Acunetix WVS Reporter 10.0 - Denial of Service (PoC)

Exploit Title: Acunetix WVS Reporter 10.0 - Denial of Service PoC Exploit Author: Ali Alipour Date: 2018-08-22 Vendor Homepage : https://www.acunetix.com/ Tested on : Windows 10 - 64-bit Steps to Reproduce Run the python exploit script, it will create a new file with the name "exploit.txt" just...

Argus Surveillance DVR 4.0.0.0 - Privilege Escalation

/ Exploit Title: Argus Surveillance DVR 4.0.0.0 - Privilege Escalation Author: John Page aka hyp3rlinx Date: 2018-08-29 Vendor: Argus Surveillance DVR - 4.0.0.0 Software Link: http://www.argussurveillance.com/download/DVRstp.exe CVE: N/A Tested on: Windows 7 x86 Description: Argus Surveillance DV...

Network Manager VPNC 1.2.6 - 'Username' Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Network Manager VPNC Username Privilege Escalation', 'Description' = %q This module exploits an injection vulnerability in the Network Manager VP...

Nord VPN 6.14.31 - Denial of Service (PoC)

Exploit Title: Nord VPN = 6.14.31 - Denial of Service PoC Exploit Author : L0RD borna nematzadeh Contact: [email protected] Date: 2018-08-30 Vendor Homepage : https://nordvpn.com Software link: https://nordvpn.com/download/ Version: = 6.14.31 Tested on: Windows 10 CVE: N/A Steps to...

DLink DIR-601 - Credential Disclosure

Exploit Title: DLink DIR-601 - Credential Disclosure Google Dork: N/A Date: 2018-06-24 Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windows 10 + Mozilla Firefox CVE : CVE-2018-12710 1. Description...

WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting

Exploit Title: WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting Google Dork: inurl:"/wp-content/plugins/jibu-pro" Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/jibu-pro.1.7.zip Version: 1.7 Tested on: Kali Linux CVE: N/A Description: Jin...

Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting

Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.cybrotech.com/ Software Link: http://www.cybrotech.com/wp-content/uploads/2016/11/CyBroHttpServer-v1.0.3.zip Version: v1.0.3 Tested on: Windows 7 - 64-bit...

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service (PoC)

Exploit Title: NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-08-30 Vendor Homepage: https://www.networkactiv.com/WebServer.html Software Link: https://www.networkactiv.com/Dev/ Tested Version: 4.0 Pre-Alpha-3.7.2...

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal

Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal Date: 2018-08-29 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.cybrotech.com/ Software Link: http://www.cybrotech.com/wp-content/uploads/2016/11/CyBroHttpServer-v1.0.3.zip Version: v1.0.3 Tested on: Windows CVE:...

Linux/ARM - read(0, buf, 0xff) stager + execve("/bin/sh", NULL, NULL) Shellcode (28 Bytes)

Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - read0, buf, 0xff stager + execve"/bin/sh", NULL, NULL Shellcode 28 Bytes Date: 2018-08-30 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara...

WordPress Plugin Quizlord 2.0 - Cross-Site Scripting

Exploit Title: WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/quizlord.zip Version: 2.0 Tested on: Kali Linux CVE: N/A Description : Quizlord is prone to Stored Cross Site Scripting...

Linux/x86 - Reverse TCP (fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP) Shell (/bin/sh) + IPv6 Shellcode (Generator) (94 bytes)

Linux/x86 - Reverse TCP fd15:4ba5:5a2b:1002:61b7:23a9:ad3d:5509:1337/TCP Shell /bin/sh + IPv6 Shellcode Generator 94 bytes. Shellcode exploit for Lin... !/usr/bin/env python3 Exploit Title: Linux x86 IPv6 Reverse TCP Shellcode Generator 94 bytes Date: 2018-08-26 Shellcode Author: Kevin Kirsche...

Windows/x64 (10) - WoW64 Egghunter (w00tw00t) Shellcode (50 bytes)

Windows/x64 10 - WoW64 Egghunter w00tw00t Shellcode 50 bytes. Shellcode exploit for Windowsx86-64 platform include include include include using namespace std; / Title: WoW64Egghunter for Windows 10 32bit apps on 64bit Windows 10 Size: 50 bytes Date: 26/08/2018 Author: n30m1nd -...

Drive Power Manager 1.10 - Denial Of Service (PoC)

Exploit Title: Drive Power Manager 1.10 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-29 Homepage: https://www.hdtune.com/ Software Link: https://www.hdtune.com/download.html Tested Version: v1.10 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python...

Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service (PoC)

Exploit Title: Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service PoC Discovery by: Samuel Cruz Discovery Date; 2018-08-29 Vendor Homepage: https://www.skype.com/es/business/ Tested Version: 16.0.10730.20053 Tested on OS: Windows 10 Pro x64 es/home/...

