47885 matches found
KORA 2.7.0 - 'cid' SQL Injection
Exploit Title: KORA 2.7.0 - SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.matrix.msu.edu/ Software Link: https://sourceforge.net/projects/kora/files/latest/download Version: 2.7.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...
NoMachine < 5.3.27 - Remote Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo Vendor www.nomachine.com Product NoMachine / hyp3rlinx / / gcc -c -m32...
LUYA CMS 1.0.12 - Cross-Site Scripting
Exploit Title: LUYA CMS 1.0.12 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: https://luya.io/ Software Link : https://github.com/luyadev/luya/ Software : LUYA CMS Version : 1.0.12 Vulernability Type : Cross-site Scripting Vulenrability : Stored XSS CVE :...
Phoenix Contact WebVisit 2985725 - Authentication Bypass
Exploit Title: Phoenix Contact WebVisit 2985725 - Authentication Bypass Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.phoenixcontact.com Software Link: https://www.phoenixcontact.com/online/portal/nl/?uri=pxc-oc-itemdetail:pid=2985725&library=nlnl&pcck=P-19-05-01&tab=5 Version...
CAMALEON CMS 2.4 - Cross-Site Scripting
Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernability Type : Cross-site Scripting...
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
Exploit Title: HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on:...
D-Link Routers - Directory Traversal
Directory Traversal CVE: CVE-2018-10822 CVSS v3: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Description: Directory traversal vulnerability in the web interface on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912...
D-Link Routers - Command Injection
Shell command injection CVE: CVE-2018-10823 CVSS v3: 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably...
HaPe PKH 1.1 - Arbitrary File Upload
Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
D-Link Routers - Plaintext Password
Password stored in plaintext CVE: CVE-2018-10824 Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, DWR-111 through 1.01, and probably...
SugarCRM 6.5.26 - Cross-Site Scripting
Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version: 6.5.26 Tested on: Ubuntu 16.04 CVE :...
HaPe PKH 1.1 - 'id' SQL Injection
Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC...
Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection
Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Previe...
WAGO 750-881 01.09.18 - Cross-Site Scripting
Exploit Title: WAGO 750-881 01.09.18 - Cross-Site Scripting Date: 2018-08-30 Exploit Author: SecuNinja @secuninja Vendor Homepage: wago.com Version: 01.09.1813 and earlier Affected Products: Ethernet Controller 750-881 - 01.09.1813, 01.08.01 10 CVE : N/A Description WAGO 750-881 Ethernet Controll...
Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection
Exploit Title: Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Preview 4 CVE:...
jQuery-File-Upload 9.22.0 - Arbitrary File Upload
Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload Author: Larry W. Cashdollar, @larry0 Date: 2018-10-09 Vendor: https://github.com/blueimp Download Site: https://github.com/blueimp/jQuery-File-Upload/releases CVE-ID: N/A Vulnerability: The code in...
Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection
Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server Management Studio 17.9 and SQL Server Management Studio 18.0 Preview...
Wikidforum 2.20 - Cross-Site Scripting
Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Date: 2018-10-10 Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download Version:...
E-Registrasi Pencak Silat 18.10 - 'id_partai' SQL Injection
Exploit Title: E-Registrasi Pencak Silat 18.10 - 'idpartai' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-11 Vendor Homepage: https://sourceforge.net/projects/eregistrasi-kejuaraan-silat/ Software Link:...
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
Exploit Title: Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Author: Deneut Tijl Date: 2018-09-30 Vendor Homepage: www.phoenixcontact.com Software Link: https://www.phoenixcontact.com/online/portal/nl/?uri=pxc-oc-itemdetail:pid=2985725&library=nlnl&pcck=P-19-05-01&tab=5 Version:...
