47904 matches found
Adobe Flash ActiveX Plugin 28.0.0.137 - Remote Code Execution (PoC)
Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/46051.zip Password: infected...
WSTMart 2.0.8 - Cross-Site Request Forgery (Add Admin)
Exploit Title: WSTMart 2.0.8 - Cross-Site Request Forgery Add Admin Date: 2018-12-23 Exploit Author: linfeng Vendor Homepage:https://github.com/wstmall/wstmart/ Software Link:http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE :CVE-2018-19138 0x02 CSRF PoC 18/5000 Function point: background...
Angry IP Scanner for Linux 3.5.3 - Denial of Service (PoC)
Exploit Title: Angry IP Scanner for Linux 3.5.3 - Denial of Service PoC Discovery by: Mr Winst0n Discovery Date: 2018-12-22 Vendor Homepage: https://angryip.org/ Software Link : https://angryip.org/download/ Tested Version: 3.5.3 latest version Tested on: Kali linux Vulnerability Type: Denial of...
WSTMart 2.0.8 - Cross-Site Scripting
Exploit Title: WSTMart 2.0.8 - Cross-Site Scripting Date: 2018-12-23 Exploit Author: linfeng Vendor Homepage: https://github.com/wstmall/wstmart/ Software Link: http://www.wstmart.net/ Version: WSTMart 2.0.8181212 CVE: CVE-2018-20367 0x01 stored XSS PoC Function point: mall some commodity details...
Netatalk 3.1.12 - Authentication Bypass (PoC)
import socket import struct import sys if lensys.argv != 3: sys.exit0 ip = sys.argv1 port = intsys.argv2 sock = socket.socketsocket.AFINET, socket.SOCKSTREAM print "+ Attempting connection to " + ip + ":" + sys.argv2 sock.connectip, port dsipayload = "\x00\x00\x40\x00" client quantum dsipayload +...
SQLScan 1.0 - Denial of Service (PoC)
Exploit Title: McAfee Foundstone SQLScan - Denial of Service PoC and EIP record overwrite Discovery by: Rafael Pedrero Discovery Date: 2018-12-20 Vendor Homepage: http://www.mcafee.com/us/downloads/free-tools/sqlscan.aspx Software Link : http://www.mcafee.com/us/downloads/free-tools/sqlscan.aspx...
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service
Exploit Title: Microsoft Edge edgehtml.dll!Tree::ANode::DocumentLayout. Denial of Service PoC Google Dork: N/A Date: 2018-11-11 Exploit Author: Bogdan Kurinnoy [email protected] Vendor Homepage: https://www.microsoft.com/ Version: Microsoft Edge 42.17134.1.0 Microsoft EdgeHTML 17.17134 Tested...
AnyBurn 4.3 - Local Buffer Overflow (SEH)
!/usr/bin/env python Exploit Title: AnyBurn 4.3 - Local Buffer Overflow SEH Unicode Date: 20-12-2018 Exploit Author: Matteo Malvica Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Tested Version: 4.3 32-bit Tested on: Windows 7 x64 SP1 Credits:...
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
Exploit Title: ZeusCart 4.0 Deactivate Customer Accounts CSRF Date: 12/20/2018 Exploit Author: mqt Vendor Homepage: http://http://www.zeuscart.com/ Version: Zeus Cart 4.0 CSRF 1. Vulnerability Description Due to the form not being validated, ZeusCart4.0 suffers from a Cross Site Request Forgery...
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Read
The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while impersonating, but using junctions there is still a TOCT...
Netatalk 3.1.12 - Authentication Bypass
Exploit Title: Netatalk Authentication Bypass Date: 12/20/2018 Exploit Author: Jacob Baines Vendor Homepage: http://netatalk.sourceforge.net/ Software Link: https://sourceforge.net/projects/netatalk/files/ Version: Before 3.1.12 Tested on: Seagate NAS OS x8664 CVE : CVE-2018-1160 Advisory:...
Microsoft Windows - 'MsiAdvertiseProduct' Arbitrary File Copy/Read
The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets done while impersonating, but using junctions there is still a TOCT...
LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)
Exploit Title: LanSpy 2.0.1.159 - Local Buffer Overflow SEH Egghunter Exploit Author: bzyo Date: 12-19-18 Twitter: @bzyo Vulnerable Software: LanSpy 2.0.1.159 Vendor Homepage: https://lizardsystems.com Version: 2.0.1.159 Software Link 1:...
VBScript - VbsErase Reference Leak Use-After-Free
There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied. Details: VbsErase function is used to reset and free the content...
VBScript - MSXML Execution Policy Bypass
According to https://blogs.windows.com/msedgedev/2017/07/07/update-disabling-vbscript-internet-explorer-11/, Starting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted Sites Zone by default. However, the...
Erlang - Port Mapper Daemon Cookie Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Erlang Port Mapper Daemon Cookie RCE', 'Description' = %q The erlang port mapper daemon is used to coordinate distributed erlang instances. Shoul...
