47885 matches found
Joomla! Component Social Factory 3.8.3 - SQL Injection
Exploit Title: Joomla! Component Social Factory 3.8.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/communities/social-factory/ Version: 3.8.3 Category: Webapps Tested...
Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection
Exploit Title: Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/penny-auction-factory/ Version: 2.0.4 Category: Webapps Tested o...
Easy PhoroResQ 1.0 - Buffer Overflow
Exploit Title: Easy PhoroResQ 1.0 - Buffer Overflow PoC Discovery by: Cemal Cihad ÇİFTÇİ Discovery Date: 2018-09-24 Tested Version: 1.0 Vulnerability Type: Local Buffer Overflow Tested on OS: Windows XP Professional Service Pack 3 Vendor Homepage: http://www.easyphotoresq.com/ Download Link:...
Joomla! Component Music Collection 3.0.3 - SQL Injection
Exploit Title: Joomla! Component Music Collection 3.0.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://joomlathat.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/music-collection/ Version: 3.0.3 Category: Webapps Tested on:...
Joomla! Component Raffle Factory 3.5.2 - SQL Injection
Exploit Title: Joomla! Component Raffle Factory 3.5.2 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/raffle-factory/ Version: 3.5.2 Category: Webapps Tested on:...
RICOH MP 305+ Printer - Cross-Site Scripting
Exploit Title: RICOH MP 305+ Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/all-in-one-printers/mp-305sp.html Software: RICOH Printer Product Version: ...
WebKit - 'WebCore::InlineTextBox::paint' Out-of-Bounds Read
-webkit-logical-width: 1px; -webkit-perspective: 1px; function jsfuzzer var htmlvar00011 = document.getElementById"htmlvar00011"; var htmlvar00019 = document.getElementById"htmlvar00019"; var htmlvar00049 = document.getElementById"htmlvar00049"; var htmlvar00005 =...
WebKit - 'WebCore::AXObjectCache::handleMenuItemSelected' Use-After-Free
function jsfuzzer var a; forvar i=0;i !-- ================================================================= ASan log: ================================================================= ==69238==ERROR: AddressSanitizer: heap-use-after-free on address 0x6120000aaa54 at pc 0x0003280b861a bp...
Joomla! Component Article Factory Manager 4.3.9 - SQL Injection
Exploit Title: Joomla! Component Article Factory Manager 4.3.9 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/authoring-a-content/content-submission/article-factory-manager/ Version: 4.3.9...
Joomla! Component Collection Factory 4.1.9 - SQL Injection
Exploit Title: Joomla! Component Collection Factory 4.1.9 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/thematic-directory/collection-factory/ Version: 4.1.9 Category: Webap...
Joomla! Component Swap Factory 2.2.1 - SQL Injection
Exploit Title: Joomla! Component Swap Factory 2.2.1 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/swap-factory/ Version: 2.2.1 Category: Webapps Tested on:...
Super Cms Blog Pro 1.0 - SQL Injection
Exploit Title: Super Cms Blog Pro 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://coolscript.cf/ Software Link: https://www.codegrape.com/item/super-cms-blog-pro/22250 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-17391 Exploit Author: Ihsan...
Joomla! Component Questions 1.4.3 - SQL Injection
Exploit Title: Joomla! Component Questions 1.4.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://extensiondeveloper.com/ Software Link: https://extensions.joomla.org/extensions/extension/communication/question-a-answers/questions/ Version: 1.4.3 Category: Webapps Tested on:...
Joomla! Component Responsive Portfolio 1.6.1 - 'filter_order_Dir' SQL Injection
Exploit Title: Joomla! Component Responsive Portfolio 1.6.1 - 'filterorderDir' SQL Injection Dork: N/A Date: 2018-09-25 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://extro.media/ Software Link: https://extensions.joomla.org/extension/rpc-responsive-portfolio/ Version: 1.6.1...
