47904 matches found
Webiness Inventory 2.3 - 'order' SQL Injection
Exploit Title: Webiness Inventory 2.3 - SQL Injection Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://github.com/webiness/webinessinventory Software Link: https://kent.dl.sourceforge.net/project/webinessinventory/2.3/webinessinventory-2.3.zip Version: 2.3 Category...
Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload
Exploit Title: Alive Parish 2.0.4 - SQL Injection / Arbitrary File Upload Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://demo.aliveparish.com Software Link: https://netcologne.dl.sourceforge.net/project/aliveparish/aliveparish-v2.0.zip Version: 2.0.4 Category:...
Silurus Classifieds Script 2.0 - 'wcategory' SQL Injection
Exploit Title: Silurus Classifieds Script 2.0 - SQL Injection Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://snowhall.com/store/silurus/ Software Link: https://netcologne.dl.sourceforge.net/project/silurus/silurus2.0.zip Version: 2.0 Category: Webapps Tested on:...
ClipperCMS 1.3.3 - Cross-Site Request Forgery (File Upload)
Exploit Title: ClipperCMS 1.3.3 File Upload CSRF Vulnerability Date: 2018-11-11 Exploit Author: Ameer Pornillos Website: http://ethicalhackers.club Vendor Homepage: http://www.clippercms.com/ Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper1.3.3 Version: 1.3.3 Tested o...
Gumbo CMS 0.99 - SQL Injection
Exploit Title: Gumbo CMS 0.99 - SQL Injection Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://gumbo-cms.net/ Software Link: https://netix.dl.sourceforge.net/project/gumbo-cms/0.99%20beta/gumbo-0.99beta.zip Version: 0.99 Category: Webapps Tested on:...
TufinOS 2.17 Build 1193 - XML External Entity Injection
Exploit Title: TufinOS 2.17 Build 1193 - XML External Entity Injection Exploit Author: konstantinos Alexiou Date: 2018-10-18 Vendor: https://www.tufin.com Software Link: https://www.tufin.com/tufin-orchestration-suite/securetrack CVE: N/A Category: webapps 1. Description The SecureTrack applicati...
Nominas 0.27 - 'username' SQL Injection
Exploit Title: Nominas 0.27 - 'username' SQL Injection Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: http://arixolab.com/proyecto.html Software Link: https://netix.dl.sourceforge.net/project/nominascrm/Nominas%20v0.27.tar.gz Version: 0.27 Category: Webapps Tested on:...
GPS Tracking System 2.12 - 'username' SQL Injection
Exploit Title: GPS Tracking System 2.12 - 'username' SQL Injection Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/gpstracking/ Software Link: https://kent.dl.sourceforge.net/project/gpstracking/gps.zip Version: 2.12 Category: Webapps Test...
CuteFTP 9.3.0.3 - Denial of Service (PoC)
Exploit Title: CuteFTP 9.3.0.3 - Denial of Service PoC Date: 2018-11-05 Exploit Author: Ismael Nava Vendor Homepage: https://www.globalscape.com/cuteftp Software Link: https://www.globalscape.com/cuteftp Version: 9.3.0.3 Tested on: Windows 10 Home x64 CVE : n/a STEPS Run the python exploit script...
Mongoose Web Server 6.9 - Denial of Service (PoC)
Exploit Title: Mongoose Web Server 6.9 - Denial of Service PoC Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://cesanta.com/binary.html Software Link: https://backend.cesanta.com/cgi-bin/api.cgi?act=dl&os=win Version: 6.9 Category: Dos Tested on: WiN7x64/KaLiLinuXx...
D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery
Exploit Title: D-LINK Central WifiManager CWM-100 - Server-Side Request Forgery Author: John Page aka hyp3rlinx Date: 2018-11-09 Vendor: http://us.dlink.com Product Link: http://us.dlink.com/products/business-solutions/central-wifimanager-software-controller/ Version: Version 1.03 r0098 CVE: N/A...
