47904 matches found
STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation (1)
/ Exploit Title: STOPzilla AntiMalware 6.5.2.59 - Privilege Escalation Date: 2018-09-13 Author: Parvez Anwar @parvezghh Vendor Homepage: https://www.stopzilla.com/ Software link: https://download.stopzilla.com/binaries/stopzilla/autoinstaller/STOPzillaAntiMalware.msi Tested Version: 6.5.2.59 Driv...
Apache Portals Pluto 3.0.0 - Remote Code Execution
Exploit Title: Apache Portals Pluto 3.0.0 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://portals.apache.org/pluto/ Software Link: http://archive.apache.org/dist/portals/pluto/ Version: 3.0.0 Tested on: Windows Advisory:...
Apache Syncope 2.0.7 - Remote Code Execution
Exploit Title: Apache Syncope 2.0.7 - Remote Code Execution Date: 2018-09-12 Exploit Author: Che-Chun Kuo Vendor Homepage: https://syncope.apache.org/ Software Link: http://archive.apache.org/dist/syncope/ Version: 2.0.7 Tested on: Windows Advisory: https://syncope.apache.org/security CVE:...
Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow (SEH)
Exploit Title: Free MP3 CD Ripper 2.6 - '.mp3' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-13 Software Link: http://www.commentcamarche.net/download/telecharger-34082200-free-mp3-cd-ripper Tested on OS: Windows 7 32bit Tested Version: 2.6 Steps to Reproduce: Run the...
PixGPS 1.1.8 - Denial of Service (PoC)
Exploit Title: PixGPS 1.1.8 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-10 Software Link: http://www.br-software.com/pixgps11setup.exe Tested Version: 1.1.8 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will create a new fil...
RoboImport 1.2.0.72 - Denial of Service (PoC)
Exploit Title: RoboImport 1.2.0.72 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-11 Software Link: http://www.picajet.com/download/RoboImportInstall.exe Tested Version: 1.2.0.72 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it wi...
LG Smart IP Camera 1508190 - Backup File Download
Exploit Title: LG Smart IP Camera 1508190 - Backup File Download Date: 2018-09-11 Exploit Author: Ege Balci Vendor Homepage: https://www.lg.com Software version: 1310250 " exit0 print"==========================================================================" print" Exploit Title: LG Smart IP...
Apple macOS 10.13.4 - Denial of Service (PoC)
Exploit Title: Apple MacOS 10.13.4 - Denial of Service PoC Date: 2018-09-10 Exploit Author: Sriram @SriHxor Vendor Homepage: https://support.apple.com/en-in/HT208848 Tested on: macOS High Sierra 10.13.4, iOS 11.3, tvOS 11.3, watchOS 4.3.0 CVE : CVE-2018-4240 2018 POC :...
MyBB 1.8.17 - Cross-Site Scripting
Exploit Title: MyBB 1.8.17 - Cross-Site Scripting Date: 2018-08-11 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://mybb.com/download/ Version: 1.8.17 Tested on: Ubuntu 18.04 CVE: CVE-2018-15596 1. Description: On the forum RSS Syndication page you can generate a URL for...
PDF Explorer 1.5.66.2 - Denial of Service (PoC)
Exploit Title: PDF Explorer 1.5.66.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-12 Software Link: https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip Tested Version: 1.5.66.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit scrip...
SynaMan 4.0 build 1488 - SMTP Credential Disclosure
Exploit Author: bzyo CVE: CVE-2018-10814 Twitter: @bzyo Exploit Title: SynaMan 4.0 - Cleartext password SMTP settings Date: 09-12-18 Vulnerable Software: SynaMan 4.0 build 1488 Vendor Homepage: http://web.synametrics.com/SynaMan.htm Version: 4.0 build 1488 Software Link:...
SynaMan 4.0 build 1488 - (Authenticated) Cross-Site Scripting
Exploit Author: bzyo CVE: CVE-2018-10763 Twitter: @bzyo Exploit Title: SynaMan 4.0 - Authenticated Cross Site Scripting XSS Date: 09-12-18 Vulnerable Software: SynaMan 4.0 build 1488 Vendor Homepage: http://web.synametrics.com/SynaMan.htm Version: 4.0 build 1488 Software Link:...
