47904 matches found
Modern POS 1.3 - SQL Injection
Exploit Title: Modern POS 1.3 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link: https://codecanyon.net/item/modern-pos-point-of-sale-with-stock-management-system/22702683 Version: 1.3 Category: Webapps Tested on:...
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
Exploit Title: Craigs CMS 1.0.2 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://themerig.com/ Software Link: https://codecanyon.net/item/craigs-cms-directory-listing-theme/22431565 Version: 1.0.2 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...
Real Estate Custom Script 2.0 - SQL Injection
Exploit Title: Real Estate Custom Script 2.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 2.0 Category: Webapps Tested on:...
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure all...
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
/ Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version - 1.2.0.1000 - dokan1.sys Software package -...
Job Portal Platform 1.0 - SQL Injection
Exploit Title: Job Portal 1.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/job-portal-platform-a-complete-job-portal-website/21916934 Version: 1.0 Category: Webapps Tested on:...
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
Windows: SSPI Network Authentication Session 0 EoP Platform: Windows 10 1803/1809 not tested earlier versions Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session boundary Summary: Performing an NTLM authentication to the same machine results in a network...
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Exploit Title: Umbraco CMS - Remote Code Execution by authenticated administrators Dork: N/A Date: 2019-01-13 Exploit Author: Gregory DRAPERI & Hugo BOUTINON Vendor Homepage: http://www.umbraco.com/ Software Link: https://our.umbraco.com/download/releases Version: 7.12.4 Category: Webapps Tested...
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broker COM object doesn’t verify its caller correctly allowing one user to...
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summary: The COM Desktop Broker doesn’t correctly check permissions...
AudioCode 400HD - Command Injection
CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony and contact center markets. The CGI...
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
Windows: DSSVC MoveFileInheritSecurity Multiple Issues EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure al...
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same...
Portier Vision 4.4.4.2 / 4.4.4.6 - SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open Manufacturer Notification: 2018-06-13 Solution Date: -...
S-nail < 14.8.16 - Local Privilege Escalation
!/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c ... . Compiling /var/tmp/.privget.c ... . Adding /var/tmp/.snail.s...
Serv-U FTP Server < 15.1.7 - Local Privilege Escalation (2)
!/bin/bash SUroot - Local root exploit for Serv-U FTP Server versions prior to 15.1.7 CVE-2019-12181 Bash variant of Guy Levin's Serv-U FTP Server exploit: - https://github.com/guywhataguy/CVE-2019-12181 --- user@debian-9-6-0-x64-xfce:/Desktop$ ./SUroot Launching Serv-U ... sh: 1: : Permission...
ASAN/SUID - Local Privilege Escalation
!/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a vulnerable system. Supply your own targe...
Adapt Inventory Management System 1.0 - SQL Injection
Exploit Title: Adapt Inventory Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.adaptinventory.com/ Software Link: https://codecanyon.net/item/adapt-inventory-management-system/22838514 Version: 1.0 Category: Webapps Tested...
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure
Exploit Title: Joomla! Component JoomProject 1.1.3.2 - Information Disclosure Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/joomprojec...
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Code Blocks 17.12 - Local Buffer Overflow SEHUnicode Date: 01-10-2019 Vulnerable Software: Code Blocks 17.12 Vendor Homepage: http://www.codeblocks.org/ Version: 17.12 Software Link:...
Paint Studio 2.17 - Denial of Service (PoC)
Exploit Title: Paint Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpaintstudioinstall.exe Version: 2.17 Category: Dos Tested on:...
Joomla! Component JoomCRM 1.1.1 - SQL Injection
Exploit Title: Joomla! Component JoomCRM 1.1.1 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/joomcrm/ Version: 1.1.1 Category: Webapps Tested on:...
Liquid Studio 2.17 - Denial of Service (PoC)
Exploit Title: Liquid Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbliquidstudioinstall.exe Version: 2.17 Category: Dos Tested on:...
Pixel Studio 2.17 - Denial of Service (PoC)
Exploit Title: Pixel Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpixelstudioinstall.exe Version: 2.17 Category: Dos Tested on:...
Blob Studio 2.17 - Denial of Service (PoC)
Exploit Title: Blob Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbblobstudioinstall.exe Version: 2.17 Category: Dos Tested on: WiN7x64/KaLiLinuXx...
Selfie Studio 2.17 - Denial of Service (PoC)
Exploit Title: Selfie Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbselfiestudioinstall.exe Version: 2.17 Category: Dos Tested on:...
Tree Studio 2.17 - Denial of Service (PoC)
Exploit Title: Tree Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbtreestudioinstall.exe Version: 2.17 Category: Dos Tested on: WiN7x64/KaLiLinuXx...
Luminance Studio 2.17 - Denial of Service (PoC)
Exploit Title: Luminance Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbluminancestudioinstall.exe Version: 2.17 Category: Dos Tested on:...