Easyndexer 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Easyndexer 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/easyndexer/ Software Link: https://ayera.dl.sourceforge.net/project/easyndexer/easyndexerwin32.exe Version: 1.0 Category:...
ServerZilla 1.0 - 'email' SQL Injection
Exploit Title: ServerZilla 1.0 - 'email' SQL Injection Dork: N/A Date: 2018-11-08 Exploit Author: Ihsan Sencan Vendor Homepage: https://serverzilla.sourceforge.io/ Software Link: https://ayera.dl.sourceforge.net/project/serverzilla/ServerZillasrc.zip Version: 1.0 Category: Webapps Tested on:...
Paroiciel 11.20 - 'tRecIdListe' SQL Injection
Exploit Title: Paroiciel 11.20 - 'tRecIdListe' SQL Injection Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.paroiciel.com/ Software Link: https://datapacket.dl.sourceforge.net/project/paroiciel/version%2011/par6lus1120160225.exe Version: 11.20 Category: Webap...
The Don 1.0.1 - 'login' SQL Injection
Exploit Title: The Don 1.0.1 - 'login' SQL Injection Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://thedon.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/thedon/thedon-1.0b.rar Version: 1.0.1 Category: Webapps Tested on:...
HeidiSQL 9.5.0.5196 - Denial of Service (PoC)
Exploit Title: HeidiSQL 9.5.0.5196 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-11-06 Vendor Homepage: https://www.heidisql.com/ Software Link: https://www.heidisql.com/download.php Tested Version: 9.5.0.5196 Tested on: Windows 10 Single Language x64 / Windows 7 x64...
WordPress Plugin Media File Manager 1.4.2 - Directory Traversal / Cross-Site Scripting
Exploit Title: Wordpress Plugin Media File Manager 1.4.2 - Directory Traversal Date: 2018-05-11 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage: https://wordpress.org/plugins/media-file-manager/ Software Link: https://wordpress.org/plugins/media-file-manager/ Version: 1.4.2 CVE: N/A...
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
Exploit Title: TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Date: 2018-11-07 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3 00000001 Firmware Link:...
Facturation System 1.0 - 'modid' SQL Injection
Exploit Title: Facturation System 1.0 - 'modid' SQL Injection Dork: N/A Date: 2018-11-08 Exploit Author: Ihsan Sencan Vendor Homepage: http://obedalvarado.pw/simple-invoice/ Software Link: https://kent.dl.sourceforge.net/project/simple-invoice/simple-invoice-master.zip Version: 1.0 Category:...
Data Center Audit 2.6.2 - 'username' SQL Injection
Exploit Title: Data Center Audit 2.6.2 - 'username' SQL Injection Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/datacenteraudit/ Software Link: https://netix.dl.sourceforge.net/project/datacenteraudit/datacenterauditv262.zip Version: 2.6...
Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)
include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res = FindResourcehMod, MAKEINTRESOURCEIDRDATA1, rsrcName; DWORD dllSize = SizeofResourcehMod, res; void dllBuff = LoadResourcehMod, res; HANDLE...
OpenSLP 2.0.0 - Multiple Vulnerabilities
/ | | | / / | . | . | -| | -| | . | ||/ || |||||| | || || 2018-11-07 MORE BUGS IN OPENSLP-2.0.0 ========================== I discovered some bugs in openslp-2.0.0 back in January, 2018. One of them I disclosed in June dumpco.re/blog/openslp-2.0.0-double-free, and today I'm disclosing two more. BU...
PlayJoom 0.10.1 - 'catid' SQL Injection
Exploit Title: PlayJoom 0.10.1 - 'catid' SQL Injection Dork: N/A Date: 2018-11-07 Exploit Author: Ihsan Sencan Vendor Homepage: http://playjoom.telgo.info/ Software Link: https://ayera.dl.sourceforge.net/project/playjoom/0.10.1/playjoom-0.10.1-installpackage.zip Version: 0.10.1 Category: Webapps...
