47885 matches found
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery Add Admin Author: Cakes Discovery Date: 2018-10-01 Vendor Homepage: http://www.netis-systems.com Software Link: http://www.netis-systems.com/Home/detail/id/74.html Tested Version: RTK 2.1.1 Tested on OS: Kali Linux CV...
ISPConfig < 3.1.13 - Remote Command Execution
Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match the entire file. Since in the new versions ...
Chamilo LMS 1.11.8 - Cross-Site Scripting
Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-05 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version: 1.11.8 for php5 Tested on OS: Kali Linux...
Cisco Prime Infrastructure - (Unauthenticated) Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Prime Infrastructure Unauthenticated Remote Code Execution', 'Description' = %q Cisco Prime Infrastructure CPI contains two basic flaws that...
Linux/x86 - execve(/bin/sh) + NOT/SHIFT-N/XOR-N Encoded Shellcode (50 byes)
Linux/x86 - execve/bin/sh + NOT/SHIFT-N/XOR-N Encoded Shellcode 50 byes. Shellcode exploit for Linuxx86 platform / Title: Linux\x86 NOT +SHIFT-N+ XOR-N + encoded /bin/sh Shellcode 50 byes Author: Pedro Cabral Purpose: spawn /bin/sh shell Tested On: Ubuntu 16.04.01 LTS Arch: x86 Size: 50 bytes...
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)
Title: NICO-FTP 3.0.1.19 - Buffer Overflow SEHASLR Date: 2018-10-04 Platforms: Windows Author: Miguel Mendez Z Vendor: Nico-FTP Version: 3.0.1.19 Tested on: Windows XPsp3 es/ Windows 7x86 eng !/usr/bin/python import struct Bad Byte: \x0a\x0b\x0c\x0d\x0e\x0f\x5d happy =...
LayerBB Forum 1.1.1 - 'search_query' SQL Injection
Exploit Title: LayerBB Forum 1.1.1 - 'searchquery' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-04 Vendor Homepage: https://layerbb.com/ Software Link: https://demo.layerbb.com/ Version: 1.1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1 POST /search.php...
virtualenv 16.0.0 - Sandbox Escape
Exploit Title: virtualenv 16.0.0 - Sandbox Escape Date: 2018-10-02 Exploit Author: vrsystem Vendor Homepage: https://virtualenv.pypa.io/en/stable/ Software Link: https://virtualenv.pypa.io/en/stable/ Version: 16.0.0 Tested on: kali linux CVE : CVE-2018-17793 1 Install root@kali:pip install...
RICOH MP C1803 JPN Printer - Cross-Site Scripting
Exploit Title: RICOH MP C1803 JPN Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link : https://www.ricoh.co.jp/mfp/mpc/1803/ Software : RICOH Printer Product Version: MP C1803 JPN Vulernability Type : Code Injectio...
FTP Voyager 16.2.0 - Denial of Service (PoC)
Exploit Title: FTP Voyager 16.2.0 - Denial of Service PoC Author: Abdullah Alıç Discovey Date: 2018-10-2 Vendor notified : 2018-10-2 Homepage: https://www.serv-u.com/ Software Link: https://www.serv-u.com/ftp-voyager Tested Version: 16.2.0 Tested on OS: Windows XP Professional sp3 ENG Steps to...
Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection
Exploit Title: Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-03 Vendor Homepage: https://janguo.de/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/thematic-directory/collection-factory/ Software...
Airties AIR5342 1.0.0.18 - Cross-Site Scripting
Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR5342, AIR5343v2, AIR5443v2, AIR5453, AIR5442,...
Zechat 1.5 - 'uname' SQL Injection
Exploit Title: Zechat 1.5 - 'uname' SQL Injection Exploit Author: Ihsan Sencan Date: 2018-10-02 Dork: N/A Vendor Homepage: https://bylancer.com/ Software Link: https://bylancer.com/products/zechat-php-script/index.php Version: 1.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1...
Linux Kernel < 4.11.8 - 'mq_notify: double sock_put()' Local Privilege Escalation
/ CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target, it requires modifications! Compile with: gcc -fpic -O0 -std=c99 -Wall...
Coaster CMS 5.5.0 - Cross-Site Scripting
Exploit Title: Coaster CMS 5.5.0 - Cross-Site Scripting Date: 2018-10-01 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.web-feet.co.uk/ Software Link : https://github.com/Web-Feet/coastercms Software : Coaster CMS Product Version: v5.5.0 Vulernability Type : Cross-site Scripting...
OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection
Exploit Title: OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection Dork: inurl:"index.php?scelta=campi" Date: 2018-10-02 Exploit Author: Dino Barlattani Vendor Homepage: http://www.nexusfi.it/ Software Link: http://www.nexusfi.it/easyweb.php Version: 5.7 Category: Webapps Platform: PHP CVE: N/A POC:...
OPAC EasyWeb Five 5.7 - 'nome' SQL Injection
Exploit Title: OPAC EasyWeb Five 5.7 - 'nome' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-10-02 Vendor Homepage: http://www.nexusfi.it/ Software Link: http://www.nexusfi.it/easyweb.php Version: 5.7 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC: 1 POST...
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
Exploit Title: Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-30 Vendor Homepage: http://www.billion.com Software Link: http://billionfirmware.co.za Tested Version: 20151105641 Tested on OS: Kali Linux CVE: N/A Description: Improper input...
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
Exploit Title: ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/asset-explorer/ Software : ZOHO Corp ManageEngine AssetExplorer 6.2.0 Produc...
Singleleg MLM Software 1.0 - 'msg_id' SQL Injection
Exploit Title: Singleleg MLM Software 1.0 - 'msgid' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://mlmsoftwarez.in/ Software Link: http://mlmdemo.biz/singleleg/root.html Software Link: http://mlmdemo.biz/autopool/root.html Software Link:...
H2 Database 1.4.196 - Remote Code Execution
Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197 Tested on: macOS/Linux CVE: N/A This takes...
Binary MLM Software 1.0 - 'pid' SQL Injection
Exploit Title: Binary MLM Software 1.0 - 'pid' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://mlmsoftwarez.in/ Software Link: http://mlmdemo.biz/binary/root.html Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC:...
Fork CMS 5.4.0 - Cross-Site Scripting
Exploit Title: Fork CMS 5.4.0 - Cross-Site Scripting Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type : Code Injection Vulenrability : HTML...
Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)
Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link: http://zahiraccounting.com/files/zahir-accounting-6-free-trial.zip Version: 6 build 10b - Download here:...
Snes9K 0.0.9z - Denial of Service (PoC)
Exploit Title: Snes9K 0.0.9z - Denial of Service PoC Date: 2018-09-28 Exploit Author: crashmanucoot Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://sourceforge.net/projects/snes9k/files/latest/download Version: 0.0.9z Tested on: Windows 7 Home Premium x86 SPANISH...
Education Website 1.0 - 'subject' SQL Injection
Exploit Title: Education Website 1.0 - 'subject' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/34 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A POC:...
WUZHICMS 2.0 - Cross-Site Scripting
Title: WUZHICMS 2.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-10-01 Vendor: http://www.wuzhicms.com Software: WUZHICMS 2.0 CVE: CVE-2018-17832 Technical Details & Description: A Cross Site Scripting vulnerability has been discovered in the WUZHICMS 2.0 web-application. The...
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
Exploit Title: Flippa Marketplace Clone 1.0 - 'datestarted' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/15 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Hotel Booking Engine 1.0 - 'h_room_type' SQL Injection
Exploit Title: Hotel Booking Engine 1.0 - 'hroomtype' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-10-01 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/35 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-N/A PO...
PCProtect 4.8.35 - Privilege Escalation
Exploit Title: PCProtect 4.8.35 - Privilege Escalation Date: 2018-09-11 Exploit Author: Hashim Jawad - @ihack4falafel Vendor Homepage: https://www.pcprotect.com/ Vulnerable Software: https://www.pcprotect.com/download Tested on: Windows 7 Enterprise SP1 x64 Description: PCProtect Anti-Virus v4.8....
EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation
Title: EE 4GEE Mini EE400002.0044 - Privilege Escalation Date: 2018-09-22 Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
Exploit Title: iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20 – XML External Entity Injection Google Dork: N/A Date: 2018-09-27 Exploit Author: Sureshbabu Narvaneni Author Blog : https://nullnews.in Vendor Homepage: www.informationbuilders.co.uk Software Link:...
Rausoft ID.prove 2.95 - 'Username' SQL injection
Exploit Title: Rausoft ID.prove 2.95 - 'Username' SQL injection Google Dork: inurl:IdproveWebclient Date: 2018-09-26 Exploit Author: Ilya Timchenko, Mercedes pay S.A. Vendor Homepage: https://www.idprove.de Software Link:...
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting
Exploit Title: ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting Date: 2018-09-11 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/desktop-central/ Software : ZOHO Corp ManageEngine Desktop Central 10...
Microsoft Edge - Sandbox Escape
Content process - Privileged content process firststage.js When spawning a new Edge content process, its privilege is determined by its URL. This URL check is performed by the LCIEUrlPolicy::GetPICForPrivilegedInternalPage method in eModel.dll. The method calls several another methods to check...
