47885 matches found
GPS Tracking System 2.12 - 'username' SQL Injection
Exploit Title: GPS Tracking System 2.12 - 'username' SQL Injection Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/gpstracking/ Software Link: https://kent.dl.sourceforge.net/project/gpstracking/gps.zip Version: 2.12 Category: Webapps Test...
Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)
include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res = FindResourcehMod, MAKEINTRESOURCEIDRDATA1, rsrcName; DWORD dllSize = SizeofResourcehMod, res; void dllBuff = LoadResourcehMod, res; HANDLE...
PlayJoom 0.10.1 - 'catid' SQL Injection
Exploit Title: PlayJoom 0.10.1 - 'catid' SQL Injection Dork: N/A Date: 2018-11-07 Exploit Author: Ihsan Sencan Vendor Homepage: http://playjoom.telgo.info/ Software Link: https://ayera.dl.sourceforge.net/project/playjoom/0.10.1/playjoom-0.10.1-installpackage.zip Version: 0.10.1 Category: Webapps...
OpenSLP 2.0.0 - Multiple Vulnerabilities
/ | | | / / | . | . | -| | -| | . | ||/ || |||||| | || || 2018-11-07 MORE BUGS IN OPENSLP-2.0.0 ========================== I discovered some bugs in openslp-2.0.0 back in January, 2018. One of them I disclosed in June dumpco.re/blog/openslp-2.0.0-double-free, and today I'm disclosing two more. BU...
FaceTime - 'readSPSandGetDecoderParams' Stack Corruption
There are a variety of problems that occur when processing malformed H264 streams in readSPSandGetDecoderParams, leading to OOB read, OOB write and stackchk crashes. I think the root cause is stack corruption. This issue can occur if someone accepts a malicious FaceTime call. To reproduce the...
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Morris Worm sendmail Debug Mode Shell Escape', 'Description' = %q This module exploits sendmail's well-known historical debug mo...
OOP CMS BLOG 1.0 - 'search' SQL Injection
Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category: Webapps Tested on:...
Arm Whois 3.11 - Buffer Overflow (SEH)
Exploit Title: Arm Whois 3.11 - Buffer Overflow SEH Date: 2018-11-05 Exploit Author: Yair Rodríguez Aparicio 0-day DoS exploit, Semen Alexandrovich Lyhin 1-day fully working exploit Vendor Homepage: http://www.armcode.com/ Software Link: http://www.armcode.com/downloads/arm-whois.exe Version: 3.1...
libiec61850 1.3 - Stack Based Buffer Overflow
Exploit Title: libiec61850 1.3 - Stack Based Buffer Overflow Date: 2018-11-06 Exploit Author: Dhiraj Mishra Vendor Homepage: http://libiec61850.com/libiec61850/ Software Link: https://github.com/mz-automation/libiec61850 Version: 1.3 Tested on: Linux 4.15.0-38-generic CVE: CVE-2018-18957...
Grocery crud 1.6.1 - 'search_field' SQL Injection
Exploit Title: Grocery crud 1.6.1 - 'searchfield' SQL Injection Google Dork: n/a Date: 2018-11-05 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.grocerycrud.com/ Software Link: https://www.grocerycrud.com/downloads Version: 1.6.1 Tested on: Win10/Kali Linux CVE : 1. Proof of Conce...
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
Exploit Title: LibreHealth 2.0.0 - Arbitrary File Actions Date: 2018-10-19 Exploit Author: Carlos Avila Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested on: Debian LAMP, LibreHealth 2.0.0 LibreHealth is the 'fork' of the OpenEMR...
FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption
There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer. The issue can be reproduced using the attached sequence of RTP packets. To reproduce the issue: 1 Build video-replay.c...
VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
Exploit Title: VSAXESS V2.6.2.70 build20171226053 - 'organization' Denial of Service PoC Discovery by: Diego Santamaria Discovery Date: 2018-11-05 Vendor Homepage: https:https://www.visionistech.com/en/home/ Software Link: https://www.visionistech.com/en/vsaxess-desktop-software/ Tested Version:...
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Morris Worm fingerd Stack Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in fingerd on 4.3BSD. This...
OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category: Webapps Tested on...
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection Date: 2018-11-05 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sourceforge.net/projects/bigchef/ Software Link: https://sourceforge.net/projects/bigchef/files/latest/download...
FaceTime - RTP Video Processing Heap Corruption
There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not cra...
blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "blueimp's jQuery Arbitrary File Upload", 'Description' = %q This module exploits an arbitrary file upload in the sample PHP upload handler for...
eToolz 3.4.8.0 - Denial of Service (PoC)
Exploit Title: eToolz 3.4.8.0 - Denial of Service PoC Dork: N/A Date: 2018-11-03 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.gaijin.at Software Link: https://www.gaijin.at/de/software/etoolz Version: 3.4.8.0 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1 Host name / I...
