47904 matches found
WordPress Plugin Comments Import & Export < 2.0.4 - CSV Injection
Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected Version: 2.0.4 and before Category: Plugins and Extensions...
DIGISOL DG-BR4000NG - Cross-Site Scripting
Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting Date: 2018-06-24 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK Category: Hardware Exploit Author: Adipta Basu Contact :...
KVM (Nested Virtualization) - L1 Guest Privilege Escalation
When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode this is enforced by hardware. However, for code running in L...
Foxit Reader 9.0.1.1049 - Remote Code Execution
%PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...
Ecessa ShieldLink SL175EHQ < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4, 10.6.5.2, 10.5.4, 10.2.24, 9.2.24 Summary: Ecessa's ShieldLink 60, 175, 600,12...
Travel Agency 1.1 - 'cid' SQL Injection
Travel Agency 1.1 - 'cid' SQL Injection. Webapps exploit for PHP platform Exploit Title: Travel Agency 1.1 - 'cid' SQL Injection Data: 2018-06-23 Exploit Author: Ashkan Moghaddas Tested on: Windows - Linux Google Dork: N/A CVE: N/A Vulnerable Page: /add.city.php Vulnerable Source:...
AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: AsusWRT RT-AC750GF - Cross-Site Request Forgery Change Admin Password Date: 2018-06-23 Exploit Author: Wadeek Vendor Homepage: https://www.asus.com/ Firmware Link: http://dlcdnet.asus.com/pub/ASUS/wireless/RT-AC750GF/FWRTAC750GF30043806038.zip Firmware Version: 3.0.0.4.380.6038...
DIGISOL DG-BR4000NG - Buffer Overflow (PoC)
Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow PoC Date 2018-06-24 Vendor Homepage† http://www.digisol.com Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK Version: DIGISOL DG-BR4000NG Wireless Router Category Hardware Exploit Author Adipta Basu...
Ecessa WANWorx WVR-30 < 10.7.4 - Cross-Site Request Forgery (Add Superuser)
Exploit title: Ecessa WANWorx WVR-30 input type="hidden" nam...
WordPress Plugin iThemes Security < 7.0.3 - SQL Injection
Exploit Title: WordPress Plugin iThemes Securitybetter-wp-security = 7.0.2 - Authenticated SQL Injection Date: 2018-06-25 Exploit Author: Çlirim Emini Website: https://www.sentry.co.com/ Vendor Homepage: https://ithemes.com/ Software Link: https://wordpress.org/plugins/better-wp-security/...
QEMU Guest Agent 2.12.50 - Denial of Service
Exploit Title: QEMU Guest Agent 2.12.50 - Denial of Service Date: 2018-06-07 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.qemu.org/ Software Link: https://www.qemu.org/download/ Version: 2.12.50 and earlier Tested on: 2.12.50 CVE : CVE-2018-12617 QEMU Guest Agent 2.12.5...
Opencart < 3.0.2.0 - Denial of Service
!/usr/bin/perl -w Opencart https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Tested store with added more than 1000 products todor@adamantium cartkiller torsocks perl killcart.pl example.com Opencart = 3.0.2.0 googlesitemap Remote Denial of Service resource exhaustion Connecting...
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)
Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link: https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE481.tar.gz Version: 4.8.0, 4.8.1 Tested on: php7 mysql5 CVE :...
GreenCMS 2.3.0603 - Information Disclosure
Exploit Title: GreenCMS 2.3.0603 - remote obtain sensitive information Date: 2018-06-21 Exploit Author: vrsystem Vendor Homepage: https://github.com/GreenCMS/GreenCMS/ Software Link: https://github.com/GreenCMS/GreenCMS/ Version: GreenCMS 2.3.0603 Tested on: windows 7 CVE : CVE-2018-12604...
phpLDAPadmin 1.2.2 - 'server_id' LDAP Injection (Username)
Exploit Title: phpLDAPadmin 1.2.2 - 'serverid' LDAP Injection Username Google Dork:N/A Date: 21.06.2018 Exploit Author: Berk Dusunur Vendor Homepage: http://phpldapadmin.sourceforge.net Software Link: http://phpldapadmin.sourceforge.net Version: 1.2.2 Tested on: Pardus / Debian Web Server CVE : N...
Dell EMC RecoverPoint < 5.1.2 - Remote Root Command Execution
Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Date: 2018-06-21 Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Exploit Author: Paul Taylor Vendor Advisory: DSA-2018-095 Vendor KB: https://support.emc.com/kb/521234 Github:...
phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)
The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as long as we bypass the 55 to 59 restrictions on the line Lin...
Dell EMC RecoverPoint < 5.1.2 - Local Root Command Execution
Exploit Title: Dell EMC RecoverPoint &2 root@recoverpoint:/ id uid=0root gid=0root groups=0root root@recoverpoint:/...
LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)
Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: users can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203740.html Software Link: http://www.lfdycms.com/home/down/index/id/26.html Version: 3.7.0 CVE : CVE-2018-12602 A...
LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: administrator account can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203899.html Software Link: http://www.lfdycms.com/home/down/index/id/26.html Version: 3.7.0 CVE :...
Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation
Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge applications calls CreateAppContainerToken while running as a privileged account leading to creation of...
Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation
Windows: Windows: Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the virtual registry for desktop bridge applications can allow an application to create arbitrary files as...