FaceTime - 'VCPDecompressionDecodeFrame' Memory Corruption
There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer. The issue can be reproduced using the attached sequence of RTP packets. To reproduce the issue: 1 Build video-replay.c...
FaceTime - RTP Video Processing Heap Corruption
There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This issue only affects FaceTime on iOS, it does not cra...
blueimp's jQuery 9.22.0 - (Arbitrary) File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "blueimp's jQuery Arbitrary File Upload", 'Description' = %q This module exploits an arbitrary file upload in the sample PHP upload handler for...
libiec61850 1.3 - Stack Based Buffer Overflow
Exploit Title: libiec61850 1.3 - Stack Based Buffer Overflow Date: 2018-11-06 Exploit Author: Dhiraj Mishra Vendor Homepage: http://libiec61850.com/libiec61850/ Software Link: https://github.com/mz-automation/libiec61850 Version: 1.3 Tested on: Linux 4.15.0-38-generic CVE: CVE-2018-18957...
OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category: Webapps Tested on...
Blue Server 1.1 - Denial of Service (PoC)
Exploit Title: Blue Server 1.1 - Denial of Service PoC Dork: N/A Date: 2018-11-02 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mafiatic.org/ Software Link: https://master.dl.sourceforge.net/project/blueserver/Blue-Server-1.1.exe Version: 1.1 Category: Dos Tested on: WiN7x64/KaLiLinuXx...
Morris Worm - sendmail Debug Mode Shell Escape (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Morris Worm sendmail Debug Mode Shell Escape', 'Description' = %q This module exploits sendmail's well-known historical debug mo...
FaceTime - 'readSPSandGetDecoderParams' Stack Corruption
There are a variety of problems that occur when processing malformed H264 streams in readSPSandGetDecoderParams, leading to OOB read, OOB write and stackchk crashes. I think the root cause is stack corruption. This issue can occur if someone accepts a malicious FaceTime call. To reproduce the...
Grocery crud 1.6.1 - 'search_field' SQL Injection
Exploit Title: Grocery crud 1.6.1 - 'searchfield' SQL Injection Google Dork: n/a Date: 2018-11-05 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.grocerycrud.com/ Software Link: https://www.grocerycrud.com/downloads Version: 1.6.1 Tested on: Win10/Kali Linux CVE : 1. Proof of Conce...
Morris Worm - fingerd Stack Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Morris Worm fingerd Stack Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in fingerd on 4.3BSD. This...
eToolz 3.4.8.0 - Denial of Service (PoC)
Exploit Title: eToolz 3.4.8.0 - Denial of Service PoC Dork: N/A Date: 2018-11-03 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.gaijin.at Software Link: https://www.gaijin.at/de/software/etoolz Version: 3.4.8.0 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1 Host name / I...
OOP CMS BLOG 1.0 - 'search' SQL Injection
Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0 Category: Webapps Tested on:...
CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Date: 2018-11-04 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...
Arm Whois 3.11 - Buffer Overflow (SEH)
Exploit Title: Arm Whois 3.11 - Buffer Overflow SEH Date: 2018-11-05 Exploit Author: Yair Rodríguez Aparicio 0-day DoS exploit, Semen Alexandrovich Lyhin 1-day fully working exploit Vendor Homepage: http://www.armcode.com/ Software Link: http://www.armcode.com/downloads/arm-whois.exe Version: 3.1...
LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions
Exploit Title: LibreHealth 2.0.0 - Arbitrary File Actions Date: 2018-10-19 Exploit Author: Carlos Avila Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested on: Debian LAMP, LibreHealth 2.0.0 LibreHealth is the 'fork' of the OpenEMR...
OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection
Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection Date: 2018-11-05 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sourceforge.net/projects/bigchef/ Software Link: https://sourceforge.net/projects/bigchef/files/latest/download...
