47884 matches found
WebKit JIT - 'ByteCodeParser::handleIntrinsicCall' Type Confusion
/ case ArrayPushIntrinsic: ... if staticcastargumentCountIncludingThis = MINSPARSEARRAYINDEX return false; ArrayMode arrayMode = getArrayModemcurrentInstructionOPCODELENGTHopcall - 2.u.arrayProfile, Array::Write; ... This code always assumes that the current instruction is an opcall instruction...
PHP imap_open - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'php imapopen Remote Code Execution', 'Description' = %q The imapopen function within php, if called without the /norsh flag, will attempt to...
TeamCity Agent - XML-RPC Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TeamCity Agent XML-RPC Command Execution', 'Description' = %q This module allows remote code execution on TeamCity Agents configured to use...
WebKit JSC JIT - 'JSPropertyNameEnumerator' Type Confusion
/ When a for-in loop is executed, a JSPropertyNameEnumerator object is created at the beginning and used to store the information of the input object to the for-in loop. Inside the loop, the structure ID of the "this" object of every getbyid expression taking the loop variable as the index is...
Netgear Devices - (Unauthenticated) Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Netgear Devices Unauthenticated Remote Command Execution', 'Description' = %q From the CVE-2016-1555 page: 1 boardData102.php, 2 boardData103.php...
Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal
Exploit Title: Zyxel VMG1312-B10D 5.13AAXA.8 - Directory Traversal Date: 2018-11-17 Exploit Author: numan türle Vendor Homepage: https://www.zyxel.com/ Software Link: https://www.zyxel.com/productsservices/Wireless-N-VDSL2-4-port-Gateway-with-USB-VMG1312-B10D/ Tested on: macOS Fixed firmware:...
ELBA5 5.8.0 - Remote Code Execution
Exploit Title: ELBA5 5.8.0 - Remote Code Execution Date: 2018-11-16 Exploit Author: Florian Bogner Vendor Homepage: https://www.elba.at Vulnerable Software: https://www.elba.at/eBusiness/01template1/1206507788612244132-12065155957890496571206515641959948315-1292519691128454196-NA-38-NA.html...
Xorg X11 Server - SUID privilege escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xorg X11 Server SUID privilege escalation', 'Description' = %q This module attempts to gain root privileges with SUID Xorg X11 server versions...
Arm Whois 3.11 - Buffer Overflow (ASLR)
Exploit Title: Arm Whois 3.11 - Buffer Overflow ASLR Google Dork: if applicable Date: 23/11/2018 Exploit Author: zephyr Vendor Homepage: http://www.armcode.com Software Link: http://www.armcode.com/downloads/arm-whois.exe Version: 3.11 Tested on: Windows Vista Ultimate SP1 x86 unpatched CVE : nSE...
MariaDB Client 10.1.26 - Denial of Service (PoC)
Exploit Title: MariaDB Client 10.1.26 - Denial of Service PoC Google Dork: None Date: 2018-11-16 Exploit Author: strider Software Link: https://github.com/MariaDB/server Version: mysql Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu x8664 using readline 5.2 Tested on: Debian 9 Stretch x64 ...
Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials
Exploit Title: Ricoh myPrint 2.9.2.4 - Hard-Coded Credentials Google Dork: intitle:"ricoh myprint" "Copyright Ricoh. All Rights Reserved" Date: 2018-11-19 Exploit Author: Hodorsec Vendor Homepage: https://www.ricoh.com Software Link:...
WordPress Plugin Easy Testimonials 3.2 - Cross-Site Scripting
Exploit Title: Wordpress Plugins Easy Testimonials 3.2 - Cross-Site Scripting Date: 2018-11-23 Exploit Author: Endust Vendor Homepage: https://wordpress.org/plugins/easy-testimonials/ Software Link: https://wordpress.org/plugins/easy-testimonials/ Version: 3.2 CVE : N/A Tested on: Windows 10 x64...