IBM Identity Governance and Intelligence 5.2.3.2 / 5.2.4 - SQL Injection
Exploit Title: Unauthenticated Remote SQLi Date: 11/09/2018 Exploit Author: Mohamed Sayed - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10728883 Version: IGI 5.2.3.2 REQUIRED Tested on: Windows 10 CVE : CVE-2018-1756 Hello , IBM IGI version 5.2.3.2 i...
Infiltrator Network Security Scanner 4.6 - Denial of Service (PoC)
Exploit Title: Infiltrator Network Security Scanner 4.6 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-12 Software Link: https://www.infiltration-systems.com/download.shtml Tested Version: 4.6 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit...
CirCarLife SCADA 4.3.0 - Credential Disclosure
Exploit Title: CirCarLife SCADA 4.3.0 - Credential Disclosure Date: 2018-09-10 Exploit Author: David Castro Vendor Homepage: https://circontrol.com/ Shodan Dork: Server: CirCarLife Server: PsiOcppApp Version: CirCarLife Scada all versions under 4.3.0 OCPP implementation all versions under 1.5.0 C...
Rubedo CMS 3.4.0 - Directory Traversal
Exploit Title: Rubedo CMS 3.4.0 - Directory Traversal Google Dork: intext:rubedo.current.page.description Date: 2018-09-11 Exploit Author: Marouene Boubakri Vendor Homepage: https://www.rubedo-project.org Version: through 3.4.0 Tested on: Linux CVE : CVE-2018-16836 PoC: Read /etc/passwd file from...
iCash 7.6.5 - Denial of Service (PoC)
Exploit Title: iCash 7.6.5 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-12 Software Link: https://www.maxprog.com/site/misc/downloadsus.php Tested Version: 7.6.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will create a new...
jiNa OCR Image to Text 1.0 - Denial of Service (PoC)
Exploit Title: jiNa OCR Image to Text 1.0 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-10 Software Link: http://www.convertimagetotext.net/downloadsoftware.php Tested Version: 1.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it...
PicaJet FX 2.6.5 - Denial of Service (PoC)
Exploit Title: PicaJet FX 2.6.5 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-11 Software Link: http://www.picajet.com/download/PicaJetFXInstall.exe Tested Version: 2.6.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit script, it will crea...
HTML5 Video Player 1.2.5 - Denial of Service (PoC)
Exploit Title: HTML5 Video Player 1.2.5 - Denial of Service PoC Date: 2018-09-07 Exploit Author: T3jv1l Vendor Homepage: http://www.html5videoplayer.net/download.html Software: http://www.html5videoplayer.net/html5videoplayer-setup.exe Contact: https://twitter.com/T3jv1l Version: HTML5 Video Play...
Bayanno Hospital Management System 4.0 - Cross-Site Scripting
Exploit Title: Bayanno Hospital Management System 4.0 - Cross-Site Scripting Date: 2018-09-05 Software Link: https://codecanyon.net/item/bayanno-hospital-management-system/5814621 Exploit Author: Gokhan Sagoglu Vendor Homepage:: http://creativeitem.com/ Version: v4.0 Live Demo:...
InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow (SEH)
Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Nombre del Tag' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2018-09-10 Vendor Homepage: https://on.wonderware.com/ Software Link: https://on.wonderware.com/intouch-machine-edition Tested Version: 8.1 SP1 Vulnerability Type: Loc...
Android - 'zygote->init;' Chain from USB Privilege Escalation
After reporting https://bugs.chromium.org/p/project-zero/issues/detail?id=1583 Android ID 80436257, CVE-2018-9445, I discovered that this issue could also be used to inject code into the context of the zygote. Additionally, I discovered a privilege escalation path from zygote to init; that...
Apache Struts 2 - Namespace Redirect OGNL Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Namespace Redirect OGNL Injection', 'Description' = %q This module exploits a remote code execution vulnerability in Apache Strut...
Any Sound Recorder 2.93 - Denial of Service (PoC)
Exploit Title: Any Sound Recorder 2.93 - Denial of Service PoC Date: 2018-09-09 Exploit Author: T3jv1l Vendor Homepage: http://www.any-sound-recorder.com Software: http://www.any-sound-recorder.com/anysoundrecorder.exe Version: Any Sound Recorder 2.93 Tested on: Windows 7 SP1 x86 !/usr/bin/python...
Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow (SEH)
Exploit Title: Socusoft 3GP Photo Slideshow 8.05 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/3gp-photo-slideshow.html Tested Version: 8.05 Tested on OS: Windows XP Service Pack 3 x86...
LW-N605R 12.20.2.1486 - Remote Code Execution
Title: LW-N605R 12.20.2.1486 - Remote Code Execution Date: 2018-09-09 Author: Nassim Asrir Vendor: LINK-NET Product Link: http://linknet-usa.com/main/productinfo.php?productsid=35&language=es Firmware version: 12.20.2.1486 CVE: N/A Description: LW-N605R devices allow Remote Code Execution via she...
SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow (SEH)
Exploit Title: SocuSoft iPod Photo Slideshow 8.05 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://www.dvd-photo-slideshow.com/ipod-photo-slideshow.html Tested Version: 8.05 Tested on OS: Windows XP Service Pack 3 x86...
Photo To Video Converter Professional 8.07 - Buffer Overflow (SEH)
Exploit Title: Photo To Video Converter Professional 8.07 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:hhttp://www.dvd-photo-slideshow.com/photo-to-video-converter.html Tested Version: 8.05 Tested on OS: Windows XP Servic...
Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection
Title: Microsoft Baseline Security Analyzer 2.3 - XML External Entity Injection Date: 2018-09-08 Author: John Page aka hyp3rlinx Vendor: Microsoft Software link: https://www.microsoft.com/en-us/download/details.aspx?id=7558 Software Version: 2.3 References: ZDI-CAN-6307 References:...
Flash Slideshow Maker Professional 5.20 - Buffer Overflow (SEH)
Exploit Title: Flash Slideshow Maker Professional 5.20 - Buffer Overflow SEH Date: 2018-09-08 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:http://flash.dvd-photo-slideshow.com/ Tested Version: 5.20 Tested on OS: Windows XP Service Pack 3 x86 Steps to Reproduce...
Zenmap (Nmap) 7.70 - Denial of Service (PoC)
Exploit Title: Nmap 7.70 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-10 Software Link: https://nmap.org/dist/nmap-7.70-setup.exe Tested Version: 7.70 ZenMap Tested on OS: Windows 7 32bit Description: This vunerability causes the program to crash and start to...
Ghostscript - Failed Restore Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule /dev/tty' include Msf::Exploit::FILEFORMAT include Msf::Exploit::CmdStager include Msf::Exploit::Powershell def initializeinfo =...
Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal
Exploit Title: Softneta MedDream PACS Server Premium 6.7.1.1 - Directory Traversal Date: 2018-05-23 Software Link: https://www.softneta.com/products/meddream-pacs-server/downloads.html Google Dork: inurl:pacs/login.php, inurl:pacsone/login.php, inurl:pacsone filetype:php home, inurl:pacsone...
iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow (SEH)
Exploit Title: iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-07 Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested Version: 1.5 Tested on OS: Windows 7 32bi...
Tenable WAS-Scanner 7.4.1708 - Remote Command Execution
Exploit Title: Tenable WAS-Scanner 7.4.1708 - Remote Command Execution Discovery by: Sameer Goyal Discovery Date: 2018-05-30 Vendor Homepage: https://www.tenable.com/ Software Link: https://www.tenable.com/products/tenable-io/web-application-scanning Tested Version: WAS-20180328 Vulnerability Typ...
MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection
Exploit Title: MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection Date: 2018-05-23 Software https://www.softneta.com/products/meddream-pacs-server/downloads.html Version: MedDreamPACS Premium 6.7.1.1 Exploit Author: Carlos Avila Google Dork: inurl:Pacs/login.php, inurl:pacsone...
QNAP Photo Station 5.7.0 - Cross-Site Scripting
Exploit Title: QNAP Photo Station 5.7.0 - Cross-Site Scripting Google Dork: N/A Date: 2018-09-07 Exploit Author: Mitsuaki Mitch Shiraishi - secureworks Vendor Homepage: https://www.qnap.com/ja-jp/security-advisory/nas-201808-23 Software Link: N/A Version: QNAP Photo Station versions 5.7.0 and...
