47904 matches found
River Past Ringtone Converter 2.7.6.1601 - Denial of Service (PoC)
Exploit Title: River Past Ringtone Converter v2.7.6.1601 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.riverpast.com/ Software Link : http://www.riverpast.com/ Tested Version: v2.7.6.1601 Tested on: Windows XP SP3 Vulnerability Type:...
MyVideoConverter Pro 3.14 - Denial of Service
Exploit Title: MyVideoConverter Pro 3.14 Denial of Service Date: 03.02.2019 Vendor Homepage: http://www.ivideogo.com/ Software Link : http://www.ivideogo.com/ Exploit Author: Achilles Tested Version: 3.14 Tested on: Windows 7 x64 Vulnerability Type: Denial of Service DoS Local Buffer Overflow Ste...
SpotAuditor 3.6.7 - 'Base64 Encrypted Password' Denial of Service (PoC)
Exploit Title: SpotAuditor v3.6.7 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.nsauditor.com/order.html Software Link : http://www.nsauditor.com/order.html Tested Version: v3.6.7 Tested on: Windows XP SP3 Vulnerability Type: Denial of...
Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite)
Exploit Title: Remote Process Explorer v1.0.0.16 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://lizardsystems.com/action.php?action=home&product=rpexplorer&version=1.0.0.16 Software Link :...
PassFab Excel Password Recovery 8.3.1 - SEH Local Exploit
Exploit Title: PassFab Excel Password Recovery SEH Local Exploit Date: 31.01.19 Vendor Homepage:https://www.passfab.com/products/excel-password-recovery.html Software Link: https://www.passfab.com/downloads/passfab-excel-password-recovery.exe Exploit Author: Achilles Tested Version: 8.3.1 Tested...
SureMDM < 2018-11 Patch - Local / Remote File Inclusion
Exploit Title: SureMDM LFI/RFI Prior to 2018-11 Patch Google Dork: inurl:/api/DownloadUrlResponse.ashx Date: 2019-02-01 Exploit Author: Digital Interruption Vendor Homepage: https://www.42gears.com/ Software Link: https://www.42gears.com/products/suremdm-home/ Version: Versions prior to the...
ASPRunner Professional 6.0.766 - Denial of Service (PoC)
Exploit Title: ASPRunner Professional v6.0.766 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.xlinesoft.com/asprunnerpro Software Link : http://www.xlinesoft.com/asprunnerpro Tested Version: v6.0.766 Tested on: Windows XP SP3...
AMAC Address Change 5.4 - Denial of Service (PoC)
Exploit Title: a-Mac Address Change v5.4 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://amac.paqtool.com/ Software Link : http://amac.paqtool.com/ Tested Version: 5.4 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS Local...
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
/ XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against later modifications by the source process; otherwise, the source process might ...
macOS < 10.14.3 / iOS < 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
/ Inspired by Ned Williamsons's fuzzer I took a look at the netkey code. keygetsastat handles SADBGETSASTAT messages: It allocates a buffer based on the number of SAs there currently are: bufsize = ipsecsavcount + 1 sizeofsastatssav; KMALLOCWAITsastatssav, typeofsastatssav, bufsize; It the...
Anyburn 4.3 - 'Convert image to file format' Denial of Service
!/usr/bin/python Exploit Title: AnyBurn x86 - Denial of Service DoS Date: 30-01-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.anyburn.com/ Version: 4.3 32-bit Software Link : http://www.anyburn.com/anyburnsetup.exe Contact: [email protected] Twitter:...
Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service (PoC)
Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-30 Vendor Homepage: https://www.ks-soft.net Software Link : https://www.ks-soft.net/download/hm1190.exe Tested Version: 11.90 Beta Vulnerability Type:...
macOS < 10.14.3 / iOS < 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
/ xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the message body is large, then it's sent as a MACHMSGOOLDESCRIPTOR. Also if the message contains other port resources eg memory entry ports th...
macOS < 10.14.3 / iOS < 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
/ It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and backboardd on iOS. You can talk to it from the app sandbox on iOS. It uses an IOMIGMachPortCache to translate between...
macOS < 10.14.3 / iOS < 12.1.3 XNU - 'vm_map_copy' Optimization which Requires Atomicity isn't Atomic
/ vmmapcopyininternal in vmmap.c converts a region of a vmmap into "copied in" form, constructing a vmmapcopy structure representing the copied memory which can then be mapped into another vmmap or the same one. The function contains a while loop which walks through each of the vmmapentry...
