47904 matches found
SeoToaster Ecommerce / CRM / CMS 3.0.0 - Local File Inclusion
Exploit Title: SeoToaster Ecommerce 3.0.0 - Local File Inclusion Dork: N/A Date: 2019-01-17 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.seotoaster.com/shopping-cart/ Software Link: https://www.seotoaster.com/downloads/seotoaster.v3.0.0.zip Version: 3.0.0 Category: Webapps Tested on:...
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
Exploit Title: VPN Browser+ 1.1.0.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NFFFFS5Z2C7 Version: 1.1.0.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a ne...
phpTransformer 2016.9 - SQL Injection
Exploit Title: phpTransformer 2016.9 - SQL Injection Dork: N/A Date: 2019-01-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link: https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release2016.9.zip Version: 2016.9 Category: Webapps...
Microsoft Edge Chakra - 'JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode' Use-After-Free
/ The JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it's essentially written in JavaScript, it needs to clear the disable-implicit-call flag before calling the JavaScript code, otherwise i...
phpTransformer 2016.9 - Directory Traversal
Exploit Title: phpTransformer 2016.9 - Directory Traversal Dork: N/A Date: 2019-01-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link: https://netcologne.dl.sourceforge.net/project/phptransformer/Version%202016.9/release2016.9.zip Version: 2016.9 Category:...
Microsoft Edge Chakra - 'InlineArrayPush' Type Confusion
/ In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer to the object array which stores numeric properties. For...
Microsoft Edge Chakra - 'InitClass' Type Confusion
/ Issue description This is similar to issue 1702 https://www.exploit-db.com/exploits/46203 . This time, it uses an InitClass instruction to reach the SetIsPrototype method. PoC: / function opto, c, value o.b = 1; class A extends c o.a = value; function main for let i = 0; i 2000; i++ let o = a: ...
FastTube 1.0.1.0 - Denial of Service (PoC)
Exploit Title: FastTube 1.0.1.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9MXS9JVDP25V Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the python script, it will create a new fi...
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
Exploit Title: Joomla Global Configuration Text Filter settings Stored XSS Vulnerability Date: 18/01/2019 Exploit Author: Praveen Sutar , Twitter: @praveensutar123 Vendor Homepage: https://www.joomla.org/ Affected Versions: Joomla versions 2.5.0 through 3.9.1 Tested on: Joomla 3.9.1 CVE :...
Microsoft Windows CONTACT - Remote Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec Vendor www.microsoft.com Product Microsoft .CONTACT File...
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
Exploit Title: Check Point ZoneAlarm Local Privilege Escalation Date: 1/16/19 Exploit Author: Chris Anastasio Vendor Homepage: https://www.zonealarm.com/software/free-antivirus/ Software Link: Vulnerable Versions included in repo Version: ZoneAlarm Free Antivirus + Firewall version: 15.3.064.1772...
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
Exploit Title: Cross-site Scripting XSS Date: 2019-01-15 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3 REQUIRED Tested on: Windows 10 CVE : CVE-2019-2413 POC:...
NTPsec 1.1.2 - 'ctl_getitem' Out-of-Bounds Read (PoC)
!/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread1 Vendor Homepage: https://ntpsec.org/ Software Link:...
Spotify 1.0.96.181 - 'Proxy configuration' Denial of Service (PoC)
Exploit Title: Spotify 1.0.96.181 - "Proxy configuration" Denial of Service PoC Discovery by: Aaron V. Hernandez Discovery Date: 2019-01-15 Vendor Homepage: https://www.spotify.com Software Link: https://www.spotify.com/mx/download/windows/ Tested Version: 1.0.96.181 Vulnerability Type: Denial of...
Coship Wireless Router 4.0.0.48 / 4.0.0.40 / 5.0.0.54 / 5.0.0.55 / 10.0.0.49 - Unauthenticated Admin Password Reset
history.pushState'', '', '/'...
Fortinet FortiGate FortiOS < 6.0.3 - LDAP Credential Disclosure
/usr/bin/python3 """ CVE-2018-13374 Publicado por Julio Ureña PlainText Twitter: @JulioUrena Blog Post: https://plaintext.do/My-1st-CVE-Capture-LDAP-Credentials-From-FortiGate-EN/ Referencia: https://fortiguard.com/psirt/FG-IR-18-157 Ejemplo: python3 CVE-2018-13374.py -f https://FortiGateIP -u...
doorGets CMS 7.0 - Arbitrary File Download
Exploit Title: doorGets CMS 7.0 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.doorgets.com/ Software Link: https://netix.dl.sourceforge.net/project/doorgets-cms/doorGets%20CMS%20V7/doorGetsCMSV7.0.zip Version: 7.0 Category: Webapps...
Roxy Fileman 1.4.5 - Arbitrary File Download
Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php Version: 1.4.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
NTPsec 1.1.2 - 'ntp_control' Out-of-Bounds Read (PoC)
!/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread2 Vendor Homepage: https://ntpsec.org/ Software Link:...