Blue Server 1.1 - Denial of Service (PoC)
Exploit Title: Blue Server 1.1 - Denial of Service PoC Dork: N/A Date: 2018-11-02 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mafiatic.org/ Software Link: https://master.dl.sourceforge.net/project/blueserver/Blue-Server-1.1.exe Version: 1.1 Category: Dos Tested on: WiN7x64/KaLiLinuXx...
CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Date: 2018-11-04 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
SiAdmin 1.1 - 'id' SQL Injection
Exploit Title: SiAdmin 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.bubul.net/ Software Link: https://kent.dl.sourceforge.net/project/siadmin/SiAdmin%201.1/SiAdmin%201.1.zip Version: 1.1 Category: Webapps Tested on:...
WebVet 0.1a - 'id' SQL Injection
Exploit Title: WebVet 0.1a - 'id' SQL Injection Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://webvet.exreality.net/ Software Link: https://netix.dl.sourceforge.net/project/webvet/webvet20130708.zip Version: 0.1a Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Royal TS/X - Information Disclosure
RoyalTS/X Exploit var wsUri = "ws://127.0.0.1:54890/"; var output; function init output = document.getElementById"output"; testWebSocket; function testWebSocket writeToScreen"Let's retrieve some data..."; websocket = new WebSocketwsUri; websocket.onopen = functionevt...
LiquidVPN 1.36 / 1.37 - Privilege Escalation
/ ======================================================================= Title: Multiple Privilege Escalation Vulnerabilities Product: LiquidVPN for MacOS Vulnerable versions: 1.37, 1.36 and earlier CVE IDs: CVE-2018-18856, CVE-2018-18857, CVE-2018-18858, CVE-2018-18859 Impact: Critical Homepage...
Softros LAN Messenger 9.2 - Denial of Service (PoC)
Exploit Title: Softros LAN Messenger 9.2 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-11-02 Vendor Homepage: https://messenger.softros.com/ Software Link: https://messenger.softros.com/downloads/ Tested Version: 9.2 Tested on: Windows 10 Single Language x64 / Window...
Voovi Social Networking Script 1.0 - 'user' SQL Injection
Exploit Title: Voovi Social Networking Script 1.0 - 'user' SQL Injection Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.adminspoint.com/voovi/index.php Software Link: https://netix.dl.sourceforge.net/project/voovi/voovi%20a%20social%20networking%20script.zip...
PHP Proxy 3.0.3 - Local File Inclusion
Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Date: 04.11.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version: v3.0.3 Category: Webapps Tested on: XAMP...
Poppy Web Interface Generator 0.8 - Arbitrary File Upload
Exploit Title: Poppy Web Interface Generator 0.8 - Arbitrary File Upload Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://poppy.dc-development.de/ Software Link: https://master.dl.sourceforge.net/project/poppy-beta-rc/poppy0.8betarc.zip Version: 0.8 Category: Webapp...
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
Exploit Title: Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Date: 2018-11-02 Exploit Author: Chris Lyne @lynerc Vendor Homepage: http://www.advantech.com Device: NRVMini2 Software Link: http://downloadt.advantech.com/download/downloadsr.aspx?FileId=1-1MDG1BH Version: 8.3.2 Tested on:...
Microsoft Internet Explorer 11 - Null Pointer Dereference
Exloit Title: Microsoft Internet Explorer 11 - Null Pointer Difference Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-03 Vendor: Microsoft Corporation Product web page: https://www.microsoft.com Affected version: 11.345.17134.0 Update Versions: 11.0.90 KB4462949 11.1387.15063.0 Upda...
Mongo Web Admin 6.0 - Information Disclosure
Exploit Title: Mongo Web Admin 6.0 - Information Disclosure Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mongoadmin.org/ Software Link: https://netix.dl.sourceforge.net/project/mongo-web-admin/mongoDesktopAdminSetup-beta-6.exe Version: 6.0 Category: Webapps...
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Exploit Title: Virgin Media Hub 3.0 Router - Denial of Service PoC Google Dork: N/A Date: 2018-11-03 Exploit Author: Ross Inman Vendor Homepage: https://www.broadbandchoices.co.uk/guides/hardware/virgin-media-broadband-routers Software Link: N/A Version: Virgin Media Hub 3.0 Tested on: Linux CVE ...