UltraISO 9.7.1.3519 - 'Output FileName' Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title: UltraISO 9.7.1.3519 - Local Buffer Overflow SEH Date: 30/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.ultraiso.com/ Version: 9.7.1.3519 Software Link: https://www.ultraiso.com/download.html Contact: [email protected]...
FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)
Exploit Title: FlexHEX v2.46 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2018-12-20 Vendor Homepage: http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 Software Link : http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 Tested Version:...
LanHelper 1.74 - Denial of Service (PoC)
Exploit Title: LanHelper v1.74 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-31 Vendor Homepage: http://www.hainsoft.com/ Software Link : http://www.hainsoft.com/ Tested Version: 1.74 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS Local Buffer...
R 3.5.0 - Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title: R i386 3.5.0 - Local Buffer Overflow SEH Date: 30/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.r-project.org/ Version: 3.5.0 Software Link: https://cran.r-project.org/bin/windows/base/old/3.5.0/R-3.5.0-win.exe Contact:...
Advanced File Manager 3.4.1 - Denial of Service (PoC)
Exploit Title: Advanced File Manager v3.4.1 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.advexsoft.com Software Link : http://www.advexsoft.com Tested Version: 3.4.1 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS...
Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection
Exploit Title: Rukovoditel Project Management CRM 2.4.1 - 'listsid' SQL Injection Dork: N/A Date: 27-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/ Version: 2.4.1 Category: Webapps Tested on: Wampp...
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass)
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEHDEP Bypass Date: 01-29-19 Vulnerable Software: 10-Strike Network Inventory Explorer 8.54 Vendor Homepage: https://www.10-strike.com/ Version: 8.54 Software Link...
iOS/macOS 10.13.6 - 'if_ports_used_update_wakeuuid()' 16-byte Uninitialized Kernel Stack Disclosure
/ macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the code of the latter function: extern "C" bool IOPMCopySleepWakeUUIDKeychar buffer, sizet...
Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)
Exploit Title: Necrosoft DIG v0.4 - Denial of Service PoC SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2005-01-10 Vendor Homepage: http://www.nscan.org/?index=dns Software Link : http://www.nscan.org/?index=dns Tested Version: 0.4 Tested on: Windows XP SP3 Vulnerability...
IP-Tools 2.50 - Local Buffer Overflow (PoC)
Exploit Title: IP TOOLS v2.50 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2018-12-20 Vendor Homepage: https://www.ks-soft.net/ip-tools.eng/index.htm Software Link : https://www.ks-soft.net/ip-tools.eng/index.htm /...
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)
Exploit Title: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie Dork: N/A Date: 2019-01-28 Exploit Author: dd [email protected] Vendor Homepage: https://codecanyon.net/user/simcycreative Software Link:...
MiniUPnPd 2.1 - Out-of-Bounds Read
!/usr/bin/python3 miniupnpd 0: self.server.notify += line line = self.rfile.read1 except: pass self.wfile.writeb"HTTP/1.1 200 OK\r\n\r\n" def splash: print" miniupnpd '.formatargs.callbackip,args.callbackport,callbackuri, 'Timeout': 'Second-20' server = socketserver.TCPServerargs.callbackip,...
HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)
!/usr/bin/python Exploit Title: HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH Date: 27/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.html5videoplayer.net/download.html Software: http://www.html5videoplayer.net/html5videoplayer-setup.exe Contact:...
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
Exploit Title: WordPress Plugin ad manager wd v1.0.11 - Arbitrary File Download Google Dork: N/A Date: 25.01.2019 Vendor Homepage: https://web-dorado.com/products/wordpress-ad-manager-wd.html Software: https://wordpress.org/plugins/ad-manager-wd Version: 1.0.11 Tested on: Win7 x64, Exploit Author...
Newsbull Haber Script 1.0.0 - 'search' SQL Injection
Exploit Title: Newsbull Haber Script - SQL Injection Time Based Dork: N/A Date: 28-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://newsbull.org/ Software Link: https://github.com/gurkanuzunca/newsbull Version: 1.0.0 Category: Webapps Tested on: Wampp @Win CVE: N/A Vulnerabilities...
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
Exploit Title: AirTies Air5341 1.0.0.12 Modem CSRF Exploit & PoC Version: AirTies Modem Firmware 1.0.0.12 Tested on: Windows 10 x64 CVE : CVE-2019-6967 Author : Ali Can Gönüllü...