VSAXESS V2.6.2.70 build20171226_053 - 'organization' Denial of Service (PoC)
Exploit Title: VSAXESS V2.6.2.70 build20171226053 - 'organization' Denial of Service PoC Discovery by: Diego Santamaria Discovery Date: 2018-11-05 Vendor Homepage: https:https://www.visionistech.com/en/home/ Software Link: https://www.visionistech.com/en/vsaxess-desktop-software/ Tested Version:...
Voovi Social Networking Script 1.0 - 'user' SQL Injection
Exploit Title: Voovi Social Networking Script 1.0 - 'user' SQL Injection Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.adminspoint.com/voovi/index.php Software Link: https://netix.dl.sourceforge.net/project/voovi/voovi%20a%20social%20networking%20script.zip...
LiquidVPN 1.36 / 1.37 - Privilege Escalation
/ ======================================================================= Title: Multiple Privilege Escalation Vulnerabilities Product: LiquidVPN for MacOS Vulnerable versions: 1.37, 1.36 and earlier CVE IDs: CVE-2018-18856, CVE-2018-18857, CVE-2018-18858, CVE-2018-18859 Impact: Critical Homepage...
Softros LAN Messenger 9.2 - Denial of Service (PoC)
Exploit Title: Softros LAN Messenger 9.2 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-11-02 Vendor Homepage: https://messenger.softros.com/ Software Link: https://messenger.softros.com/downloads/ Tested Version: 9.2 Tested on: Windows 10 Single Language x64 / Window...
Advantech WebAccess SCADA 8.3.2 - Remote Code Execution
Exploit Title: Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Date: 2018-11-02 Exploit Author: Chris Lyne @lynerc Vendor Homepage: http://www.advantech.com Device: NRVMini2 Software Link: http://downloadt.advantech.com/download/downloadsr.aspx?FileId=1-1MDG1BH Version: 8.3.2 Tested on:...
Microsoft Internet Explorer 11 - Null Pointer Dereference
Exloit Title: Microsoft Internet Explorer 11 - Null Pointer Difference Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-03 Vendor: Microsoft Corporation Product web page: https://www.microsoft.com Affected version: 11.345.17134.0 Update Versions: 11.0.90 KB4462949 11.1387.15063.0 Upda...
Mongo Web Admin 6.0 - Information Disclosure
Exploit Title: Mongo Web Admin 6.0 - Information Disclosure Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mongoadmin.org/ Software Link: https://netix.dl.sourceforge.net/project/mongo-web-admin/mongoDesktopAdminSetup-beta-6.exe Version: 6.0 Category: Webapps...
PHP Proxy 3.0.3 - Local File Inclusion
Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Date: 04.11.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version: v3.0.3 Category: Webapps Tested on: XAMP...
Royal TS/X - Information Disclosure
RoyalTS/X Exploit var wsUri = "ws://127.0.0.1:54890/"; var output; function init output = document.getElementById"output"; testWebSocket; function testWebSocket writeToScreen"Let's retrieve some data..."; websocket = new WebSocketwsUri; websocket.onopen = functionevt...
WebVet 0.1a - 'id' SQL Injection
Exploit Title: WebVet 0.1a - 'id' SQL Injection Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://webvet.exreality.net/ Software Link: https://netix.dl.sourceforge.net/project/webvet/webvet20130708.zip Version: 0.1a Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Virgin Media Hub 3.0 Router - Denial of Service (PoC)
Exploit Title: Virgin Media Hub 3.0 Router - Denial of Service PoC Google Dork: N/A Date: 2018-11-03 Exploit Author: Ross Inman Vendor Homepage: https://www.broadbandchoices.co.uk/guides/hardware/virgin-media-broadband-routers Software Link: N/A Version: Virgin Media Hub 3.0 Tested on: Linux CVE ...