Mikrotik WinBox 6.42 - Credential Disclosure (golang)

/ Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 \ Debian 9 \ Windows 10 \ Android wherever it was...

TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)

Exploit Title: TP-Link WR840N 0.9.1 3.16 - Denial of Service PoC Exploit Author: Aniket Dinda Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version: TP-Link Wireless N Router WR840N Firmwar...

Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and below fixed version: 5.3.0 CVE number: CVE-2018-14057, CVE-2018-14058,...

Central Management Software 1.4.13 - Denial of Service (PoC)

Exploit Title: Central Management Software v1.4.13 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-16 Homepage: https://www.ambientweather.com Software Link:...

WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)

Exploit Title: WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData' Buffer Overflow PoC Date: 2018-08-15 Exploit Author: PeregrineX Vendor Homepage: https://webkitgtk.org/ & https://webkit.org/wpe/ Software Link: https://webkitgtk.org/releases/ & https://wpewebkit.org/releases/ Version: RefPtr...

OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions

Exploit Title: OpenEMR 5.0.1.3 - Arbitrary File Actions Date: 2018-08-14 Exploit Author: Joshua Fam Twitter : @Insecurity Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Version: 5.0.1.3 Tested on: Ubuntu LAMP, OpenEMR Version...

WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection

Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version: 1.1.1 and before Acti...

ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)

Exploit Title: ObserverIP Scan Tool 1.4.0.1 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-16 Homepage: https://www.ambientweather.com Software Link: https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/ssl/iptools/IPTools64bit.exe Tested Version: 1.4.0....

OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)

!/usr/bin/env python Copyright c 2018 Matthew Daley Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the "Software", to deal in the Software without restriction, including without limitation the rights to use, copy,...

ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass

Title: ASUS-DSL N10 1.1.2.217 - Authentication Bypass Author: AmnBAN team Date: 2018-08-06 Vendor Homepage: https://www.asus.com/Networking/DSLN10C1with5dBiantenna/ Sofrware version: 1.1.2.217 CVE: N/A 1. Description: In ASUS-DSL N10 C1 modem Firmware Version 1.1.2.217 there is loginauthorization...

ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection

Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds Vendor - https://www.asustor.com/ Patch Notes - http://download.asustor.com/download/docs/releasenotes/RNADM3.1.3.RHU2.pdf Issue: The Asustor NAS appliance on ADM 3.1.0 and before suffer from multiple critical vulnerabilities. The...

JioFi 4G M2S 1.0.2 - Denial of Service (PoC)

Exploit Title: JioFi 4G M2S 1.0.2 - Denial of Service PoC Exploit Author: Vikas Chaudhary Date: 2018-07-26 Vendor Homepage: https://www.jio.com/ Hardware Link:...

Wansview 1.0.2 - Denial of Service (PoC)

Exploit Title: Wansview 1.0.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-14 Software Link: http://www.wansview.com/uploads/soft/Wansviewv1.0.2.exe Tested Version: 1.0.2 Tested on OS: Windows 10 Steps to Reproduce: Run the python exploit script, it will create a...

Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)

Exploit Title: Cloudme 1.9 - Buffer Overflow DEP Metasploit Date: 2018-08-13 Exploit Author: Raymond Wellnitz Vendor Homepage: https://www.cloudme.com Version: 1.8.x/1.9.x Tested on: Windows 7 x64 CVE : 2018-6892 This module requires Metasploit: https://metasploit.com/download Current source:...

Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)

Exploit title: Oracle Glassfish OSE 4.1 - Path Traversal Metasploit Author: Dhiraj Mishra Date: 2018-08-14 Software: Oracle Glassfish Server OSE Version: 4.1 Software link: http://download.oracle.com/glassfish/4.1/release/glassfish-4.1.zip CVE: 2017-1000028 This module requires Metasploit:...

Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Path Traversal in Oracle GlassFish Server Open Source Edition', 'Description' = %q This module exploits an unauthenticated directory traversal...

cgit 1.2.1 - Directory Traversal (Metasploit)

Title: cgit 1.2.1 - Directory Traversal Metasploit Author: Dhiraj Mishra Software: cgit Link: https://git.zx2c4.com/cgit/ Date: 2018-08-14 CVE: CVE-2018-14912 This module exploits a directory traversal vulnerability which exists in cgit 'cgit Directory Traversal', 'Description' = %q This module...

Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)

Linux/x64 - Add Root User toor/toor Shellcode 99 bytes. Shellcode exploit for Linuxx86-64 platform ; Title: add root user toor:toor ; Date: 20180811 ; Author: epi ; https://epi052.gitlab.io/notes-to-self/ ; Tested on: linux/x8664 SMP CentOS-7 3.10.0-862.2.3.el7.x8664 GNU/Linux ; ; Shellcode Lengt...