No-Cms 1.0 - 'order_by' SQL Injection
Exploit Title: No-Cms 1.0 - 'orderby' SQL Injection Date: 2018-11-28 Exploit Author: Loading Kura Kura Vendor Homepage: https://github.com/goFrendiAsgard/No-CMS Software Link: https://codeload.github.com/goFrendiAsgard/No-CMS/zip/master Tested on: Win10/Kali Linux Google Dork: n/a Version: n/a CV...
Ticketly 1.0 - 'kind_id' SQL Injection
Exploit Title: Ticketly 1.0 – Multiple SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql Affected Version:...
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (cron Method)
!/bin/sh EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47164.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses crontab technique --- test@linux-mint-19-2:/kernel-exploits/CVE-2018-18955$ ./exploit.cron.sh Compiling... Writing payload...
Ticketly 1.0 - 'name' SQL Injection
Exploit Title: Ticketly 1.0 – 'name' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql Affected Version: 1...
WebOfisi E-Ticaret V4 - 'urun' SQL Injection
Exploit Title: WebOfisi E-Ticaret V4 - 'urun' SQL Injection Date: 2018-11-21 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.web-ofisi.com Software Demo: http://demobul.net/eticaretv4/ Software Link:...
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
Title: Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery Add Admin Author: Gjoko 'LiquidWorm' Krstic @zeroscience Exploit Date: 2018-11-17 Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0801DU HW6.0 BL1.5 FW7.23 WF7.4 Tested on:...
Linux Kernel 4.15.x < 4.19.2 - 'map_write() CAP_SYS_ADMIN' Local Privilege Escalation (ldpreload Method)
!/bin/sh EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47166.zip wrapper for Jann Horn's exploit for CVE-2018-18955 uses ld.so.preload technique --- test@linux-mint-19-2:/kernel-exploits/CVE-2018-18955$ ./exploit.ldpreload.sh Compiling... Addi...
WordPress Theme CherryFramework 3.1.4 - Backup File Download
Exploit Title: Wordpress CherryFramework Themes 3.1.4 - Backup File Download Google Dork: inurl:/wp-content/themes/CherryFramework Date: 2018-11-17 Exploit Author: b1p0l4r Vendor Homepage: http://www.cherryframework.com/ Software Link: http://www.cherryframework.com/ Version: 3.x.x 3.1.4 Tested o...
Ticketly 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Ticketly 1.0 - Cross-Site Request Forgery Add Admin Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-11-19 Google Dork: N/A Vendor: Abisoft https://abisoftgt.net Software Link: https://abisoftgt.net/software/6/sistema-de-tickets-y-soporte-con-php-y-mysql...
Microsoft Windows - DfMarshal Unsafe Unmarshaling Privilege Escalation
Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege Master Platform: Windows 10 1803 not tested earlier, although code looks similar on Win8+ Class: Elevation of Privilege Note, this is the master issue report for the DfMarshal unmarshaler. I’m reporting multiple, non-exhaustive, issues...
Apple macOS 10.13 - 'workq_kernreturn' Denial of Service (PoC)
/ Exploit Title: MacOS 10.13 - 'workqkernreturn' Denial of Service PoC Date: 2018-07-30 Exploit Author: Fabiano Anemone Vendor Homepage: https://www.apple.com/ Version: iOS 11.4.1 / MacOS 10.13.6 Tested on: iOS / MacOS CVE: Not assigned Tweet: https://twitter.com/anoane/status/1048549170217451520...
ImageMagick - Memory Leak
!/bin/bash help echo "Usage poc generator: basename $0 gen WIDTHxHEIGHT NAME.xbm minimal" echo " Example gen: basename $0 gen 512x512 poc.xbm" echo "Usage result recovery: basename $0 recover SAVEDPREVIEW.png|jpeg|gif|etc" echo " Example recovery: basename $0 recover avatar.png" if "$1" == "-h" ;...