NASA openVSP 3.16.1 - Denial of Service (PoC)

Exploit Title: NASA openVSP 3.16.1 - Denial of Service PoC Exploit Author : L0RD Date: 2018-08-28 Vendor Homepage : https://software.nasa.gov/software/LAR-17491-1 Software link: https://github.com/nasa/OpenVSP Version: 3.16.1 Tested on: Windows 10 CVE: N/A Description : The Vehicle Sketch Pad VSP...

Easy PhotoResQ 1.0 - Denial Of Service (PoC)

Exploit Title: Easy PhotoResQ 1.0 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-29 Homepage: https://www.hdtune.com/ Software Link: https://www.hdtune.com/download.html Tested Version: v1.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit...

Episerver 7 patch 4 - XML External Entity Injection

Exploit Title: Episerver 7 patch 4 - XML External Entity Injection Google Dork: N/A Date: 2018-08-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.episerver.se/ Version: Episerver 7 patch 4 and below CVE : N/A episploit.py - Blind XXE file read exploit for Episerver 7 patch 4 and below...

HD Tune Pro 5.70 - Denial of Service (PoC)

Exploit Title: HD Tune Pro 5.70 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-29 Homepage: https://www.hdtune.com/ Software Link: https://www.hdtune.com/download.html Tested Version: v5.70 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit...

Immunity Debugger 1.85 - Denial of Service (PoC)

Exploit Title: Immunity Debugger 1.85 - Denial of Service PoC Author: Gionathan "John" Reale Date: 2018-08-28 Homepage: https://www.immunityinc.com/ Software Link: https://www.immunityinc.com/products/debugger/index.html Tested Version: v1.85 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run...

Linux/ARM - execve("/bin/sh", ["/bin/sh"], NULL) Shellcode (32 Bytes)

Linux/ARM - execve"/bin/sh", "/bin/sh", NULL Shellcode 32 Bytes. Shellcode exploit for ARM platform / Title: Linux/ARM - execve"/bin/sh", "/bin/sh", NULL Shellcode 32 Bytes Date: 2018-08-16 Tested: armv7l Raspberry Pi 3 Model B+ Author: Ken Kitahara pi@raspberrypi: $ uname -a Linux raspberrypi...

Fathom 2.4 - Denial Of Service (PoC)

Exploit Title: Fathom 2.4 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-28 Homepage: https://fathom.concord.org/ Software Link: https://fathom.concord.org/download/ Tested Version: v2.4 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python exploit scrip...

phpMyAdmin 4.7.x - Cross-Site Request Forgery

Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery Date: 2018-08-28 Exploit Author: VulnSpy Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: Versions 4.7.x prior to 4.7.7 Tested on: php7 mysql5 CVE: CVE-2017-1000499 -- Original...

Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + (Dual IPv4 and IPv6) Shellcode (146 bytes)

Linux/x86 - Bind 1337/TCP Shell /bin/sh + Dual IPv4 and IPv6 Shellcode 146 bytes. Shellcode exploit for Linuxx86 platform / Exploit Title: Linux x86 Dual Network Stack IPv4 and IPv6 Bind TCP Shellcode Date: 2018-08-18 Shellcode Author: Kevin Kirsche Shellcode Repository:...

Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Exploit: Argus Surveillance DVR 4.0.0.0 - Directory Traversal Author: John Page aka hyp3rlinx Date: 2018-08-28 Vendor: www.argussurveillance.com Software Link: http://www.argussurveillance.com/download/DVRstp.exe CVE: N/A Description: Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated...

ipPulse 1.92 - 'TCP Port' Denial of Service (PoC)

Exploit Title: ipPulse 1.92 - 'TCP Port' Denial of Service PoC Discovery by: Diego Santamaria Discovery Date: 2018-08-28 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link: http://download.netscantools.com/ipls192.zip Tested Version: 1.92 Vulnerability Type: Denial of...

Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service (PoC)

Exploit Title: Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-29 Vendor Homepage: https://www.cisco.com/ Software Link: App Store for iOS devices Tested Version: 4.6.01099 Vulnerability Type: Denial of...

Trillian 6.1 Build 16 - 'Sign In' Denial of service (PoC)

Exploit Title: Trillian 6.1 Build 16 - "Sign In" Denial of service PoC Discovery by: Jose Miguel Gonzalez Discovery Date; 2018-08-29 Vendor Homepage: https://www.trillian.im/ Software Link: https://www.trillian.im/download/ Tested Version: 6.1 Build 16 Tested on OS: Windows 10 Single Language x64...

SIPP 3.3 - Stack-Based Buffer Overflow

Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user suppliedinput while reading the configuration file and parsing the malicious...

R 3.4.4 - Buffer Overflow (SEH)

-------------------------------------------------------- Exploit Title: R v3.4.4 - SEH Buffer Overflow Exploit Exploit Author : ZwX Exploit Date: 2018-08-22 Vendor Homepage : https://www.r-project.org/ Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: [email protected] Website:...

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure

Exploit Title: Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure Date: 2018-07-16 WebPage: https://CTRLu.net/ Vendor Homepage: http://www.eaton.com/ Vendor Advisory: http://www.eaton.com/content/dam/eaton/company/news-insights/cybersecurity/security-bulletins/PXM-Advisory.pdf Software Link...