WhatsApp - RTP Processing Heap Corruption
Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet. 08-31 15:43:50.721 9428 9713 F libc : Fatal signal 11 SIGSEGV, code 1, fault addr 0x7104200000 in tid 9713 Thread-11 08-31 15:43:50.722 382 382 W : debuggerd: handling request: pid=9428 uid=10119...
FileZilla 3.33 - Buffer Overflow (PoC)
Exploit Title: FileZilla 3.33 Buffer-Overflow PoC Author: Kağan Çapar Discovery Date: 2018-10-10 Software Link: https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/filezilla/3.33.0-1/filezilla3.33.0-1.debian.tar.xz Vendor Homepage : https://filezilla-project.org Tested Version: 3.33 Tested...
MicroTik RouterOS < 6.43rc3 - Remote Root
/ Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on: RouterOS Various CVE : CVE-2018-14847 By...
Ektron CMS 9.20 SP2 - Improper Access Restrictions
Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CWE-284 Description ================ Ektr...
Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow (SEH) (DEP Bypass)
Exploit Title: Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow SEH DEP Bypass Date: 2018-10-08 Exploit Author: Matteo Malvica Vendor: Cleanersoft Software Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper Tested Version: 2.8 Tested on OS: Windows 7 -...
Microsoft Edge Chakra JIT - Type Confusion
/ The switch statement only handles Js::TypeIdsArray but not Js::TypeIdsNativeIntArray and Js::TypeIdsNativeFloatArray. So for example, a native float array can be considered as of type ObjectType::Object under certain circumstances where "objValueType.IsLikelyArrayOrObjectWithArray" is not...
ifwatchd - Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ifwatchd Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the...
Wikidforum 2.20 - 'message_id' SQL Injection
Exploit Title: Wikidforum 2.20 - 'messageid' SQL Injection Exploit Author: Ihsan Sencan Exploit Author: Ihsan Sencan Date: 2018-10-09 Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link: https://sourceforge.net/projects/wikidforum/files/Wikidforum-com-ed.2.20.zip/download...
Delta Electronics Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Delta Electronics Delta Industrial Automation COMMGR 1.08 Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer...
Microsoft Edge Chakra JIT - 'BailOutOnInvalidatedArrayHeadSegment' Check Bypass
/ The BailOutOnInvalidatedArrayHeadSegment check uses the JavascriptArray::GetArrayForArrayOrObjectWithArray method to check whether the given object is an array. If it's not an array, it will decide to skip the check which means that no bailout will happen. The...
Seqrite End Point Security 7.4 - Privilege Escalation
Exploit Title: Seqrite End Point Security 7.4 - Privilege Escalation Date: 2018-09-13 Exploit Author: Hashim Jawad - @ihack4falafel Vendor Homepage: https://www.seqrite.com/ Tested on: Windows 7 Enterprise SP1 x64 CVE: CVE-2018-17775 Description: Seqrite End Point Security v7.4 installs by defaul...
ghostscript - executeonly Bypass with errorhandler Setup
While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc. Additionally, because nautilus will automatically invoke...
Wikidforum 2.20 - 'select_sort' SQL Injection
Exploit Title: Wikidforum 2.20 - 'selectsort' SQL Injection Date: 2018-10-08 Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...
Linux/x86 - execve(/bin/sh) + MMX/ROT13/XOR Shellcode (Encoder/Decoder) (104 bytes)
Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes. Shellcode exploit for Linuxx86 platform Title: Linux/x86 - execve/bin/sh + MMX/ROT13/XOR Shellcode Encoder/Decoder 104 bytes Author: Kartik Durg Date: 201-10-04 Shellcode Length: 104 BYTES Student-ID: SLAE-1233 Write-u...
Linux/MIPS (Big Endian) - execve(/bin/sh) + Reverse TCP 192.168.2.157/31337 Shellcode (181 bytes)
Linux/MIPS Big Endian - execve/bin/sh + Reverse TCP 192.168.2.157/31337 Shellcode 181 bytes. Shellcode exploit for LinuxMIPS platform / Linux/MIPS Big Endian - execve/bin/sh + Reverse TCP 192.168.2.157/31337 Shellcode 181 bytes Author: cq674350529 Date: 2018-10-07 - execve'/bin/sh', tcp -...