PostgreSQL 9.4-0.5.3 - Privilege Escalation

Exploit Title: PostgreSQL 9.4-0.5.3 - Privilege Escalation Date: 2017-10-11 Exploit Author: Johannes Segitz Vendor Homepage: https://bugzilla.suse.com/showbug.cgi?id=1062722 Software Link: - Version: Before postgresql-init-9.4-0.5.3.1 Tested on: SUSE Linux Enterprise 11 SP4 CVE : CVE-2017-14798...

PLC Wireless Router GPN2.4P21-C-CN - Denial of Service

Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Unauthenticated Remote Reboot Date: 8/12/2018 Exploit Author: Chris Rose Affected Model : GPN2.4P21-C-CNFirmware: W2001EN-00 Vendor: ChinaMobile Tested on: Debian Linux Shodan dork- title:PLC CVE: None Description: PLC Wireless Router's are...

IP Finder 1.5 - Denial of Service (PoC)

Exploit Title: IP Finder 1.5 - Denial of Service PoC Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-12 Software Link: https://securimport.com/university/index.php/videovigilancia-ip/software/429-ip-finder Tested Version: 1.5 Tested on OS: Windows XP...

Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE', 'Description' = %q An unauthenticated attacker with network...

Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow

Exploit Title: iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-12 Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested...

Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DIRECTX-SDK-XACT.EXE-TROJAN-FILE-CODE-EXECUTION.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor ============= www.microsoft.com Product ===========...

IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting

Exploit Title: IBM Sterling B2B Integrator persistent cross-site scripting Exploit Author: Vikas Khanna https://www.linkedin.com/in/leetvikaskhanna/ https://twitter.com/MRSHANUKHANNA Vendor Homepage:...

Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)

Exploit Title : Acunetix Web Vulnerability Scanner 10.0 Build 20150623 - Denial of Service PoC Discovery by: Javier Enrique Rodriguez Gutierrez Discovery Date : 2018-08-11 Vendor Homepage: https://www.acunetix.com Tested Version : 10.0 Vulnerability Type : Denial of Service PoC Tested on OS :...

Android - Directory Traversal over USB via Injection in blkid Output

When a USB mass storage device is inserted into an Android phone even if the phone is locked!, vold will attempt to automatically mount partitions from the inserted device. For this purpose, vold has to identify the partitions on the connected device and collect some information about them, which...

Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)

Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-13 Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download/spm2812.zip...

MyBB Like Plugin 3.0.0 - Cross-Site Scripting

Exploit Title: MyBB Like Plugin 3.0.0 - Cross-Site Scripting Date: 2018-08-01 Author: 0xB9 Twitter: @0xB9Sec Software Link: https://community.mybb.com/mods.php?action=view&pid=360 Version: 3.0.0 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: This plugin allows users to thank/like other users...

MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting

Exploit Title: MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting Date: 8/1/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=360 Version: 3.0.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-14888 1. Description: This plugin...

Zimbra 8.6.0_GA_1153 - Cross-Site Scripting

Exploit Title: Xss Zimbra Mail server Google Dork: Date: 2018/08/10 Exploit Author: Dinbar78 Vendor Homepage: https://www.zimbra.com/ Version: 8.6.0GA1153 build 20141215151110 bug 103609 or CVE-2016-3411 Payload: es. https:// zimbrasite/h/changepass?skin="alert'hacked';...

iSmartViewPro 1.5 - 'Password' Buffer Overflow

Exploit Title: iSmartViewPro 1.5 - 'Password' Buffer Overflow Discovery by: Javier Enrique Rodriguez Gutierrez Discovery Date: 2018-08-09 Vendor Homepage: https://securimport.com/ Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested...

reSIProcate 1.10.2 - Heap Overflow

''' CVE ID: CVE-2018-12584 TIMELINE Bug report with test code sent to main reSIProcate developers: 2018-06-15 Patch created by Scott Godin: 2018-06-18 CVE ID assigned: 2018-06-19 Patch committed to reSIProcate repository: 2018-06-21 Advisory first published on website: 2018-06-22 Advisory sent to...

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)

Exploit Title: TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery Information Disclosure Date: 2018-08-09 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3 00000001 Firmware Link: https://www.tp-link.com/download/Archer-C50V3.htmlFirmware...

Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)

Exploit Title: Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Date: 2018-05-21 Exploit Authors: Omid Shojaei @Dmitriyarea51, Dark VoidSeeker, Alireza Mosajjal Vendor Page: https://www.mikrotik.com/ Sotware Link: https://mikrotik.com/download Version: 6.29 - 6.42 Tested on: Metasploit...

TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)

Exploit Title: TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery Remote Reboot Date: 2018-08-09 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3 00000001 Firmware Link: https://www.tp-link.com/download/Archer-C50V3.htmlFirmware Firmware...

Soroush IM Desktop App 0.17.0 - Authentication Bypass

Exploit Title: Soroush IM Desktop App 0.17.0 - Authentication Bypass Date: 2018-08-08 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: http://54.36.43.176/SoroushSetup0.17.0.exe Version: 0.17.0 BETA Tested on: Windows 10 1803 and windows server 2016 14393 Securi...