Gate Pass Management System 2.1 - 'login' SQL Injection
Exploit Title: Gate Pass Management System 2.1 - 'login' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.livebms.com Software Link: https://netcologne.dl.sourceforge.net/project/gatepass/gpmsUpdate.zip Version: 2.1 Category: Webapps Tested on:...
Jelastic 5.4 - 'host' SQL Injection
Exploit Title: Jelastic 5.4 - 'host' SQL injection Google Dork: N/A Date: date Exploit Author: Procode701 Vendor Homepage: https://jelastic.com/ Software Link: https://jelastic.com/ Version: 5.4 Tested on: Kali Linux CVE : N/A POC: The application /1.0/users/authentication/rest/signin is vulnerab...
Anviz AIM CrossChex Standard 4.3 - CSV Injection
Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-01 Vendor: Anviz Biometric Technology Co., Ltd. Product web page: https://www.anviz.com Affected version: 4.3.6.0 Tested on: Microsoft Windows 7 Professional SP1 EN CVE: N/...
Zint Barcode Generator 2.6 - Denial of Service (PoC)
Exploit Title: Zint Barcode Generator 2.6 - Denial of Service PoC Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.zint.org.uk Software Link: https://sourceforge.net/projects/zint/files/latest/download Version: 2.6 Category: Dos Tested on: WiN7x64/KaLiLinuXx64...
Intel (Skylake / Kaby Lake) - 'PortSmash' CPU SMT Side-Channel
Summary This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407. Setup Prerequisites A CPU featuring SMT e.g. Hyper-Threading is the only requirement. This exploit code should work out of the box on Skylake and Kaby Lake. For other SMT architectures,...
Fantastic Blog CMS 1.0 - 'id' SQL Injection
Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link: https://www.sourcecodester.com/sites/default/files/download/Ronald%20Ronnie/fantasticblog0.zip...
Yot CMS 3.3.1 - 'aid' SQL Injection
Exploit Title: Yot CMS 3.3.1 - 'aid' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: https://yot.sourceforge.io/ Software Link: https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip Version: 3.3.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
WinMTR 0.91 - Denial of Service (PoC)
Exploit Title: WinMTR 0.91 - Denial of Service PoC Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://winmtr.net Software Link: http://winmtr.net/winmtrdownload/ Version: 0.91 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1 Host: Payload !/usr/bin/python...
CdCatalog 2.3.1 - Denial of Service (PoC)
Exploit Title: CdCatalog 2.3.1 - Denial of Service PoC Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://cdcat.sourceforge.net Software Link: https://netcologne.dl.sourceforge.net/project/cdcat/cdcat/cdcat-2.3.1/cdcat-2.3.1.tar.bz2 Version: 2.3.1 Category: Dos Tested...
qdPM 9.1 - 'filter_by' SQL Injection
Exploit Title: qdPM 9.1 - 'filterby' SQL Injection Date: 2018-11-01 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://qdpm.net Software Link: http://qdpm.net/download-qdpm-free-project-management Version: v9.1 Category: Webapps Tested on: XAMPP for...
Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)
Exploit Title: Artha The Open Thesaurus 1.0.3.0 - Denial of Service PoC Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://artha.sourceforge.net Software Link: https://netcologne.dl.sourceforge.net/project/artha/artha/1.0.3/artha1.0.3.0.exe Version: 1.0.3.0 Category:...
WebDrive 18.00.5057 - Denial of Service (PoC)
Exploit Title: WebDrive 18.00.5057 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-10-31 Vendor Homepage: https://webdrive.com/ Software Link: https://webdrive.com/download/ Tested Version: 18.00.5057 Tested on: Windows 10 Single Language x64 Steps to produce the crash...
Arm Whois 3.11 - Denial of Service (PoC)
Exploit Title: Arm Whois 3.11 - Denial of Service PoC Date: 2018-10-31 Exploit Author: Yair Rodríguez Aparicio Vendor Homepage: http://www.armcode.com/ Software Link: http://www.armcode.com/downloads/arm-whois.exe Version: 3.11 Tested on: Windows XP Profesional Español SP3 x86 Steps to Produce th...
WordPress Plugin GoURL.io < 1.4.14 - File Upload
Shell link...
SmartFTP Client 9.0.2615.0 - Denial of Service (PoC)
Exploit Title: SmartFTP Client 9.0.2615.0 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-10-30 Vendor Homepage: https://www.smartftp.com/en-us/ Software Link: https://www.smartftp.com/en-us/download Tested Version: 9.0.2615.0 Tested on: Windows 10 Single Language x64...
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User Log". This way attacker can store JavaScript code that can for...
South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection
Exploit Title: South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/janobe/southgateinn0.zip...