XMPlay 3.8.3 - '.m3u' Local Stack Overflow Code Execution
!/usr/bin/env python -- coding: utf-8 -- Exploit Title: XMPlay 3.8.3 - '.m3u' Code Execution PoC Date: 2018-12-19 Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version: 3.8.3 latest Tested on: Windows XP SP3...
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)
!/usr/bin/env python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Base64 Decoder 1.1.2 - Local Buffer Overflow SEH Date: 12-20-18 Vulnerable Software: Base64 Decoder 1.1.2 Vendor Homepage: http://4mhz.de/b64dec.html Version: 1.1.2 Software Link:...
Integria IMS 5.0.83 - 'search_string' Cross-Site Scripting
Exploit Title: Integria IMS 5.0.83 - Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-12-18 Google Dork: N/A Vendor: Artica ST Software Link: https://github.com/articaST/integriaims Affected Version: 5.0.83 and possibly before Patched Version: 5.0.84...
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: Admin Account take over Via CSRF Google Dork: N/A Date: 17-12-2018 Exploit Author: Sainadh Jamalpur Vendor Homepage: https://www.phpjabbers.com/hotel-booking-system/ Software Link: https://demo.phpjabbers.com/1545033057422/index.php?controller=pjAdmin&action=pjActionIndex Version:...
Yeswiki Cercopitheque - 'id' SQL Injection
Exploit Title: SQL Injection in Yeswiki Cercopitheque Date: 02/07/2018 Exploit Author: Mickael BROUTY @ark1nar - FIDENS Vendor Homepage: https://yeswiki.net Software Link: https://repository.yeswiki.net/cercopitheque/yeswiki-cercopitheque-2018-12-07-1.zip Version: Yeswiki Cercopitheque 2018-06-19...
Linux Kernel 4.4 - 'rtnetlink' Stack Memory Disclosure
/ Briefs - CVE-2016-4486 has discovered and reported by Kangjie Lu. - This is local exploit against the CVE-2016-4486. Tested version - Distro : Ubuntu 16.04 - Kernel version : 4.4.0-21-generic - Arch : x8664 Prerequisites - None Goal - Leak kernel stack base address of current process by...
LanSpy 2.0.1.159 - Local Buffer Overflow
!/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: LanSpy 2.0.1.159 - Local Buffer Overflow RCEPoC Date: 2018-12-16 Author: Juan Prescotto Tested Against: Win7 Pro SP1 64 bit Software...
PassFab RAR 9.3.2 - Buffer Overflow (SEH)
Exploit Title: PassFab RAR Password Recovery SEH Local Exploit Date: 16-12-2018 Vendor Homepage:https://www.passfab.com/products/rar-password-recovery.html Software Link: https://www.passfab.com/downloads/passfab-rar-password-recovery.exe Exploit Author: Achilles Tested Version: 9.3.2 Tested on:...
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Rukovoditel Project Management/CRM 2.3.1 - Authenticated Remote Code Execution', 'Description' = %q This module...
Bolt CMS < 3.6.2 - Cross-Site Scripting
Exploit Title: Bolt CMS https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting/raw/master/bolt-v3.6.2.zip Affected Version: alert"Raif" Description Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry. PoC Video:...
Integria IMS 5.0.83 - Cross-Site Request Forgery
Exploit Title: Integria IMS 5.0.83 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-12-19 Google Dork: N/A Vendor: Artica ST Software Link: https://github.com/articaST/integriaims Affected Version: 5.0.83 and possibly before Patched Version:...
IBM Operational Decision Manager 8.x - XML External Entity Injection
Exploit Title: XML External Entity Injection XXE Date: 2018-12-18 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10744149 Version: v8.6 - v8.7 - v8.8 - v8.9 REQUIRED Tested on: Windows 10 CVE : CVE-2018-1821 POC1: Port...
PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)
Exploit Title: PDF Explorer SEH Local Exploit Original Discovery:Gionathan "John" Reale DoS exploit Exploit Author: Achilles Date: 18-12-2018 Vendor Homepage: http://www.rttsoftware.com/ Software Link: https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip Tested Version: 1.5.66.2 Tested on:...
MegaPing - Local Buffer Overflow Denial of Service
Exploit Title: MegaPing Date: 15-12-2018 Vendor Homepage: http://www.magnetosoft.com/ Software Link: http://www.magnetosoft.com/downloads/win32/megapingsetup.exe Exploit Author: Achilles Tested Version: Tested on: Windows 7 x64 Vulnerability Type: Denial of Service DoS Local Buffer Overflow Steps...
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow
Exploit Title: Nsauditor Local SEH Buffer Overflow Date: 15-12-2018 Vendor Homepage:http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Exploit Author: Achilles Tested Version: 3.0.28.0 Tested on: Windows XP SP3 1.- Run python code : Nsauditor.py 2.- Open...
Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service
Exploit Title: Excel Password Recovery Professional Date: 15-12-2018 Vendor Homepage:https://www.recoverlostpassword.com/ Software Link :https://www.recoverlostpassword.com/downloads/excelpasswordrecoveryprotrial.exe Exploit Author: Achilles Tested Version: 8.2.0.0 Tested on: Windows 7 64...
AnyBurn 4.3 - Local Buffer Overflow (PoC)
Exploit Title: AnyBurn Date: 15-12-2018 Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Author: Achilles Tested Version: 4.3 32-bit Tested on: Windows 7 x64 Vulnerability Type: Denial of Service DoS Local Buffer Overflow Steps to Produce th...
Microsoft Windows - 'jscript!JsArrayFunctionHeapSort' Out-of-Bounds Write
function f0 function f1 f2.prototype = arguments; new f2; function f2 Array.prototype.sort.callthis, f0; f11, 2, 3; !-- ========================================================= Details: JsArrayFunctionHeapSort is called when sorting an array with a provided comparison function. One of its...
MiniShare 1.4.1 - 'HEAD/POST' Remote Buffer Overflow
Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length ------------------------------------------------------------------- EAX...
SDL Web Content Manager 8.5.0 - XML External Entity Injection
Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Company : Canon Security Date : 25/11/2018 Software Information Affected Software : SDL Web Content Manager Version: Build 8.5.0 Vendor: SDL Tridion Software website : https://www.sdl.com CVE Number: CVE-2018-19371 Descriptio...
phpMyAdmin 4.8.4 - 'AllowArbitraryServer' Arbitrary File Read
!/usr/bin/env python coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLoggername log.setLevellogging.DEBUG tmpformat = logging.handlers.WatchedFileHandler'mysql.log', 'ab'...
Google Chrome 70 - SQLite Magellan Crash (PoC)
This proof-of-concept crashes the Chrome renderer process using Tencent Blade Team's Magellan SQLite3 bug. It's based on a SQLite test case from the commit that fixed the bug. If you're using Chrome 70 or below, tap the button below to crash this page: Crash this page Your browser's user agent is...
Double Your Bitcoin Script Automatic - Authentication Bypass
Exploit Title: Double Your Bitcoin Script Automatic 2018 for $50 - Authentication Bypass Date: 2018-12-08 Exploit Author: Veyselxan Vendor Homepage: https://codeclerks.com/php-programming/1007/Double-Your-Bitcoin-Script-Automatic-2018 Version: v1 REQUIRED Tested on: Linux...
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery Date: 2018-12-13 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559?srank=38 Version: v1 REQUIRED Tested on: Linux 1 Poof Of...
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
Exploit Title: Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution Dork: N/A Date: 2018-12-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559 Version: 1.1 Category: Webapps Tested on:...
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
Exploit Title: Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Dork: N/A Date: 2018-12-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://codecanyon.net/item/facebook-and-google-reviews-system-for-businesses/22793559 Version: 1.1 Category: Webapps Tested on:...
Huawei Router HG532e - Command Execution
!/bin/python ''' Author : Rebellion Github : @rebe11ion Twitter : @rebellion ''' import urllib2,requests,os,sys from requests.auth import HTTPDigestAuth DEFAULTHEADERS = "User-Agent": "Mozilla", DEFAULTTIMEOUT = 5 def fetchurlurl: global DEFAULTHEADERS, DEFAULTTIMEOUT request = urllib2.Requesturl...
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure (2)
Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...
Fortify Software Security Center (SSC) 17.10/17.20/18.10 - Information Disclosure
Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS: 6.5 Medium; AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CWE-639 Description...
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
Exploit Title: Zortam MP3 Media Studio Version 24.15 Exploit SEH Version: 24.15 Exploit Author: Manpreet Singh Kheberi Date: December 13 2018 Download Link: https://www.zortam.com/download.html Vendor Homepage: https://www.zortam.com Tested on: Windows Xp Sp3 x64 Type: Bind shell print...
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
Responsive FileManager 9.13.4 - Multiple Vulnerabilities Date: December 12, 2018 Author: farisv Vendor Homepage: https://www.responsivefilemanager.com/ Vulnerable Package Link: https://github.com/trippo/ResponsiveFilemanager/releases/download/v9.13.4/responsivefilemanager.zip Responsive FileManag...
Cisco RV110W - Password Disclosure / Command Execution
!/usr/bin/env python2 Cisco RV110W Password Disclosure and OS Command Execute. Tested on version: 1.1.0.9 maybe useable on 1.2.0.9 and later. Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute Date: 2018-08 Exploit Author: RySh Vendor Homepage: https://www.cisco.com/ Version:...
Safari - Proxy Object Type Confusion (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Safari Proxy Object Type Confusion', 'Description' = %q This module exploits a type confusion bug in the Javascript Proxy object in WebKit. The D...
UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service (PoC)
Exploit Title: UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service PoC and Pointer to next SEH and SE handler records overwrite Discovery by: Francisco Ramirez Discovery Date: 2018-12-14 Vendor Homepage: https://www.ultraiso.com/ Software Link : https://www.ultraiso.com/download.html Tested...