Unitrends UEB - HTTP API Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unitrends UEB http api remote code execution', 'Description' = %q It was discovered that the api/storage web interface in Unitrends Backup UB...
Android - sdcardfs Changes current->fs Without Proper Locking
Tested on a Pixel 2 walleye: ro.build.abupdate: true ro.build.characteristics: nosdcard ro.build.date: Mon Jun 4 22:10:18 UTC 2018 ro.build.date.utc: 1528150218 ro.build.description: walleye-user 8.1.0 OPM2.171026.006.G1 4820017 release-keys ro.build.display.id: OPM2.171026.006.G1...
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure
Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0, Websocket/13 RFC 6455 Affected firmware version: V1.01-0bb5b27...
Microsoft Windows - Net-NTLMv2 Reflection DCOM/RPC (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows Net-NTLMv2 Reflection DCOM/RPC', 'Description' = %q Module utilizes the Net-NTLMv2...
Imperva SecureSphere 13 - Remote Command Execution
Title: Imperva SecureSphere 13 - Remote Command Execution Author: rsp3ar Date: 2018-10-08 Vendor: https://www.imperva.com/products/securesphere/ CVE: N/A Version: 13.0.10, 13.1.10, 13.2.10 Tested on: SecureSphere Virtual Appliance Description PWS is a component in SecureSphere v13, which consists...
Linux - Kernel Pointer Leak via BPF
/ Commit 82abbf8d2fc46d79611ab58daa7c608df14bb3ee "bpf: do not allow root to mangle valid pointers", first in v4.15 included the following snippet: ========= @@ -2319,43 +2307,29 @@ static int adjustregminmaxvalsstruct bpfverifierenv env, if srcreg-type != SCALARVALUE if dstreg-type != SCALARVALU...
Navigate CMS - (Unauthenticated) Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Navigate CMS Unauthenticated Remote Code Execution', 'Description' = %q This module exploits insufficient sanitization in the database::protect...
net-snmp 5.7.3 - (Unauthenticated) Denial of Service (PoC)
Exploit Title: net-snmp 5.7.3 - Unauthenticated Denial of Service PoC Date: 2018-10-08 Exploit Author: Magnus Klaaborg Stubman Website: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos Vendor Homepage: http://www.net-snmp.org/ Software Link:...
360 3.5.0.1033 - Sandbox Escape
360 3.5.0.1033 - Sandbox Escape. Local exploit for Windows platform Exploit Title: 360 3.5.0.1033 - Sandbox Escape Date: 2018-10-08 Exploit Author: vrsystem Vendor Homepage: https://www.360.cn/ Software Link: https://dl.360safe.com/360/inst.exe Version: 3.5.0.1033 Tested on: 3.5.0.1033 CVE : None...
net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)
/ | | | / / | | -| || -| | | . | ||/ ||||| ||||||| | || 2018-10-08 NET-SNMP REMOTE DOS =================== Second bug is remotely exploitable only with knowledge of the community string in this case "public" leading to Denial of Service: echo -n...
Zahir Enterprise Plus 6 - Stack Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Zahir Enterprise Plus 6 Stack Buffer Overflow", 'Description' = %q This module exploits a stack buffer overflow in Zahir Enterprise Plus version ...
FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure
Exploit Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: https://www.flir.com Link: https://www.flir.com/security/best-practices-for-cybersecurity/ CVE: N/A Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0,...
Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting
Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS:...
Git Submodule - Arbitrary Code Execution (PoC)
These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the supplied .gitmodules file for a URL field an...
D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities
Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager Software Controller Multiple Vulnerabilities Advisory ID: CORE-2018-0010 Advisory URL:...