Bayanno Hospital Management System 4.0 - Cross-Site Scripting

Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Date: 2018-09-05 Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage:: http://creativeitem.com/ Version: v4.0 Live Demo:...

Android - 'zygote->init;' Chain from USB Privilege Escalation

After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a privilege escalation path from zygote to init; that...

InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH)

Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2018-09-10 Vendor Homepage: https://on.wonderware.com/ Software Link: https://on.wonderware.com/intouch-machine-edition Tested Version: 8.1 SP1 Vulnerability Type: Loc...

HTML5 Video Player 1.2.5 - Denial of Service (PoC)

Exploit Title: HTML5 Video Player 1.2.5 - Denial of Service PoC Date: 2018-09-07 Exploit Author: T3jv1l Vendor Homepage: http://www.html5videoplayer.net/download.html Software: http://www.html5videoplayer.net/html5videoplayer-setup.exe Contact: https://twitter.com/T3jv1l Version: HTML5 Video Play...

Ghostscript - Failed Restore Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /dev/tty' include Msf::Exploit::FILEFORMAT include Msf::Exploit::CmdStager include Msf::Exploit::Powershell def initializeinfo =...

Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Namespace Redirect OGNL Injection', 'Description' = %q This module exploits a remote code execution vulnerability in Apache Strut...

Zenmap (Nmap) 7.70 - Denial of Service (PoC)

Exploit Title: Nmap 7.70 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-10 Software Link: https://nmap.org/dist/nmap-7.70-setup.exe Tested Version: 7.70 ZenMap Tested on OS: Windows 7 32bit Description: This vunerability causes the program to crash and start to...

Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection

Title: Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Date: 2018-09-08 Author: John Page aka hyp3rlinx Vendor: Microsoft Software link: https://www.microsoft.com/en-us/download/details.aspx?id=7558 Software Version: 2.3 References: ZDI-CAN-6307 References:...

Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)

Exploit Title: Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/3gp-photo-slideshow.html Tested Version: 8.05 Tested on OS: Windows XP Service Pack 3 x86...

Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)

Exploit Title: Flash Slideshow Maker Professional 5.20 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://flash.dvd-photo-slideshow.com/ Tested Version: 5.20 Tested on OS: Windows XP Service Pack 3 x86 Steps to Reproduce...

LW-N605R 12.20.2.1486 - Remote Code Execution

Title: LW-N605R 12.20.2.1486 - Remote Code Execution Date: 2018-09-09 Author: Nassim Asrir Vendor: LINK-NET Product Link: http://linknet-usa.com/main/productinfo.php?productsid=35&language=es Firmware version: 12.20.2.1486 CVE: N/A Description: LW-N605R devices allow Remote Code Execution via she...

SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)

Exploit Title: SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/ipod-photo-slideshow.html Tested Version: 8.05 Tested on OS: Windows XP Service Pack 3 x86...

Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)

Exploit Title: Photo To Video Converter Professional 8.07 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:hhttp://www.dvd-photo-slideshow.com/photo-to-video-converter.html Tested Version: 8.05 Tested on OS: Windows XP Servic...

Any Sound Recorder 2.93 - Denial of Service (PoC)

Exploit Title: Any Sound Recorder 2.93 - Denial of Service PoC Date: 2018-09-09 Exploit Author: T3jv1l Vendor Homepage: http://www.any-sound-recorder.com Software: http://www.any-sound-recorder.com/anysoundrecorder.exe Version: Any Sound Recorder 2.93 Tested on: Windows 7 SP1 x86 !/usr/bin/python...

Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal

Exploit Title: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal Date: 2018-05-23 Software Link: https://www.softneta.com/products/meddream-pacs-server/downloads.html Google Dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone...

DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH)

Exploit Title: DVD Photo Slideshow Professional 8.07 - Buffer Overflow SEH Date: 2018-09-06 Exploit Author:T3jv1l Vendor Homepage:http://www.dvd-photo-slideshow.com/ Software:www.dvd-photo-slideshow.com/dpsinstall.exe Category:Local Contact:https://twitter.com/T3jv1l Version: DVD Photo Slideshow...

QNAP Photo Station 5.7.0 - Cross-Site Scripting

Exploit Title: QNAP Photo Station 5.7.0 - Cross-Site Scripting Google Dork: N/A Date: 2018-09-07 Exploit Author: Mitsuaki Mitch Shiraishi - secureworks Vendor Homepage: https://www.qnap.com/ja-jp/security-advisory/nas-201808-23 Software Link: N/A Version: QNAP Photo Station versions 5.7.0 and...

iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH)

Exploit Title: iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-07 Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested Version: 1.5 Tested on OS: Windows 7 32bi...

Tenable WAS-Scanner 7.4.1708 - Remote Command Execution

Exploit Title: Tenable WAS-Scanner 7.4.1708 - Remote Command Execution Discovery by: Sameer Goyal Discovery Date: 2018-05-30 Vendor Homepage: https://www.tenable.com/ Software Link: https://www.tenable.com/products/tenable-io/web-application-scanning Tested Version: WAS-20180328 Vulnerability Typ...

MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection

Exploit Title: MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection Date: 2018-05-23 Software https://www.softneta.com/products/meddream-pacs-server/downloads.html Version: MedDreamPACS Premium 6.7.1.1 Exploit Author: Carlos Avila Google Dork: inurl:Pacs/login.php, inurl:pacsone...

WirelessHART Fieldgate SWG70 3.0 - Directory Traversal

Exploit Title: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal Date: 2018-08-29 Exploit Author: Hamit CİBO Vendor Homepage: http://endress.com Software Link: https://www.endress.com/en/Field-instruments-overview/System-Components-Recorder-Data-Manager/wirelesshart-gateway-fieldgate-swg70...

Jorani Leave Management 0.6.5 - Cross-Site Scripting

Exploit Title: Jorani Leave Management System 0.6.5 – Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-09-06 Google Dork: N/A Vendor: Benjamin BALET Software Link: https://jorani.org/download.html Affected Version: 0.6.5 and possibly before Patched...

Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)

Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Date: 2018-09-05 Exploit Author: Marko Jokic Contact: http://twitter.com/MarkoJokic Vendor Homepage: http://roller.apache.org/ Software...

Cisco Umbrella Roaming Client 2.0.168 - Local Privilege Escalation

/ Exploit Title: Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation Date: 2018-04-06 Exploit Author: paragonsec @ Critical Start Vendor Homepage: https://www.opendns.com/ Version: Umbrella Roaming Client 2.0.168 Tested on: Windows 10 Professional CVE : CVE-2018-0437 & CVE-2018-0438 Cisc...

Jorani Leave Management 0.6.5 - (Authenticated) 'startdate' SQL Injection

Exploit Title: Jorani Leave Management 0.6.5 – 'startdate' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-09-06 Google Dork: N/A Vendor: Benjamin BALET Software Link: https://jorani.org/download.html Affected Version: 0.6.5 and possibly before Patched...

D-Link Dir-600M N150 - Cross-Site Scripting

Exploit Title: D-Link Dir-600M N150 - Cross-Site Scripting Date: 2018-09-06 Exploit Author: PUNIT DARJI Vendor Homepage: www.dlink.co.in Hardware Link: https://amzn.to/2NUIniO Version: DIR-600M Firmware 3.01 Tested on: Windows 7 ultimate CVE: N/A POC Goto your Wifi Router Gateway i.e: 192.168.X.X...

NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)

Title: NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection File Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-09-07 Vendor: NovaRad Corporation Product web page: https://www.novarad.net Affected version: 8.5.19.75 Diagnostics Viewer, Study Browser Tested...

Tenda ADSL Router D152 - Cross-Site Scripting

Exploit Title: Tenda D152 ADSL Router - Cross-Site Scripting Exploit Author: Sandip Dey Date: 2018-07-21 Vendor Homepage: http://www.tendacn.com Hardware Link:...

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)

FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow SEH. Remote exploit for Windowsx86 platform. Tags: Local, Buffer Overflow Exploit Title: FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2018-09-04 Vendor Homepage:...

Microsoft People 10.1807.2131.0 - Denial of service (PoC)

Exploit Title: Microsoft people 10.1807.2131.0 - Denial of service PoC Exploit Author : L0RD Contact: [email protected] Date: 2018-09-04 Vendor Homepage : https://www.microsoft.com Software link: https://www.microsoft.com/en-us/p/microsoft-people/9nblggh10pg8?activetab=pivot:overviewt...

FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution

Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution Date: 2018-09-05 Exploit Author: vrsystem Vendor Homepage: https://www.fujixerox.com.cn/ Software Link: https://www.fujixerox.com.cn/ Version: DocuCentre-IV,DocuCentre-VI,DocuCentre-V,ApeosPort-VI,ApeosPort-V Tested on...

RPi Cam Control < 6.4.25 - 'preview.php' Remote Command Execution

!/usr/bin/python import sys import requests import os import re import readline def usage: print "\nRPi Cam Web Interface Exploit\n" print "Usage: %s http://host/path/to/preview.php \n" % sys.argv0 print "Options: " print " -h, --help Show this help message and exit" print "" sys.exit0 def...

Logicspice FAQ Script 2.9.7 - Remote Code Execution

Exploit Title: Logicspice FAQ Script 2.9.7 - Remote Code Execution Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.logicspice.com/products/faq-script Software Link: https://www.logicspice.com/app/webroot/files/document/phpmyfaq-2.9.7.zip Version:...

iSmartViewPro 1.5 - 'DDNS' Buffer Overflow

Exploit Title: iSmartViewPro 1.5 - 'DDNS/IP/DID' Buffer Overflow Discovery by: Luis Martinez Discovery Date: 2018-09-03 Vendor Homepage: https://securimport.com/ Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested Version: 1.5...

mooSocial Store Plugin 2.6 - SQL Injection

Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL: http://addons.moosocial.com/stores Purchase lin...

