tested Version: 11.90 Beta Vulnerability Type:...
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
/ vmmapcopyininternal in vmmap.c converts a region of a vmmap into "copied in" form, constructing a vmmapcopy structure representing the copied memory which can then be mapped into another vmmap or the same one. The function contains a while loop which walks through each of the vmmapentry...
FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)
Exploit Title: FlexHEX v2.46 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2018-12-20 Vendor Homepage: http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 Software Link : http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 Tested Version:...
UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title: UltraISO 9.7.1.3519 - Local Buffer Overflow SEH Date: 30/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.ultraiso.com/ Version: 9.7.1.3519 Software Link: https://www.ultraiso.com/download.html Contact: [email protected]...
macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
/ Inspired by Ned Williamsons's fuzzer I took a look at the netkey code. keygetsastat handles SADBGETSASTAT messages: It allocates a buffer based on the number of SAs there currently are: bufsize = ipsecsavcount + 1 sizeofsastatssav; KMALLOCWAITsastatssav, typeofsastatssav, bufsize; It the...
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
/ It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and backboardd on iOS. You can talk to it from the app sandbox on iOS. It uses an IOMIGMachPortCache to translate between...
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
/ xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the message body is large, then it's sent as a MACHMSGOOLDESCRIPTOR. Also if the message contains other port resources eg memory entry ports th...
LanHelper 1.74 - Denial of Service (PoC)
Exploit Title: LanHelper v1.74 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-31 Vendor Homepage: http://www.hainsoft.com/ Software Link : http://www.hainsoft.com/ Tested Version: 1.74 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS Local Buffer...
ASPRunner Professional 6.0.766 - Denial of Service (PoC)
Exploit Title: ASPRunner Professional v6.0.766 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.xlinesoft.com/asprunnerpro Software Link : http://www.xlinesoft.com/asprunnerpro Tested Version: v6.0.766 Tested on: Windows XP SP3...
R 3.5.0 - Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title: R i386 3.5.0 - Local Buffer Overflow SEH Date: 30/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.r-project.org/ Version: 3.5.0 Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe Contact:...
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
/ XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might ...
Anyburn 4.3 - 'Convert image to file format' Denial of Service
!/usr/bin/python Exploit Title: AnyBurn x86 - Denial of Service DoS Date: 30-01-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.anyburn.com/ Version: 4.3 32-bit Software Link : http://www.anyburn.com/anyburnsetup.exe Contact: [email protected] Twitter:...
AMAC Address Change 5.4 - Denial of Service (PoC)
Exploit Title: a-Mac Address Change v5.4 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://amac.paqtool.com/ Software Link : http://amac.paqtool.com/ Tested Version: 5.4 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS Local...
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
/ macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the code of the latter function: extern "C" bool IOPMCopySleepWakeUUIDKeychar buffer, sizet...