XMPlay 3.8.3 - '.m3u' Denial of Service (PoC)
Exploit Title: XMPlay 3.8.3 - '.m3u' Denial of Service PoC Date: 2018-11-18 Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version: 3.8.3 latest Tested on: Windows XP/7/8 CVE : N/A Lauch XMPlay and either drag...
HTML Video Player 1.2.5 - Buffer-Overflow (SEH)
Exploit Title: HTML Video Player 1.2.5 - Buffer-Overflow SEH Author: Kağan Çapar Discovery Date: 2018-11-16 Software Link: http://www.html5videoplayer.net/html5videoplayer-setup.exe Vendor Homepage : http://www.html5videoplayer.net Tested Version: 1.2.5 Tested on OS: Windows XP SP3 ENG Steps to...
Microsoft Edge Chakra - OP_Memset Type Confusion
/ Since the patch for CVE-2018-8372, it checks all inputs to native arrays, and if any input equals to the MissingItem value which can cause type confusion, it starts the bailout process. But it doesn't check the "value" argument to OPMemset. This can be exploited in the same way as for issue 158...
Linux - Broken uid/gid Mapping for Nested User Namespaces
commit 6397fac4915a "userns: bump idmap limits to 340" increases the number of possible uid/gid mappings that a namespace can have from 5 to 340. This is implemented by switching to a different data structure if the number of mappings exceeds 5: Instead of linear search over an unsorted array of...
Easy Outlook Express Recovery 2.0 - Denial of Service (PoC)
Exploit Title: Easy Outlook Express Recovery 2.0 - Denial of Service PoC Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyOutlookExpressRecovery/ Software Link:...
DomainMOD 4.11.01 - 'raid' Cross-Site Scripting
Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-09 Exploit Author: Dawood Ansar Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 to v4.11.01 CVE : CVE-2018-19136 A Reflected Cross-site scripti...
Helpdezk 1.1.1 - Arbitrary File Upload
Exploit Title: Helpdezk 1.1.1 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.helpdezk.org/ Software Link: https://netcologne.dl.sourceforge.net/project/helpdezk/helpdezk-1.1.1.zip Version: 1.1.1 Category: Webapps Tested on:...
Mumsoft Easy Software 2.0 - Denial of Service (PoC)
Exploit Title: Mumsoft Easy Software 2.0 - Denial of Service PoC Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.munsoft.com/EasyRARRecovery/ Software Link:...
Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection
Exploit Title: Warranty Tracking System 11.06.3 - 'txtCustomerCode' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://warrantytrack.org/ Software Link: https://kent.dl.sourceforge.net/project/warrantytrack/warrantytrack%20Rel.11.06.3.zip Version: 11.06....
EverSync 0.5 - Arbitrary File Download
Exploit Title: EverSync 0.5 - Arbitrary File Download Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link: https://datapacket.dl.sourceforge.net/project/eversync/Downloads/alpha/EverSync-Pre-alpha05.zip Version: 0.5 Category:...
PHP Mass Mail 1.0 - Arbitrary File Upload
Exploit Title: PHP Mass Mail 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://phpmassmail.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/phpmassmail/phpmassmail/1.0.0/phpmassmail.zip Version: 1.0 Category: Webapp...
Kordil EDMS 2.2.60rc3 - Arbitrary File Upload
Exploit Title: Kordil EDMS 2.2.60rc3 - Arbitrary File Upload Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.kordil.net/ Software Link: https://vorboss.dl.sourceforge.net/project/kordiledms/Kordil%20EDMS%20v2.2.60rc3/kordiledmsinstaller.exe Version: 2.2.60rc3...
PHP-Proxy 5.1.0 - Local File Inclusion
Exploit Title: PHP-Proxy 5.1.0 - Local File Inclusion Date: 2018-11-13 Exploit Author: Ameer Pornillos Contact: https://ethicalhackers.club Vendor Homepage: https://www.php-proxy.com/ Software Link: https://www.php-proxy.com/download/php-proxy.zip Version: 5.1.0 Category: Webapps Tested on: XAMPP...