WebKit - 'WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded' Use-After-Free
::selection, input:focus, .class0, ul::first-letter -webkit-column-count: 85; float: left; function jsfuzzer var fuzzervars = ; try / / var00034 = document.getSelection; catche try var00034.setPositionhtmlvar00003; var var00043 catche try / newvarvar00104:Element / var var00104 = htmlvar00013;...
Solaris - 'EXTREMEPARR' dtappgather Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Solaris 'EXTREMEPARR' dtappgather Privilege Escalation", 'Description' = %q This module exploits a directory traversal vulnerability in the...
WebKit - 'WebCore::Node::ensureRareData' Use-After-Free
.class1 -webkit-mask-box-image-source: urlfoo; function freememory var a; forvar i=0;i100;i++ a = new Uint8Array10241024; document.implementation.createHTMLDocument"doc"; function jsfuzzer try var00097 = document.createElement"source"; catche try var00097.addEventListener"DOMSubtreeModified",...
RICOH MP C6503 Plus Printer - Cross-Site Scripting
Exploit Title: RICOH MP C6503 Plus Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
RICOH MP C2003 Printer - Cross-Site Scripting
Exploit Title: RICOH MP C2003 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link : https://www.ricoh.ca/en/products/pd/mp-c2003-color-laser-multifunction-printer//R-240-417253 Software : RICOH Printer Product...
WebKit - 'WebCore::SVGTextLayoutAttributes::context' Use-After-Free
tref, feMerge, title inherit; float: right; none; 81em function jsfuzzer try var var00006 = htmlvar00002.getSVGDocument; catche try var var00162 = document.head; catche try htmlvar00015.setSelectionRange2,56; catche try var00162.replaceWithhtmlvar00022; catche Text !--...
Joomla! Component Timetable Schedule 3.6.8 - SQL Injection
Exploit Title: Joomla! Component Timetable Schedule 3.6.8 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://osthemeclub.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/timetable-schedule/ Version: 3.6.8 Category: Webapps Tested on:...
Joomla! Component Jobs Factory 2.0.4 - SQL Injection
Exploit Title: Joomla! Component Jobs Factory 2.0.4 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/jobs-factory/ Version: 2.0.4 Category: Webapps Tested on...
Joomla! Component Auction Factory 4.5.5 - 'filter_order' SQL Injection
Exploit Title: Joomla! Component Auction Factory 4.5.5 - 'filterorder' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/auction-factory/ Version:...
Joomla! Component AMGallery 1.2.3 - 'filter_category_id' SQL Injection
Exploit Title: Joomla! Component AMGallery 1.2.3 - 'filtercategoryid' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-09-18 Vendor Homepage: http://arenam.ru/ Software Link: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/amgallery/ Version: 1.2.3...
Beyond Remote 2.2.5.3 - Denial of Service (PoC)
Exploit Title: Beyond Remote 2.2.5.3 - Denial of Service PoC Author: Erenay Gencay Discovey Date: 2018-09-24 Vendor notified : 2018-09-24 Software Link: https://beyond-remote-client-and-server.jaleco.com/ Tested Version: 2.2.5.3 Tested on OS: Windows XP Professional sp3 ENG Steps to Reproduce: Ru...
Termite 3.4 - Denial of Service (PoC)
Exploit Title: Termite 3.4 - Denial of Service PoC Author: Abdullah Alıç Discovey Date: 2018-09-23 Vendor notified : 2018-09-24 Homepage: https://www.compuphase.com Software Link: https://www.compuphase.com/softwaretermite.htm Tested Version: 3.4 Tested on OS: Windows XP Professional sp3 ENG Step...
Linux/ARM - Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) + sigaction() Shellcode (52 Bytes)
Linux/ARM - Egghunter PWN! + execve"/bin/sh", NULL, NULL + sigaction Shellcode 52 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - sigaction Based Egghunter PWN! + execve"/bin/sh", NULL, NULL Shellcode 52 Bytes Date: 2018-09-24 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken...