DVD Photo Slideshow Professional 8.07 - Buffer Overflow (SEH)
Exploit Title: DVD Photo Slideshow Professional 8.07 - Buffer Overflow SEH Date: 2018-09-06 Exploit Author:T3jv1l Vendor Homepage:http://www.dvd-photo-slideshow.com/ Software:www.dvd-photo-slideshow.com/dpsinstall.exe Category:Local Contact:https://twitter.com/T3jv1l Version: DVD Photo Slideshow...
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Date: 2018-09-05 Exploit Author: Marko Jokic Contact: http://twitter.com/MarkoJokic Vendor Homepage: http://roller.apache.org/ Software...
Cisco Umbrella Roaming Client 2.0.168 - Local Privilege Escalation
/ Exploit Title: Cisco Umbrella Roaming Client 2.0.168 - Privilege Escalation Date: 2018-04-06 Exploit Author: paragonsec @ Critical Start Vendor Homepage: https://www.opendns.com/ Version: Umbrella Roaming Client 2.0.168 Tested on: Windows 10 Professional CVE : CVE-2018-0437 & CVE-2018-0438 Cisc...
Jorani Leave Management 0.6.5 - (Authenticated) 'startdate' SQL Injection
Exploit Title: Jorani Leave Management 0.6.5 – 'startdate' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-09-06 Google Dork: N/A Vendor: Benjamin BALET Software Link: https://jorani.org/download.html Affected Version: 0.6.5 and possibly before Patched...
NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection (File Disclosure)
Title: NovaRad NovaPACS Diagnostics Viewer 8.5 - XML External Entity Injection File Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-09-07 Vendor: NovaRad Corporation Product web page: https://www.novarad.net Affected version: 8.5.19.75 Diagnostics Viewer, Study Browser Tested...
WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
Exploit Title: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal Date: 2018-08-29 Exploit Author: Hamit CİBO Vendor Homepage: http://endress.com Software Link: https://www.endress.com/en/Field-instruments-overview/System-Components-Recorder-Data-Manager/wirelesshart-gateway-fieldgate-swg70...
D-Link Dir-600M N150 - Cross-Site Scripting
Exploit Title: D-Link Dir-600M N150 - Cross-Site Scripting Date: 2018-09-06 Exploit Author: PUNIT DARJI Vendor Homepage: www.dlink.co.in Hardware Link: https://amzn.to/2NUIniO Version: DIR-600M Firmware 3.01 Tested on: Windows 7 ultimate CVE: N/A POC Goto your Wifi Router Gateway i.e: 192.168.X.X...
Jorani Leave Management 0.6.5 - Cross-Site Scripting
Exploit Title: Jorani Leave Management System 0.6.5 – Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-09-06 Google Dork: N/A Vendor: Benjamin BALET Software Link: https://jorani.org/download.html Affected Version: 0.6.5 and possibly before Patched...
Microsoft People 10.1807.2131.0 - Denial of service (PoC)
Exploit Title: Microsoft people 10.1807.2131.0 - Denial of service PoC Exploit Author : L0RD Contact: [email protected] Date: 2018-09-04 Vendor Homepage : https://www.microsoft.com Software link: https://www.microsoft.com/en-us/p/microsoft-people/9nblggh10pg8?activetab=pivot:overviewt...
FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution
Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution Date: 2018-09-05 Exploit Author: vrsystem Vendor Homepage: https://www.fujixerox.com.cn/ Software Link: https://www.fujixerox.com.cn/ Version: DocuCentre-IV,DocuCentre-VI,DocuCentre-V,ApeosPort-VI,ApeosPort-V Tested on...
Tenda ADSL Router D152 - Cross-Site Scripting
Exploit Title: Tenda D152 ADSL Router - Cross-Site Scripting Exploit Author: Sandip Dey Date: 2018-07-21 Vendor Homepage: http://www.tendacn.com Hardware Link:...
FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow (SEH)
FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow SEH. Remote exploit for Windowsx86 platform. Tags: Local, Buffer Overflow Exploit Title: FTPShell Server 6.80 - 'Add Account Name' Buffer Overflow SEH Discovery by: Luis Martinez Discovery Date: 2018-09-04 Vendor Homepage:...