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
/ The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage collection via rope strings. As a result, it can lead to UaF. PoC: ...
Microsoft Windows 10 - 'RestrictedErrorInfo' Unmarshal Section Handle Use-After-Free
Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT RestrictedErrorInfo doesn’t correctly check the validity of a handle to a section...
Blueimp's jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
Exploit Title: Exploit for Blueimp's jQuery File Upload include include include include include include define BSIZE 1024 define DEBUG 1 define TESTONLY 0 void buildstring char p, char path, char arg, char ar1, int func; int main int argc, char argv int sock = 0, bytesread = 0, total = 0, functio...
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
function main var ar = ; forlet i = 0; i...
NTPsec 1.1.2 - 'ntp_control' (Authenticated) NULL Pointer Dereference (PoC)
!/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated NULL pointer exception Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-authed-npe Vendor Homepage: https://ntpsec.org...
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection / Arbitrary File Download / Directory Traversal
Exploit Title: GL-AR300M-Lite Authenticated Command injection - Arbitrary file download - Directory Traversal Date: 15/1/2019 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://www.gl-inet.com/ Software Link: https://www.gl-inet.com/products/gl-ar300m/ Version: Firmware version...
NTPsec 1.1.2 - 'config' (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
!/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated out of bounds write proof of concept DoS Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-authed-oobwrite Vendor Homepage:...
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
Windows: XmlDocument Insecure Sharing Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: A number of Partial Trust Windows Runtime classes...
blueman - set_dhcp_handler D-Bus Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'blueman setdhcphandler D-Bus Privilege Escalation', 'Description' = %q This module attempts to gain root privileges by exploiting a Python code...
ShoreTel / Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage: https://www.mitel.com/ Version: 19.49.5200.0 and very likely many...
1Password < 7.0 - Denial of Service
Description The 1Password application 7.0 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application...
Microsoft Windows VCF - Remote Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor www.microsoft.com Product A VCF file is a...
ownDMS 4.7 - SQL Injection
Exploit Title: ownDMS 4.7 - SQL Injection Dork: N/A Date: 2019-01-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.owndms.com/ Software Link: https://datapacket.dl.sourceforge.net/project/owndms/owndms47.zip Version: 4.7 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same...
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
Windows: DSSVC MoveFileInheritSecurity Multiple Issues EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure al...
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open Manufacturer Notification: 2018-06-13 Solution Date: -...
AudioCode 400HD - Command Injection
CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: The COM Desktop Broker doesn’t correctly check permissions...
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
Windows: DSSVC DSOpenSharedFile Arbitrary File Open EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure all t...
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
Windows: SSPI Network Authentication Session 0 EoP Platform: Windows 10 1803/1809 not tested earlier versions Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session boundary Summary: Performing an NTLM authentication to the same machine results in a network...
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
/ Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version - 1.2.0.1000 - dokan1.sys Software package -...
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure all...
i-doit CMDB 1.12 - Arbitrary File Download
Exploit Title: i-doit CMDB 1.12 - Arbitrary File Download Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12 Category: Webapps Tested on:...
i-doit CMDB 1.12 - SQL Injection
Exploit Title: i-doit CMDB 1.12 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12 Category: Webapps Tested on:...
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
Exploit Title: Live Call Support 1.5 - Remote Code Execution / SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link: https://codecanyon.net/item/live-call-support-widget-software-online-calling-web-application/22532799 Version: 1...
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broker COM object doesn’t verify its caller correctly allowing one user to...
Modern POS 1.3 - Arbitrary File Download
Exploit Title: Modern POS 1.3 - Arbitrary File Download Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link: https://codecanyon.net/item/modern-pos-point-of-sale-with-stock-management-system/22702683 Version: 1.3 Category: Webapps Tested...
Real Estate Custom Script 2.0 - SQL Injection
Exploit Title: Real Estate Custom Script 2.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 2.0 Category: Webapps Tested on:...
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Exploit Title: Umbraco CMS - Remote Code Execution by authenticated administrators Dork: N/A Date: 2019-01-13 Exploit Author: Gregory DRAPERI & Hugo BOUTINON Vendor Homepage: http://www.umbraco.com/ Software Link: https://our.umbraco.com/download/releases Version: 7.12.4 Category: Webapps Tested...
xorg-x11-server < 1.20.3 (Solaris 11) - 'inittab Local Privilege Escalation
!/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their...
Horde Imp - 'imap_open' Remote Command Execution
Exploit Title: Horde Imp Unauthenticated Remote Command Execution Google Dork: inurl:/imp/login.php Date: 10/01/2019 Exploit Author: Paolo Serracino - Pietro Minniti - Damiano Proietti Vendor Homepage: https://www.horde.org/apps/imp/ Software Link: https://www.horde.org/download/imp Version: All...