RICOH Aficio MP 301 Printer - Cross-Site Scripting
Exploit Title: RICOH Aficio MP 301 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
Linux/ARM - Egghunter (PWN!) + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)
Linux/ARM - Egghunter PWN! + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - Egghunter PWN! + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes Date: 2018-09-24 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara System Information...
LG SuperSign EZ CMS 2.5 - Remote Code Execution
Exploit Title: LG SuperSign EZ CMS 2.5 - Remote Code Execution Date: 2018-09-18 Exploit Author: Alejandro Fanjul Vendor Homepage:https://www.lg.com Software Link: https://www.lg.com/ar/software-lg-supersign Version: SuperSignEZ 1.3 Tested on: LG WebOS 3.10 CVE : CVE-2018-17173 1. Description LG...
Joomla! Component CW Article Attachments 1.0.6 - 'id' SQL Injection
Exploit Title: Joomla! CW Article Attachments 1.0.6 - 'id' SQL Injection Date: 2018-09-20 Exploit Author: Haboob Team Software Link: https://extensions.joomla.org/extension/cw-article-attachments/ Version: below 1.0.6 CVE : CVE-2018-14592...
Navigate CMS 2.8 - Cross-Site Scripting
Title: Navigate CMS 2.8 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-09-19 Vendor: https://www.navigatecms.com/en/home Software: Navigate CMS 2.8 CVE: CVE-2018-17255 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the...
SoftX FTP Client 3.3 - Denial of Service (PoC)
Exploit Title: SoftX FTP Client 3.3 - Denial of Service PoC Discovery by: Cemal Cihad ÇİFTÇİ Discovery Date: 2018-09-24 Tested Version: 3.3 Vulnerability Type: DOS Tested on OS: Windows XP Professional Service Pack 3 Vendor Homepage: www.softx.org Download Link: http://www.softx.org/ftp.html Step...
Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
Exploit Title: Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection Dork: N/A Date: 2018-09-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/micro-deal-factory/ Version: 2.4....
udisks2 2.8.0 - Denial of Service (PoC)
Exploit: udisks2 2.8.0 - Denial of Service PoC Author: oxagast Date: 2018-09-22 Vendor Homepage: http://storaged.org/ Software Link: https://github.com/storaged-project/udisks Version: =udisks2 2.8.0 Tested on: Ubuntu x64 / / / \ / / / O / / \ \ /\//\// ========The vulnerable section of code...
RICOH MP C6003 Printer - Cross-Site Scripting
Exploit Title: RICOH MP C6003 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...
MyBB Visual Editor 1.8.18 - Cross-Site Scripting
Title: MyBB Visual Editor 1.8.18 - Cross-Site Scripting Author: Numan OZDEMIR Vendor Homepage: mybb.com Software Link: https://mybb.com/download/ Version: Up to v1.8.18. Fixed in v1.8.19. PoC Video: https://numanozdemir.com/mybb/xss.mp4 CVE: CVE-2018-17128 Description: Attacker can run JavaScript...
WebRTC - FEC Out-of-Bounds Read
There is an out-of-bounds read in FEC processing in WebRTC. If a very short RTP packet is received, FEC will assume the packet is longer and process data outside of the allocated buffer. This bug causes the following ASAN crash: ==109993==ERROR: AddressSanitizer: heap-buffer-overflow on address...
WebRTC - VP9 Processing Use-After-Free
There is a use-after-free in VP9 processing in WebRTC. In the method RtpFrameReferenceFinder::ManageFrameVp9 the following code occurs: auto gofinfoit = gofinfo.findcodecheader.temporalidx == 0 ? codecheader.tl0picidx - 1 : codecheader.tl0picidx; ... // snip info = &gofinfoit-second; // Clean up...
