Advanced File Manager 3.4.1 - Denial of Service (PoC)

Exploit Title: Advanced File Manager v3.4.1 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.advexsoft.com Software Link : http://www.advexsoft.com Tested Version: 3.4.1 Tested on: Windows XP SP3 Vulnerability Type: Denial of Service DoS...

Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)

Exploit Title: Necrosoft DIG v0.4 - Denial of Service PoC SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2005-01-10 Vendor Homepage: http://www.nscan.org/?index=dns Software Link : http://www.nscan.org/?index=dns Tested Version: 0.4 Tested on: Windows XP SP3 Vulnerability...

10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass)

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEHDEP Bypass Date: 01-29-19 Vulnerable Software: 10-Strike Network Inventory Explorer 8.54 Vendor Homepage: https://www.10-strike.com/ Version: 8.54 Software Link...

IP-Tools 2.50 - Local Buffer Overflow (PoC)

Exploit Title: IP TOOLS v2.50 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2018-12-20 Vendor Homepage: https://www.ks-soft.net/ip-tools.eng/index.htm Software Link : https://www.ks-soft.net/ip-tools.eng/index.htm /...

Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection

Exploit Title: Rukovoditel Project Management CRM 2.4.1 - 'listsid' SQL Injection Dork: N/A Date: 27-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/ Version: 2.4.1 Category: Webapps Tested on: Wampp...

HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)

!/usr/bin/python Exploit Title: HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH Date: 27/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.html5videoplayer.net/download.html Software: http://www.html5videoplayer.net/html5videoplayer-setup.exe Contact:...

MiniUPnPd 2.1 - Out-of-Bounds Read

!/usr/bin/python3 miniupnpd 0: self.server.notify += line line = self.rfile.read1 except: pass self.wfile.writeb"HTTP/1.1 200 OK\r\n\r\n" def splash: print" miniupnpd '.formatargs.callbackip,args.callbackport,callbackuri, 'Timeout': 'Second-20' server = socketserver.TCPServerargs.callbackip,...

PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)

Exploit Title: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie Dork: N/A Date: 2019-01-28 Exploit Author: dd [email protected] Vendor Homepage: https://codecanyon.net/user/simcycreative Software Link:...

Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Faleemi Desktop Software 1.8 - Local Buffer Overflow SEHDEP Bypass Date: 01-26-19 Vulnerable Software: Faleemi Desktop Software 1.8 Vendor Homepage: https://www.faleemi.com/ Version: 1.8.0 Software Link 1:...

AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery

Exploit Title: AirTies Air5341 1.0.0.12 Modem CSRF Exploit & PoC Version: AirTies Modem Firmware 1.0.0.12 Tested on: Windows 10 x64 CVE : CVE-2019-6967 Author : Ali Can Gönüllü...

Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting

Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prin...

ResourceSpace 8.6 - 'collection_edit.php' SQL Injection

Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=&copy=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...

R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)

!/usr/bin/python Exploit Title: R 3.4.4 - Local Buffer Overflow Windows XP SP3 Date: 21/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://cloud.r-project.org/bin/windows/ Contact: [email protected] Twitter: @telspacesystems Version: 3.4.4 Tested on: Windows X...

Cisco RV300 / RV320 - Information Disclosure

Exploit Title: 6coRV Exploit Date: 01-26-2018 Exploit Author: Harom Ramos Horus Tested on: Cisco RV300/RV320 CVE : CVE-2019-1653 import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning from fakeuseragent import UserAgent def randomheaders: return dict'user-agent':...

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)

Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow - WoW64 - DEP Bypass Date: 24.01.2019 Exploit Author: Matteo Malvica Vendor Homepage:https://www.cloudme.com/en Software: https://www.cloudme.com/downloads/CloudMe1112.exe Category: Remote Contact:https://twitter.com/matteomalvica Version: Cloud...

Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection

Exploit Title: Care2x 2.7 HIS Hospital Information system - Multiples SQL Injection Date: 01/17/2019 Software Links/Project: https://github.com/care2x/care2x | http://www.care2x.org/ Version: Care2x 2.7 Exploit Author: Carlos Avila Category: webapps Tested on: Windows 8.1 / Ubuntu Linux Contact:...