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
Exploit Title: Easy Video to iPod Converter - Local Buffer Overflow SEH Date: 2019-01-26 Exploit Author: Nawaf Alkeraithe Twitter: @Alkeraithe1 Vulnerable Software: Easy Video to iPod Converter 1.6.20 Vendor Homepage: http://www.divxtodvd.net/ Version: 1.6.20 Software Link:...
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Exploit Title: Care2x 2.7 HIS Hospital Information system - Multiples SQL Injection Date: 01/17/2019 Software Links/Project: https://github.com/care2x/care2x | http://www.care2x.org/ Version: Care2x 2.7 Exploit Author: Carlos Avila Category: webapps Tested on: Windows 8.1 / Ubuntu Linux Contact:...
BEWARD Intercom 2.3.1 - Credentials Disclosure
!/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For versions above 2.2.11: The application data directory, whic...
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
!/usr/bin/python Exploit Title: R 3.4.4 - Local Buffer Overflow Windows XP SP3 Date: 21/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://cloud.r-project.org/bin/windows/ Contact: [email protected] Twitter: @telspacesystems Version: 3.4.4 Tested on: Windows X...
Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting
Exploit Title: Cisco Firepower Management Center Cross-Site Scripting XSS Vulnerability Google Dork: N/A Date: 23-01-2019 Exploit Author: Bhushan B. Patil Advisory URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-frpwr-mc-xss Affected Version: 6.2.2.2 &...
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
Exploit Title: MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting Date: 1/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1213 Version: 1.0.2 Tested on: Ubuntu 18.04 CVE: CVE-2019-6979 1. Description: This plugin...
ResourceSpace 8.6 - 'collection_edit.php' SQL Injection
Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
Smart VPN 1.1.3.0 - Denial of Service (PoC)
Exploit Title: Smart VPN 1.1.3.0 - Denial of Service PoC Date: 1/28/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NH1G93D4HKR Version: 1.1.3.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new...
LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference
Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)
Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow - WoW64 - DEP Bypass Date: 24.01.2019 Exploit Author: Matteo Malvica Vendor Homepage:https://www.cloudme.com/en Software: https://www.cloudme.com/downloads/CloudMe1112.exe Category: Remote Contact:https://twitter.com/matteomalvica Version: Cloud...
Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting
Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prin...
CMSsite 1.0 - 'search' SQL Injection
Exploit Title: CMSsite 1.0 - 'search' SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10 CVE: N/A...
CMSsite 1.0 - 'cat_id' SQL Injection
Exploit Title: CMSsite 1.0 - SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10 CVE: N/A...
Teameyo Project Management System 1.0 - SQL Injection
Exploit Title: Teameyo - Project Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-28 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.teameyo.com/ Software Link: https://codecanyon.net/item/teameyo-project-management-system/23142804 Version: 1.0 Category: Webapps Tested on:...
Mess Management System 1.0 - SQL Injection
Exploit Title: Mess Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-28 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m.testbd.xyz/ Software Link: https://www.sourcecodester.com/sites/default/files/download/biddut/ms0.zip Version: 1.0 Category: Webapps Tested on:...
Sricam gSOAP 2.8 - Denial of Service
!/bin/bash Exploit Title: Sricam gSOAP 2.8 - Denial of Service Date: 25/01/2019 Vendor Status: Informed 24/10/2018 CVE ID: CVE-2019-6973 Exploit Author: Andrew Watson Contact: https://keybase.io/bitfu Software Version: Sricam gSOAP 2.8 Vendor Homepage: http://www.sricam.com/ Tested on: Sricam IP...
Cisco RV300 / RV320 - Information Disclosure
Exploit Title: 6coRV Exploit Date: 01-26-2018 Exploit Author: Harom Ramos Horus Tested on: Cisco RV300/RV320 CVE : CVE-2019-1653 import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning from fakeuseragent import UserAgent def randomheaders: return dict'user-agent':...
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Faleemi Desktop Software 1.8 - Local Buffer Overflow SEHDEP Bypass Date: 01-26-19 Vulnerable Software: Faleemi Desktop Software 1.8 Vendor Homepage: https://www.faleemi.com/ Version: 1.8.0 Software Link 1:...
MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation
Exploit Title: MySQL User-Defined Linux x32 / x8664 sysexec function local privilege escalation exploit Date: 24/01/2019 Exploit Author: d7x Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 8.11 / mysql Ver 14.14 Distrib 5.5.60...