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
Exploit Title: Collectric CMU 1.0 - 'lang' SQL injection Google Dork: "Inloggning Collectric CMU" Discoverer: Simon Brannstrom Date: 2018-09-15 Vendor Homepage: http://ourenergy.se/ Software Link: n/a Version: All known versions Tested on: Linux CVE: N/A About: Collectric CMU is a Swedish made...
NICO-FTP 3.0.1.19 - Buffer Overflow (SEH)
Exploit Title: NICO-FTP 3.0.1.19 - Buffer Overflow SEH Author: Abdullah Alıç Date: 2018-09-04 Software link: https://en.softonic.com/download/nico-ftp/windows/post-download Tested Version: 3.0.1.19 Vulnerability Type: Buffer Overflow SEH Tested on OS: Windows XP Professional SP3 x86 eng import...
Linux/x86 - Egghunter (0x50905090) + sigaction() Shellcode (27 bytes)
Linux/x86 - Egghunter 0x50905090 + sigaction Shellcode 27 bytes. Shellcode exploit for Linuxx86 platform / Title: Linux/x86 - Egghunter + sigaction-based Shellcode 27 bytes Author:Valbrux Date: 2018-09-19 This exploit is a dirty-slow but small version of the sigaction-based egg hunter shellcode...
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: CVE-2018-16283 Description This bug was found in the file: /wechat-broadcast/wechat/Image.php echo...
Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting
Exploit Title: Roundcube rcfilters plugin 2.1.6 - Cross-Site Scripting Date: 2018-09-09 Exploit Author: Fahimeh Rezaei Vendor Homepage: https://plugins.roundcube.net/packages/eagle00789/rcfilters Software Link: https://plugins.roundcube.net/packages/eagle00789/rcfilters Version: rcfilters plugin...
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Windows: Double Dereference in NtEnumerateKey Elevation of Privilege Platform: Windows 10 1803 not vulnerable in earlier versions Class: Elevation of Privilege Summary: A number of registry system calls do not correctly handle pre-defined keys resulting in a double dereference which can lead to...
Microsoft Windows - 'CiSetFileCache' WDAC Security Feature Bypass TOCTOU
Windows: CiSetFileCache TOCTOU CVE-2017-11830 Variant WDAC Security Feature Bypass Platform: Windows 10 1803, 1709 should include S-Mode but not tested Class: Security Feature Bypass Summary: While the TOCTOU attack against cache signing has been mitigated through NtSetCachedSigningLevel it’s...
LG SuperSign EZ CMS 2.5 - Local File Inclusion
Exploit Title: LG SuperSign EZ CMS 2.5 - Local File Inclusion Date: 2018-09-13 Exploit Author: Alejandro Fanjul Vendor Homepage: https://www.lg.com/ar/software-lg-supersign Version: SuperSign EZ CMS Tested on: Web OS 4.0 CVE : CVE-2018-16288 More info:...
WordPress Plugin Localize My Post 1.0 - Local File Inclusion
Exploit Title: WordPress Plugin Localize My Post 1.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/localize-my-post/ CVE: 2018-16299 DESCRIPTION This bug was found in the file: /localize-my-post/ajax/include.php...
Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution
Exploit Title: Ubisoft Uplay Desktop Client 63.0.5699.0 - Remote Code Execution Date: 2018-09-01 Exploit Author: Che-Chun Kuo Vulnerability Type: URI Parsing Command Injection Vendor Homepage: https://www.ubisoft.com/en-us/ Software Link: https://uplay.ubi.com/ Version: 63.0.5699.0 Tested on:...
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)
Exploit Title: NUUO NVRMini2 3.8 - 'cgisystem' Buffer Overflow Enable Telnet Date: 2018-09-17 Exploit Author: Jacob Baines Vendor Homepage: https://www.nuuo.com/ Device: NRVMini2 Software Link: https://www.nuuo.com/ProductNode.php?node=2 Versions: 3.8.0 and below Tested Against: 03.07.0000.0011 a...