CMSsite 1.0 - 'search' SQL Injection

Exploit Title: CMSsite 1.0 - 'search' SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10 CVE: N/A...

MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting

Exploit Title: MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting Date: 1/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1213 Version: 1.0.2 Tested on: Ubuntu 18.04 CVE: CVE-2019-6979 1. Description: This plugin...

Teameyo Project Management System 1.0 - SQL Injection

Exploit Title: Teameyo - Project Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-28 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.teameyo.com/ Software Link: https://codecanyon.net/item/teameyo-project-management-system/23142804 Version: 1.0 Category: Webapps Tested on:...

CMSsite 1.0 - 'cat_id' SQL Injection

Exploit Title: CMSsite 1.0 - SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested on: Windows 10 CVE: N/A...

MySQL User-Defined (Linux) (x86) - 'sys_exec' Local Privilege Escalation

Exploit Title: MySQL User-Defined Linux x32 / x8664 sysexec function local privilege escalation exploit Date: 24/01/2019 Exploit Author: d7x Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL 4.x/5.x Tested on: Debian GNU/Linux 8.11 / mysql Ver 14.14 Distrib 5.5.60...

BEWARD Intercom 2.3.1 - Credentials Disclosure

!/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For versions above 2.2.11: The application data directory, whic...

Newsbull Haber Script 1.0.0 - 'search' SQL Injection

Exploit Title: Newsbull Haber Script - SQL Injection Time Based Dork: N/A Date: 28-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://newsbull.org/ Software Link: https://github.com/gurkanuzunca/newsbull Version: 1.0.0 Category: Webapps Tested on: Wampp @Win CVE: N/A Vulnerabilities...

WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download

Exploit Title: WordPress Plugin ad manager wd v1.0.11 - Arbitrary File Download Google Dork: N/A Date: 25.01.2019 Vendor Homepage: https://web-dorado.com/products/wordpress-ad-manager-wd.html Software: https://wordpress.org/plugins/ad-manager-wd Version: 1.0.11 Tested on: Win7 x64, Exploit Author...

Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting

Exploit Title: Cisco Firepower Management Center Cross-Site Scripting XSS Vulnerability Google Dork: N/A Date: 23-01-2019 Exploit Author: Bhushan B. Patil Advisory URL: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-frpwr-mc-xss Affected Version: 6.2.2.2 &...

Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)

Exploit Title: Easy Video to iPod Converter - Local Buffer Overflow SEH Date: 2019-01-26 Exploit Author: Nawaf Alkeraithe Twitter: @Alkeraithe1 Vulnerable Software: Easy Video to iPod Converter 1.6.20 Vendor Homepage: http://www.divxtodvd.net/ Version: 1.6.20 Software Link:...

Sricam gSOAP 2.8 - Denial of Service

!/bin/bash Exploit Title: Sricam gSOAP 2.8 - Denial of Service Date: 25/01/2019 Vendor Status: Informed 24/10/2018 CVE ID: CVE-2019-6973 Exploit Author: Andrew Watson Contact: https://keybase.io/bitfu Software Version: Sricam gSOAP 2.8 Vendor Homepage: http://www.sricam.com/ Tested on: Sricam IP...

Mess Management System 1.0 - SQL Injection

Exploit Title: Mess Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-28 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m.testbd.xyz/ Software Link: https://www.sourcecodester.com/sites/default/files/download/biddut/ms0.zip Version: 1.0 Category: Webapps Tested on:...

Smart VPN 1.1.3.0 - Denial of Service (PoC)

Exploit Title: Smart VPN 1.1.3.0 - Denial of Service PoC Date: 1/28/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NH1G93D4HKR Version: 1.1.3.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new...

LogonBox Limited / Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference

Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage: https://docs.logonbox.com/index.html Software Link: N/A Version: = 1.2 = 1.2 = 1.4-RG4. PoC examples:...

Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection

RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected Versions: 1.4.2.15 and later Fixed Versions: since 1.4.2.20...

