LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: administrator account can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203899.html Software Link: http://www.lfdycms.com/home/down/index/id/26.html Version: 3.7.0 CVE :...

IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)

require 'msf/core' class MetasploitModule 'IPConfigure Orchid VMS %q Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in th...

Apache CouchDB < 2.1.0 - Remote Code Execution

Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on: Debian CVE : CVE-2017-12636 References:...

Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

Windows: Windows: Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as...

TP-Link TL-WA850RE - Remote Command Execution

!/usr/bin/env python Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Command Execution Date: 19/06/2018 Exploit Author: yoresongo - Advisability S.A.S Colombia www.advisability.co Vendor Homepage: https://www.tp-link.com/ Firmware Link:...

Redis 5.0 - Denial of Service

Exploit Title: Redis 5.0 Denial of Service Date: 2018-06-13 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0 Fixed on: 5.0 CVE : CVE-2018-12453 Type confusion in the xgroupCommand function in tstream.c in...

MaDDash 2.0.2 - Directory Listing

Exploit Title: MaDDash 2.0.2 - Directory Listing Date: 2018-06-18 Vendor: perfSONAR Download Link: https://github.com/esnet/maddash/archive/master.zip Version: 2.0.2 Exploit Author: ManhNho CVE: CVE-2018-12522,CVE-2018-12523,CVE-2018-12524,CVE-2018-12525 Category: Webapps Tested on: Windows 7 ---...

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow Date: 2018-06-06 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: http://www.ntp.org/ Software Link: http://www.ntp.org/downloads.html Version: 4.2.8p11 and earlier Tested on: 4.2.8p11 CVE : CVE-2018-12327 Stack-based buffer...

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of...

VideoInsight WebClient 5 - SQL Injection

Title: VideoInsight WebClient 5 - SQL Injection Date: 2018-05-06 Author: vosec Vendor Homepage: https://www.security.us.panasonic.com/ Software Link: https://www.security.us.panasonic.com/video-management-software/web-client/ Version: 5 Tested on: Windows Server 2008 R2 CVE: N/A Description: This...

NewMark CMS 2.1 - 'sec_id' SQL Injection

Exploit Title: NewMark CMS 2.1 - SQL Injection secid Google Dork: /catalog/?sectid= Date: 2018-06-20 Exploit Author: Berk Dusunur Vendor Homepage: https://nmark.ru/ Software Link: https://nmark.ru/razrabotka/korporativniy-sayt/ Version: v2.1 Tested on: Pardus CVE : N/A Prof Of Consept sec id...

Mirasys DVMS Workstation 5.12.6 - Path Traversal

Exploit Title: Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6...

Redis-cli < 5.0 - Buffer Overflow (PoC)

Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Date: 2018-06-13 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow in redis-cli of Redis version 3.2, 4....

Nikto 2.1.6 - CSV Injection

Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...

Redatam Web Server < 7 - Directory Traversal

Exploit Title: Redatam Web Server R+SP WebUtilities Exception Error Number 401 Error Message File not found in folder C:\wamp\apps\redatam\redbin\ - blablabla Script directory /wamp/a...

RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin)

Exploit Title: RabbitMQ Web Management Add RabbitMQ Admin window.onload = rabbit.submit...

Pale Moon Browser < 27.9.3 - Use After Free (PoC)

Exploit Title: Pale Moon Browser function SetVariablefuzzervars, varname, vartype fuzzervarsvartype = varname; function jsfuzzer var var1 = var2.getDistributedNodes; SetVariablevar1, 'NodeList';...

Microsoft COM for Windows - Privilege Escalation

Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to...

Audiograbber 1.83 - Local Buffer Overflow (SEH)

Exploit Title: Audiograbber 1.83 - Local Buffer Overflow SEH Date: 2018-06-16 Exploit Author: Dennis 'dhn' Herrmann Vendor Homepage: https://www.audiograbber.org/ Version: 1.83 Tested on: Windows 7 SP1 x86 !/usr/bin/env python $Id: exploit.py,v 1.0 2018/06/16 13:25:59 dhn Exp $ Tested with Window...

Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User)

Exploit Title: Joomla!Component jomres 9.11.2 - Cross site request forgery Date: 2018-06-15 Exploit Author: L0RD Vendor Homepage: https://www.jomres.net/ Software link: https://extensions.joomla.org/extension/jomres/ Software Download:...

OEcms 3.1 - Cross-Site Scripting

Title: OEcms 3.1 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-15 Software: OEcms v3.1 CVE: CVE-2018-12095 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application. The vulnerability is locate...

Dimofinf CMS 3.0.0 - Cross-Site Scripting

Title: Dimofinf CMS 3.0.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-13 Software: Dimofinf CMS Version 3.0.0 CVE: CVE-2018-12094 A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Dimofinf CMS" web-application. The vulnerability is located in t...

Soroush IM Desktop App 0.15 (beta) - Authentication Bypass

Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Date: 2018-06-13 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Tested on: Windows 10 1803 Security Issue: Attackers can unloc...

rtorrent 0.9.6 - Denial of Service

Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connect'1.3.3.7', 6890...