Simple E-Document 1.31 - 'username' SQL Injection
Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.tecorange.com/index.php/download-free-open-source-software/79-simple-e-document-free-open-source-document-and-paper-m Software Link:...
2-Plan Team 1.0.4 - Arbitrary File Upload
Exploit Title: 2-Plan Team 1.0.4 - Arbitrary File Upload Dork: N/A Date: 2018-11-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://2-plan.com/ Software Link: https://datapacket.dl.sourceforge.net/project/to-plan-team/1.1.0/2-plan-team.tgz Version: 1.0.4 Category: Webapps Tested on:...
Notepad3 1.0.2.350 - Denial of Service (PoC)
Exploit Title: Notepad3 1.0.2.350 - Denial of Service PoC Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.rizonesoft.com/ Software Link: https://netix.dl.sourceforge.net/project/notepad3/Notepad3%20Build%20350/Notepad3-1.0.2.350.exe Software Link:...
Meneame English Pligg 5.8 - 'search' SQL Injection
Exploit Title: Meneame English Pligg 5.8 - 'search' SQL Injection Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/meneame-english/ Software Link: https://master.dl.sourceforge.net/project/meneame/meneame/Beta%205.8/PliggBeta5.8.rar Version...
Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection
Exploit Title: Galaxy Forces MMORPG 0.5.8 - 'type' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://galaxy.alyx.pl/ Software Link: https://excellmedia.dl.sourceforge.net/project/galaxyforces/galaxy/0.5.8/galaxy-0.5.8.7z Version: 0.5.8 Category: Webapps...
Precurio Intranet Portal 2.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Precurio Intranet Portal 2.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.precurio.org Software Link: https://netcologne.dl.sourceforge.net/project/precurio/version%202.1/precurio.zip Version: 2.0 Categor...
BitZoom 1.0 - 'rollno' SQL Injection
Exploit Title: BitZoom 1.0 - 'rollno' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://bitzoom.sourceforge.io/ Software Link: https://excellmedia.dl.sourceforge.net/project/bitzoom/bitzoom-master.zip Version: 1.0 Category: Webapps Tested on:...
WordPress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting
Exploit Title: Wordpress Plugin Ninja Forms 3.3.17 - Cross-Site Scripting Date: 2018-11-15 Exploit Author: MTK Vendor Homepage: https://ninjaforms.com Softwae Link: https://wordpress.org/plugins/ninja-forms/ Version: Up to V3.3.17 Tested on: Debian 9 - Apache2 - Wordpress 4.9.8 - Firefox CVE :...
Net-Billetterie 2.9 - 'login' SQL Injection
Exploit Title: Net-Billetterie 2.9 - 'login' SQL Injection Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://net-billetterie.tuxfamily.org/ Software Link: https://netix.dl.sourceforge.net/project/netbilletterie/Netbilletterie2.9.zip Version: 2.9 Category: Webapps...
AMPPS 2.7 - Denial of Service (PoC)
Exploit Title: AMPPS 2.7 - Denial of Service PoC Dork: N/A Date: 2018-11-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.ampps.com/ Software Link: https://kent.dl.sourceforge.net/project/ampps/2.7/Ampps-2.7-setup.exe Version: 2.7 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Dell OpenManage Network Manager 6.2.0.51 SP3 - Multiple Vulnerabilities
''' KL-001-2018-009 : Dell OpenManage Network Manager Multiple Vulnerabilities Title: Dell OpenManage Network Manager Multiple Vulnerabilities Advisory ID: KL-001-2018-009 Publication Date: 2018.11.05 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2018-009.txt 1...
Rmedia SMS 1.0 - SQL Injection
Exploit Title: Rmedia SMS 1.0 - SQL Injection Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://sms.rmediaindia.com/ Software Link: https://master.dl.sourceforge.net/project/rmediasms/rmediasms.rar Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...
Atlassian Jira - (Authenticated) Upload Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Jira Authenticated Upload Code Execution', 'Description' = %q This module can be used to execute a payload on Atlassian Jira via the...