GreenCMS 2.x - Arbitrary File Download

Exploit Title: Green CMS 2.x - Arbitrary File & Directory Download Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...

iOS/macOS - 'task_swap_mach_voucher()' Use-After-Free

/ voucherswap-poc.c Brandon Azad / if 0 iOS/macOS: taskswapmachvoucher does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 CVE-2016-7612, 954 CVE-2016-7633, 1417 CVE-2017-13861, asyncwake, 1520 CVE-2018-4139,...

WordPress Plugin Wisechat 2.6.3 - Reverse Tabnabbing

Exploit Title: Wordpress Plugin Wisechat if window.opener window.opener.parent.location.replace'http://mtk911.cf/'; if window.parent != window window.parent.location.replace'http://mtk911.cf/'; Open Redirect TEST when you click on that user. This opens in a new tab, and the parent tab is silently...

GreenCMS 2.x - SQL Injection

Exploit Title: Green CMS 2.x - SQL Injection Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...

Lua 5.3.5 - 'debug.upvaluejoin' Use After Free

Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Link: https://www.lua.org/ftp/lua-5.3.5.tar.gz...

ImpressCMS 1.3.11 - 'bid' SQL Injection

Title: ImpressCMS 1.3.11 - 'bid' SQL Injection Date: 21.01.2019 Exploit Author: Mehmet Onder Key Vendor Homepage: http://www.impresscms.org/ Software Link: https://sourceforge.net/projects/impresscms/files/v1.3.11/impresscms1.3.11.zip Version: v1.3.11 Category: Webapps Tested on: WAMPP @Win...

Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)

Exploit Title: Microsoft Remote Desktop 10.2.4134 - Denial of Service PoC Date: 2019/01/24 Author: Saeed Hasanzadeh Net.Hun73r Twitter: @nethun73r Software Link: https://itunes.apple.com/us/app/microsoft-remote-desktop-10/id1295203466?mt=12 Version: 10.2.4134 Tested on: Mac OS Mojave10.14.2 Proof...

Joomla! Component J-CruisePortal 6.0.4 - SQL Injection

Exploit Title: Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link: https://www.cmsjunkie.com/joomla-cruise-reservation-portal Version: 6.0.7 Category: Webapps Tested on:...

Ghostscript 9.26 - Pseudo-Operator Remote Code Execution

I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an executable array of commands, you need to mark it as...

Joomla! Component JHotelReservation 6.0.7 - SQL Injection

Exploit Title: Joomla! Component JHotelReservation 6.0.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jhotelreservation/...

Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery

NBG-418N v2 Modem CSRF Exploit & PoC...

SimplePress CMS 1.0.7 - SQL Injection

Exploit Title: SimplePress CMS 1.0.7 - SQL Injection Dork: N/A Date: 2019-01-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/simplepresscms/ Software Link: https://ayera.dl.sourceforge.net/project/simplepresscms/1.0%20alpha/1.0.7alpha.zip Version: 1.0.7 Category:...

AddressSanitizer (ASan) - SUID Executable Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AddressSanitizer ASan SUID Executable Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems usi...

Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution

!/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Date: January 23, 2019 Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link: https://www.splunk.com/enus/download/splunk-enterprise.html Version: 7.2.3 Tested on: kali...

SirsiDynix e-Library 3.5.x - Cross-Site Scripting

Exploit Title: SirsiDynix e-Library = 3.5.x - Cross-Site Scripting CVE: CVE-2018-20503 Date: 2019-24-01 Google Dork: inurl:/x/x/0/49 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://www.sirsidynix.com Version: 3.5.x Category: Webapps Tested on:...

Joomla! Component vWishlist 1.0.1 - SQL Injection

Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/extension-specific/virtuemart-extensions/vwishlist/ Version: 1.0.1...

Joomla! Component vReview 1.9.11 - SQL Injection

Exploit Title: Joomla! Component vReview 1.9.11 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/ratings-a-reviews/vreview/ Version: 1.9.11 Category:...

Joomla! Component VMap 1.9.6 - SQL Injection

Exploit Title: Joomla! Component VMap 1.9.6 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/vmap/ Version: 1.9.6 Category: Webapps Tested...

Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection

Exploit Title: Joomla! Component J-MultipleHotelReservation 6.0.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...