Joomla! Component Ek Rishta 2.10 - SQL Injection

Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Date: 2018-06-14 Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download: https://extensions.joomla.org/extension/ek-rishta/ CVE: CVE-2018-12254...

Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload

Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Date: 2018-06-13 Exploit Author: mn@HackerWerkstatt Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and older Tested on: LinuxMint More: Login required PoC In the...

DHCP Client - Command Injection 'DynoRoot' (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DHCP Client Command Injection DynoRoot', 'Description' = %q This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager...

glibc - 'realpath()' Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain root privileges on Linux systems by abusing a vulnerabili...

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation

Title: RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Date: 2017-12-11 Author: LiquidWorm Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell Automation RSLinx Classic 3.90.01 Rockwell Automation RSLinx Classic...

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass

Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the anonymous token leading to a security feature bypass...

MACCMS 10 - Cross-Site Request Forgery (Add User)

Exploit Title: MACCMSV10 CSRF vulnerability add admin account Date: 2018-06-11 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html Software Link: http://www.maccms.com/down.html Version: V10 CVE : CVE-2018-12114 I found a CSRF vulnerability in maccmsv10,this...

Canon LBP6030w - Authentication Bypass

Canon LBP6030w - Authentication Bypass. CVE-2018-12049. Webapps exploit for Hardware platform Exploit Title: Canon LBP6030w - Authentication Bypass Date: 2018-06-07 Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Version: LBP6030w Severity: High Leads to full System Manager Mode...

Joomla! Component EkRishta 2.10 - 'username' SQL Injection

Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 2.10 Tested on: Win 10 POC : SQLi : Parameter : username...

Canon PrintMe EFI - Cross-Site Scripting

Title: Canon PrintMe EFI - Cross-Site Scripting Date: 9.6.2018-06-09 Exploit Author: Huy Kha Vendor Homepage: https://www.efi.com/ Version: Canon PrintMe EFI Tested on: Mozilla FireFox CVE: CVE-2018-12111 XSS Payload used: '"--! PoC GET...

Canon LBP7110Cw - Authentication Bypass

Canon LBP7110Cw - Authentication Bypass. CVE-2018-12048. Webapps exploit for Hardware platform Exploit Title: Canon LBP7110Cw - Authentication Bypass Date: 2018-06-07 Exploit Author: Huy Kha Vendor Homepage: http://global.canon.com Version: LBP7110Cw CVE: CVE-2018-12049 Severity: High Leads to fu...

OX App Suite 7.8.4 - Multiple Vulnerabilities

Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by Vendor Fixed version: 7.6.3-rev30, 7.8.2-rev3...

WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection

Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body: entryid=ExploitCodeHere&wpnonce=xxx&action=ufblgetentrydetailaction Disclosure Timeline 2018/06/01 Vulnerabilities...

WordPress Plugin Google Map < 4.0.4 - SQL Injection

Title: WordPress Google Map Plugin getresults Vulnerable Variable: $GET'order' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin.php?page=wpgmpmanagelocation&orderby=locationaddress&order=asc PROCEDURE ANALYSEEXTRACTVALUE4242,CONCAT0x42,BENCHMARK42000000,MD50x42424242,42 SQL injection...

Schools Alert Management Script - 'get_sec.php' SQL Injection

Exploit Title: Schools Alert Management Script - 'getsec.php' SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

Siaberry 1.2.2 - Command Injection

Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying and selling data storage. The device is intended to give...

userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting

Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit log page !/usr/bin/perl use strict; use LWP::UserAgent;...

WordPress Plugin Pie Register < 3.0.9 - Blind SQL Injection

Title: WordPress Plugin Pie Register order = escsql $order ; IV. PROOF OF CONCEPT The following URL have been confirmed to all suffer from Time Based SQL Injection. GET /wordpress/wp-admin/admin.php?page=pie-invitation-codes&orderby=name&order=desc original GET...

Schools Alert Management Script - Arbitrary File Deletion

Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

WebKitGTK+ < 2.21.3 - 'WebKitFaviconDatabase' Denial of Service (Metasploit)

Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in denial of service. , 'License' = MSFLICENSE, 'Author' = 'Dhiraj Mishra'...

Schools Alert Management Script - Arbitrary File Read

Exploit Title: Schools Alert Management Script - Arbitrary File Read Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

userSpice 4.3.24 - Username Enumeration

Exploit Title: userSpice 4.3.24 - Username Enumeration Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration" if lensys.argv != 3: print 'Usage:',...

Schools Alert Management Script - SQL Injection

Exploit Title: Schools Alert Management Script - SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...

Event Manager Admin panel - 'events_new.php' SQL injection

Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link: https://codecanyon.net/item/eventmanager-php-script-admin-panel/21280741 Tested on: windows 10 1...

Joomla! Component EkRishta 2.10 - 'cid' SQL Injection

Exploit Title: Joomla! Component Ek Rishta 2.10 - SQL Injection Dork: N/A Date: 08.06.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extension/ek-rishta/ Version: 2.10 Tested on: WiN7x64/ video : https://youtu.be/UWGFVUU9AU0 Exploit Author:...

XiongMai uc-httpd 1.0.0 - Buffer Overflow

Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Date: 2018-06-08 Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on TCP/81 CVE ID: CVE-2018-10088 DISCLAIMER: Thi...