TransMac 12.2 - Denial of Service (PoC)
Exploit Title: TransMac 12.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-26 Software Link: http://www.acutesystems.com/tmac/tmsetup.exe Tested Version: 12.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will create a new fil...
Linux/ARM - Bind (0.0.0.0:4444/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 Bytes)
Linux/ARM - Bind 0.0.0.0:4444/TCP Shell /bin/sh + Null-Free Shellcode 92 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Bind 0.0.0.0:4444/TCP Shell /bin/sh + Null-Free Shellcode 92 Bytes Date: 2018-09-26 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara System Informatio...
Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation
Since commit 615d6e8756c8 "mm: per-thread vma caching", first in 3.15, Linux has per-task VMA caches that contain up to four VMA pointers for fast lookup. VMA caches are invalidated by bumping the 32-bit per-mm sequence number mm-vmacacheseqnum; when the sequence number wraps, vmacacheflushall...
CrossFont 7.5 - Denial of Service (PoC)
Exploit Title: CrossFont 7.5 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-26 Software Link: http://www.acutesystems.com/cfnt/cfsetup.exe Tested Version: 7.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will create a new file...
Linux Kernel 2.6.x / 3.10.x / 4.14.x (RedHat / Debian / CentOS) (x64) - 'Mutagen Astronomy' Local Privilege Escalation
/ EDB-Note: Systems with less than 32GB of RAM are unlikely to be affected by this issue, due to memory demands during exploitation. EDB Note: poc-exploit.c / / poc-exploit.c for CVE-2018-14634 Copyright C 2018 Qualys, Inc. This program is free software: you can redistribute it and/or modify it...
Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow (SEH)
Exploit Title: Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-25 Software Link: http://support.faleemi.com/fsc776/Faleemiv1.8.exe Tested Version: 1.8.2 Tested on OS: Windows 7 32bit Steps to Reproduce: Run the python...
RICOH MP C406Z Printer - Cross-Site Scripting
Exploit Title: RICOH MP C406Z Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Joomla! Component Dutch Auction Factory 2.0.2 - 'filter_order_Dir' SQL Injection
Exploit Title: Joomla! Component Dutch Auction Factory 2.0.2 - 'filterorderDir' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...
WebKit - 'WebCore::RenderMultiColumnSet::updateMinimumColumnHeight' Use-After-Free
htmlvar00002, htmlvar00006 column-span: all; :root 1px; position: fixed; -webkit-column-width: 1px; .class2 text-indent: -webkit-shape-margin: 0px; -webkit-writing-mode: vertical-rl; '.' defselement, .class8 display: grid; 1s; function jsfuzzer / newvarhtmlvar00078:HTMLHRElement / htmlvar00078 =...
Joomla! Component eXtroForms 2.1.5 - 'filter_type_id' SQL Injection
Exploit Title: Joomla Component eXtroForms 2.1.5 - 'filtertypeid' SQL Injection Dork: N/A Date: 2018-08-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://extro.media/ Software Link:...
WebKit - 'WebCore::SVGAnimateElementBase::resetAnimatedType' Use-After-Free
function eventhandler2 try var var00138 = svgvar00013.parentNode; catche try htmlvar00006.setAttribute"onfocusin", "eventhandler2"; catche try svgvar00001.aftervar00138; catche function eventhandler5 try htmlvar00028.autofocus = true; catche try htmlvar00034.appendChildhtmlvar00006; catche !--...
WebKit - 'WebCore::RenderLayer::updateDescendantDependentFlags' Use-After-Free
htmlvar00005, noframes, diplay: inline; padding-top: 0vw; -webkit-column-count: 41; transition-delay: body::first-letter box-flex-group: -webkit-background-size: contain; -webkit-opacity: 0.716727864979; htmlvar00001, .class1 1vmax; display: contents; left: transform-style: inherit;...
Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection
Exploit Title: Joomla! Component Reverse Auction Factory 4.3.8 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/reverse-auction-factory/ Version: 4.3.8 Category: Webapps Test...
WebKit - 'WebCore::SVGTRefElement::updateReferencedText' Use-After-Free
function freememory forvar i=0;i !-- ================================================================= ASan log: ================================================================= ==69919==ERROR: AddressSanitizer: heap-use-after-free on address 0x615000090e14 at pc 0x00011551a61a bp 0x7ffee91562a0...
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
Exploit Title: Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://multiplanet.gr/ Software Link: https://extensions.joomla.org/extensions/extension/authoring-a-content/alphaindex-dictionaries/ Version: 1.0 Category: Webapps Tested on:...