PHP File Browser Script 1 - Directory Traversal

Exploit Title: PHP File Browser Script 1 - Directory Traversal Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/file-browser.php Software Link:https://www.hscripts.com/scripts/php/downloads/file-browser-demo.zip Version: 1....

Simple POS 4.0.24 - 'columns[0][search][value]' SQL Injection

Exploit Title: Simple POS 4.0.24 - 'columns0searchvalue' SQL Injection Google Dork: N/A Date: 2018-08-31 Exploit Author: Renos Nikolaou Software Link: https://codecanyon.net/item/simple-pos-point-of-sale-made-easy/3947976 Vendor Homepage: https://tecdiary.com/ Version: 4.0.24 Tested on: Windows 1...

Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (20 Bytes)

Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 20 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 20 Bytes Date: 2018-08-31 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara Syste...

Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service (PoC)

Exploit Title: Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-09-01 Vendor Homepage: http://www.trendmicro.com.tr/media/ds/virtual-mobile-infrastructure-datasheet-en.pdf Software Link: App Store for iOS...

Online Quiz Maker 1.0 - 'catid' SQL Injection

Exploit Title: Online Quiz Maker 1.0 - 'catid' SQL Injection Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/quiz-maker.php Software Link:https://www.hscripts.com/scripts/php/downloads/quiz-maker.zip Version: 1.0 Category:...

Visual Ping 0.8.0.0 - 'Host' Denial of Service (PoC)

Exploit Title: Visual Ping 0.8.0.0 - 'Host' Denial of Service PoC Date: 2018-08-30 Exploit Author: Uriel Corral Salinas Vendor Homepage: http://www.itlights.com Software Link: http://www.scanwith.com/download/FreeVisualPing.htm Version: Free Visual Ping Version 0.8.0.0 Tested on: Windows 10 Pro x...

Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)

Exploit Title: Admidio 3.3.5 - Cross-Site Request Forgery Change Permissions Author: Nawaf Alkeraithe Date: 2018-09-01 Vendor Homepage: https://www.admidio.org/ Software Link: https://sourceforge.net/projects/admidio/files/Admidio/3.3.x/admidio-3.3.5.zip/download Version: 3.3.5 Tested on: PHP CVE...

Wikipedia 12.0 - Denial of Service (PoC)

Exploit Title: Wikipedia 12.0 - Denial of Service PoC Date: 9/2/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/en-us/p/wikipedia/9wzdncrfhwm4?activetab=pivot%3aoverviewtab Version: 12.0 Tested on: Windows 10 Proof of Concept: Run the python scrip...

D-Link DIR-615 - Denial of Service (PoC)

Exploit Title: D-Link DIR-615 - Denial of Service PoC Date: 2018-08-09 Vendor Homepage: http://www.dlink.co.in Hardware Link: https://www.amazon.in/D-Link-DIR-615-Wireless-N300-Router-Black/dp/B0085IATT6 Version: D-Link DIR-615 Category: Hardware Exploit Author: Aniket Dinda Tested on: Linux kali...

Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)

Exploit Title: Microsoft Windows Explorer Out-of-Bound read - Denial of Service PoC Date: 2018-09-01 Exploit Author: Ghaaf Vendor Homepage: http://www.microsoft.com Version: Windows 7x86/x64 Tested on: 6.1.7601 Service Pack 1 Build 7601 CVE: N/A buffer = '' buffer +=...

FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection

Title: FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection Author: hyp3rlinx Date: 2018-09-01 Vendor: www.eventlogxp.com Software: https://eventlogxp.com/download.php Affected Component: elex.exe CVE: N/A Description: Upon opening a specially crafted .ELX file in Event Log...

Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service (PoC)

Exploit Title: Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-09-02 Vendor Homepage: https://www.symantec.com/ Software Link: https://itunes.apple.com/mx/app/symantec-mobile-encryption/id450235714?mt=8 Tested Version:...

VSAXESS V2.6.2.70 build 20171226_053 - 'Nickname' Denial of Service (PoC)

Exploit Title: VSAXESS V2.6.2.70 build20171226053 - 'Nickname' Denial of Service PoC Discovery by: Diego Santamaria Discovery Date: 2018-08-31 Vendor Homepage: https:https://www.visionistech.com/en/home/ Software Link: https://www.visionistech.com/en/vsaxess-desktop-software/ Tested Version:...

Vox TG790 ADSL Router - Cross-Site Scripting

Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are able to create a persistent Cross-Site scriptin...

DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)

Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Author: AutismJH Date: 2018-08-30 Vendor Homepage: https://github.com/731276192/damicms Software Link: https://github.com/731276192/damicms Version: 6.0.0 CVE: CVE-2018-15844 Description: DamiCMS v6.0.0 allows CSRF to...