OpenSSH SCP Client - Write Arbitrary Files
''' Title: SSHtranger Things Author: Mark E. Haase Homepage: https://www.hyperiongray.com Date: 2019-01-17 CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS, OpenSSH client 7.6p1 We have nicknamed this...
doitX 1.0 - 'search' SQL Injection
Exploit Title: doitX 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://mybizcms.com/ Software Link: https://codecanyon.net/item/doitx/23041037 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...
eBrigade ERP 4.5 - Arbitrary File Download
!/usr/bin/python import mechanize, sys, cookielib, requests import colorama, urllib, re, random, urllib2 import wget from colorama import Fore from tqdm import tqdm from pathlib import Path def bannerche: print ''' @-------------------------------------------------------------@ | eBrigade ERP "...
Architectural 1.0 - 'email' SQL Injection
Exploit Title: Architectural Cms 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/architectural-multipage-theme-admin-panel/20968597 Version: 1.0 Category: Webapps Tested on:...
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: RGui 3.5.0 - Local Buffer Overflow SEHDEP Bypass Date: 01-09-2018 Vulnerable Software: RGui 3.5.0 Vendor Homepage: https://www.r-project.org/ Version: 3.5.0 Software Link:...
PEAR Archive_Tar < 1.4.4 - PHP Object Injection
PEAR ArchiveTar temptarname will be called in the destructor method. If another class with useful gadget is loaded, remote code execution may be possible. Steps to reproduce object injection and arbitrary file deletion: 1. Make sure that PHP & PEAR are installed. 2. Download vulnerable PEAR...
OpenSource ERP 6.3.1. - SQL Injection
Exploit Title: OpenSource ERP SQL Injection Date: 10.01.2019 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.nelson-it.ch Software Link: http://sourceforge.net/projects/opensourceerp/files/Windows/erp6.3.1.exe/download Version: v6.3.1 Tested on: Windows CVE-2019-5893...
eBrigade ERP 4.5 - SQL Injection
Exploit Title: eBrigade ERP 4.5 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://ebrigade.net/ Software Link: https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade4.5.zip Version: 4.5 Category: Webapps Tested on:...
Shield CMS 2.2 - 'email' SQL Injection
Exploit Title: SHIELD - Freelancer Content Management System 2.2 - SQL Injection / CSRF Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/shield-content-management-system/18833498 Version: 2.2 Category: Webapps...
Matrix MLM Script 1.0 - Information Disclosure
Exploit Title: Matrix MLM Script 1.0 - Information Leakage Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://royallifefoundation.org/ Software Link: https://codecanyon.net/item/mlmpro-multistage-forced-matrix-mlm-script/23050292 Version: 1.0 Category: Webapps Tested...
Event Calendar 3.7.4 - 'id' SQL Injection
Exploit Title: Event Calendar 3.7.4 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/event-calendar-phpmysql-plugin/19246267 Version: 3.7.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...
MLMPro 1.0 - SQL Injection
Exploit Title: Matrix MLM Script 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://royallifefoundation.org/ Software Link: https://codecanyon.net/item/mlmpro-multistage-forced-matrix-mlm-script/23050292 Version: 1.0 Category: Webapps Tested on:...
Event Locations 1.0.1 - 'id' SQL Injection
Exploit Title: Event Locations 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/event-locations-phpmysql-plugin/22100679 Version: 1.0.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sharepoint-ruby' class MetasploitModule 'DOS Vulnerability in SharePoint 2016 Server', 'Description' = %q A vulnerability in Microsoft SharePoint Server could...
BlogEngine 3.3 - XML External Entity Injection
XML External Entity Injection Vulnerability in BlogEngine 3.3 Information -------------------- Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3 Homepage: https://blogengine.io/ Vulnerability: XML Extern...
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
function main var vArr = new Array; var bigArray = new Array0x20000000; vArr0 = String.prototype.toLowerCase.callbigArray; vArr1 = String.prototype.toLowerCase.callbigArray; vArr2 = String.prototype.toLowerCase.callbigArray;...
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/ Product Link: https://www.heatmiser.com/en/wireless-thermostats/ Tested on:...
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
/ When a non-root user attempts to e.g. control systemd units in the system instance from an active session over DBus, the access is gated by a polkit policy that requires "authadminkeep" auth. This results in an auth prompt being shown to the user, asking the user to confirm the action by enteri...
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version: BDHDV6MF65V1.0.0B05 Tested on: Windows 10 x64 CVE:...
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
Windows: DSSVC CheckFilePermission Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple issues I’m reporting in the same service. While I’ve tried to ensure...
Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection
Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Date: 08.01.2019 Exploit Author: Mehmet Önder Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zip Version: v8.0.4 Category: Webapps Tested on...
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation
!/usr/bin/env python """ Exploit Title: CF Image Hosting Script 1.6.5: Delete database Google Dork: "Powered By CF Image Hosting script" Date: 01/08/2019 Exploit Author: David Tavarez Vendor Homepage: https://davidtavarez.github.io/ Software Link:...