Linux Kernel 4.14.7 (Ubuntu 16.04 / CentOS 7) - (KASLR & SMEP Bypass) Arbitrary File Read

// A proof-of-concept exploit for CVE-2017-18344. // Includes KASLR and SMEP bypasses. No SMAP bypass. // No support for 1 GB pages or 5 level page tables. // Tested on Ubuntu xenial 4.4.0-116-generic and 4.13.0-38-generic // and on CentOS 7 3.10.0-862.9.1.el7.x8664. // // gcc pwn.c -o pwn // // ...

osTicket 1.10.1 - Arbitrary File Upload

Exploit Title: osTicket 1.10.1 - Arbitrary File Upload Exploit Author: r3j10r Rajwinder Singh Date: 2018-08-08 Vendor Homepage: http://osticket.com/ Software Link: http://osticket.com/download Version: osTicket v1.10.1 CVE-2017-15580 Vulnerability Details: osTicket application provides a...

iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow

Exploit Title: iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow Author: Rodrigo Eduardo Rodriguez Discovery Date: 2018-08-07 Vendor Homepage: https://securimport.com/ Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested Version: 1....

LG-Ericsson iPECS NMS 30M - Directory Traversal

Exploit Title: LG-Ericsson iPECS NMS 30M - Directory Traversal Shodon Dork: iPECS CM Exploit Author: Safak Aslan Software Link: www.ipecs.com Version: 30M-B.2Ia and 30M-2.3Gn Authentication Required: No Tested on: Linux CVE: N/A Description The directory traversal was detected on LG-Ericsson's...

iSmartViewPro 1.5 - 'Account' Buffer Overflow

Exploit Title: iSmartViewPro 1.5 - 'Account' Buffer Overflow Discovery by: Alan Joaquín Baeza Meza Discovery Date: 2018-08-07 Vendor Homepage: http://www.securimport.com/n/en/ Software Link: https://securimport.com/university/index.php/videovigilancia-ip/software/493-software-ismartviewpro-v1-5...

TP-Link Wireless N Router WR840N - Denial of Service (PoC)

Exploit Title:- TP-Link Wireless N Router WR840N - Denial of Service PoC Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version: TP-Link Wireless N Router WR840N Category: Hardware Exploit...

OpenEMR 5.0.1.3 - Remote Code Execution (Authenticated)

Title: OpenEMR 5.0.1.3 - Remote Code Execution Authenticated Author: Cody Zacharias Date: 2018-08-07 Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Dockerfile: https://github.com/haccer/exploits/blob/master/OpenEMR-RCE/Dockerfile...

Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

Exploit Title: Monstra-Dev 3.0.4 - Cross-Site Request ForgeryAccount Hijacking Date: 2018-08-04 Exploit Author: Nainsi Gupta Vendor Homepage: http://monstra.org/ Product Name: Monstra-dev Version: 3.0.4 Tested on: Windows 10 Firefox/Chrome CVE : N/A 1. Description CSRF vulnerability in...

Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass)

%PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Exploit Title: Foxit Reader 9.0.1.1049 - Buffer Overflow ASLRDEP Date: 2018-08-04 Exploit Author: Manoj Ahuje Tested on: Windows 7 Pro x32 Software Link:...

QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)

Exploit Title : QNap QVR Client 5.0.3.23100 - Denial of Service PoC Discovery by : Rodrigo Eduardo Rodriguez Discovery Date : 2018-08-06 Vendor Homepage: http://www.qnapsecurity.com/n/en/ Software Link : http://download.qnap.com/Surveillance/Utility/QNewMon5.zip Tested Version : 5.0.3.23100...

onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Cross-Site Request Forgery Add Admin Google Dork: Powered by onArcade v2.4.2 Date: 2018/August/4 Author: r3m0t3nu11Zero-way Software Link: "http://www.onarcade.com" Version: "Uptodate" the appilication is vulnerable to CSRF attack No CSRF token in place meaning that if an admin use...

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)

Exploit Title: AgataSoft Auto PingMaster 1.5 - Buffer Overflow SEH Date: 2018-08-03 Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: AgataSoft Auto PingMaster 1.5 Vendor Homepage: http://agatasoft.com/ Version: 1.5 Software Link : http://agatasoft.com/PingMaster.exe Tested Windows 7 SP1 x...

Subrion CMS 4.2.1 - Cross-Site Scripting

Exploit Title: Subrion CMS- 4.2.1 XSS Using component with known Vulnerability Date: 02-08-2018 Exploit Author: Zeel Chavda Vendor Homepage: https://subrion.org/ Software Link: https://subrion.org/download/ Version: 4.2.1 REQUIRED Tested on: Windows,FireFox CVE : CVE-2018-14840 Steps: - 1. Create...