Linux/MIPS64 - execve(/bin/sh) Shellcode (48 bytes)

Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes. Shellcode exploit for LinuxMIPS platform / Title: Linux/MIPS64 - execve/bin/sh Shellcode 48 bytes Date: 2018-08-10 Author: Antonio execve/bin/sh shellcode for MIPS64 tested on MIPS Malta - Linux debian-mips64el 4.9.0-3-5kc-malta 48 bytes gcc...

Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service (PoC)

Exploit Title: Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-27 Vendor Homepage: https://www.cisco.com/ Software Link : https://software.cisco.com/download/home/286277276/type/280775097/release/6.3.3 Tested Version: 6.3.3...

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free

alert'start'; var vars = ; var r = new RegExp; forvar i=0; i20000; i++ varsi = "aaaaa"; r.lastIndex = "aaaaa"; for...

Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation

Note: PoC will now hijack the print spooler service - spoolsv.exe - as it required less code then hijacking printfilterpipelinesvc.exe, which was shown in the original video demo Description of the vulnerability The task scheduler service has an alpc endpoint, supporting the method...

VirtualBox 5.2.6.r120293 - VM Escape

Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an interesting double fetch vulnerability in VirtualBox Video Acceleration VBVA feature affecting Linux hosts. VBVA feature works on top of VirtualBox Host-Guest Shared...

Instagram App 41.1788.50991.0 - Denial of Service (PoC)

Exploit Title: Instagram App 41.1788.50991.0 - Denial of Service PoC Exploit Author : Ali Alipour Date: 2018-08-25 Vendor Homepage : https://www.instagram.com/ Software Link Download : https://www.microsoft.com/en-us/p/instagram/9nblggh5l9xt?ocid=blitzwindowsblog&activetab=pivot%3aoverviewtab Abo...

Sentrifugo HRMS 3.2 - 'deptid' SQL Injection

Exploit Title: Sentrifugo HRMS 3.2 - 'deptid' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-26 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version: 3.2 and possibly before Patched Version:...

Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection

------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 2017...

Foxit PDF Reader 9.0.1.1049 - Pointer Overwrite Use-After-Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Foxit PDF Reader Pointer Overwrite UAF', 'Description' = %q Foxit PDF Reader v9.0.1.1049 has a Use-After-Free vulnerability in the Text Annotatio...

Libpango 1.40.8 - Denial of Service (PoC)

Exploit Title: Libpango 1.40.8 - Denial of Service PoC Date: 2018-08-06 Exploit Author: Jeffery M Vendor Homepage: https://www.pango.org/ Software Link: http://ftp.gnome.org/pub/GNOME/sources/pango/1.40/pango-1.40.9.tar.xz Version: 1.40.8+ Tested on: Windows 7, Gentoo CVE : CVE-2018-15120 Patch :...

Firefox 55.0.3 - Denial of Service (PoC)

Exploit Title: Firefox 55.0.3 - Denial of Service PoC Date: 2018-08-26 Exploit Author: L0RD Vendor Homepage: mozilla.org Software Link: https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/ Version: 55.0.3 Tested on: Windows 10 CVE: N/A Description : An issue was discovered in firefox 55.0.3...

HP Jetdirect - Path Traversal Arbitrary Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require "rex/proto/pjl" class MetasploitModule 'HP Jetdirect Path Traversal Arbitrary Code Execution', 'Description' = %q The module exploits a path traversal via...

Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service (PoC)

Exploit Title: Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-26 Vendor Homepage: https://www.trendmicro.com/ense/business/products/user-protection/sps/mobile.html Software Link: App Store for iOS devices...

RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)

Exploit Title: RICOH MP C4504ex Printer - Cross-Site Request Forgery Add Admin Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...

Electron WebPreferences - Remote Code Execution

CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions 3.0.0-beta.6, 2.0.7,...

Responsive FileManager < 9.13.4 - Directory Traversal

The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following request allows a user to read any file on the system. GET...

Adobe Flash - AVC Processing Out-of-Bounds Read

The attached fuzz file causes an out-of-bounds read in AVC processing. To reproduce the issue, put both attached files on a server, and vist: http://127.0.0.1/LoadMP4.swf?file=transpose.mp4 This issue reproduces on Chrome and Firefox for Linux. Proof of Concept:...

LiteCart 2.1.2 - Arbitrary File Upload

Exploit Title: LiteCart 2.1.2 - Arbitrary File Upload Date: 2018-08-27 Exploit Author: Haboob Team Software Link: https://www.litecart.net/downloading?version=2.1.2 Version: 2.1.2 CVE : CVE-2018-12256 1. Description admin/vqmods.app/vqmods.inc.php in LiteCart 2.1.2 allows remote authenticated...

WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection

!-- Wordpress Plainview Activity Monitor RCE + Version: 20161228 and possibly prior + Description: Combine OS Commanding and CSRF to get reverse shell + Author: LydAcric LEFEBVRE + CVE-ID: CVE-2018-15877 + Usage: Replace 127.0.0.1 & 9999 with you ip...