Mirasys DVMS Workstation 5.12.6 - Path Traversal
Exploit Title: Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6...
NewMark CMS 2.1 - 'sec_id' SQL Injection
Exploit Title: NewMark CMS 2.1 - SQL Injection secid Google Dork: /catalog/?sectid= Date: 2018-06-20 Exploit Author: Berk Dusunur Vendor Homepage: https://nmark.ru/ Software Link: https://nmark.ru/razrabotka/korporativniy-sayt/ Version: v2.1 Tested on: Pardus CVE : N/A Prof Of Consept sec id...
TP-Link TL-WA850RE - Remote Command Execution
!/usr/bin/env python Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Command Execution Date: 19/06/2018 Exploit Author: yoresongo - Advisability S.A.S Colombia www.advisability.co Vendor Homepage: https://www.tp-link.com/ Firmware Link:...
VideoInsight WebClient 5 - SQL Injection
Title: VideoInsight WebClient 5 - SQL Injection Date: 2018-05-06 Author: vosec Vendor Homepage: https://www.security.us.panasonic.com/ Software Link: https://www.security.us.panasonic.com/video-management-software/web-client/ Version: 5 Tested on: Windows Server 2008 R2 CVE: N/A Description: This...
ntp 4.2.8p11 - Local Buffer Overflow (PoC)
Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow Date: 2018-06-06 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: http://www.ntp.org/ Software Link: http://www.ntp.org/downloads.html Version: 4.2.8p11 and earlier Tested on: 4.2.8p11 CVE : CVE-2018-12327 Stack-based buffer...
Redis 5.0 - Denial of Service
Exploit Title: Redis 5.0 Denial of Service Date: 2018-06-13 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0 Fixed on: 5.0 CVE : CVE-2018-12453 Type confusion in the xgroupCommand function in tstream.c in...
Apache CouchDB < 2.1.0 - Remote Code Execution
Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on: Debian CVE : CVE-2017-12636 References:...
IPConfigure Orchid VMS 2.0.5 - Directory Traversal / Information Disclosure (Metasploit)
require 'msf/core' class MetasploitModule 'IPConfigure Orchid VMS %q Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote, unauthenticated attacker to send crafted GET requests to the application, which results in th...
MaDDash 2.0.2 - Directory Listing
Exploit Title: MaDDash 2.0.2 - Directory Listing Date: 2018-06-18 Vendor: perfSONAR Download Link: https://github.com/esnet/maddash/archive/master.zip Version: 2.0.2 Exploit Author: ManhNho CVE: CVE-2018-12522,CVE-2018-12523,CVE-2018-12524,CVE-2018-12525 Category: Webapps Tested on: Windows 7 ---...
Redatam Web Server < 7 - Directory Traversal
Exploit Title: Redatam Web Server R+SP WebUtilities Exception Error Number 401 Error Message File not found in folder C:\wamp\apps\redatam\redbin\ - blablabla Script directory /wamp/a...
Audiograbber 1.83 - Local Buffer Overflow (SEH)
Exploit Title: Audiograbber 1.83 - Local Buffer Overflow SEH Date: 2018-06-16 Exploit Author: Dennis 'dhn' Herrmann Vendor Homepage: https://www.audiograbber.org/ Version: 1.83 Tested on: Windows 7 SP1 x86 !/usr/bin/env python $Id: exploit.py,v 1.0 2018/06/16 13:25:59 dhn Exp $ Tested with Window...
Microsoft COM for Windows - Privilege Escalation
Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to...
Redis-cli < 5.0 - Buffer Overflow (PoC)
Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Date: 2018-06-13 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow in redis-cli of Redis version 3.2, 4....
Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User)
Exploit Title: Joomla!Component jomres 9.11.2 - Cross site request forgery Date: 2018-06-15 Exploit Author: L0RD Vendor Homepage: https://www.jomres.net/ Software link: https://extensions.joomla.org/extension/jomres/ Software Download:...
RabbitMQ Web Management < 3.7.6 - Cross-Site Request Forgery (Add Admin)
Exploit Title: RabbitMQ Web Management Add RabbitMQ Admin window.onload = rabbit.submit...
Pale Moon Browser < 27.9.3 - Use After Free (PoC)
Exploit Title: Pale Moon Browser function SetVariablefuzzervars, varname, vartype fuzzervarsvartype = varname; function jsfuzzer var var1 = var2.getDistributedNodes; SetVariablevar1, 'NodeList';...
Nikto 2.1.6 - CSV Injection
Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linux 4.14 x64 CVE :...
Dimofinf CMS 3.0.0 - Cross-Site Scripting
Title: Dimofinf CMS 3.0.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-13 Software: Dimofinf CMS Version 3.0.0 CVE: CVE-2018-12094 A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Dimofinf CMS" web-application. The vulnerability is located in t...
Soroush IM Desktop App 0.15 (beta) - Authentication Bypass
Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Date: 2018-06-13 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Tested on: Windows 10 1803 Security Issue: Attackers can unloc...
OEcms 3.1 - Cross-Site Scripting
Title: OEcms 3.1 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-15 Software: OEcms v3.1 CVE: CVE-2018-12095 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application. The vulnerability is locate...
Joomla! Component Ek Rishta 2.10 - SQL Injection
Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Date: 2018-06-14 Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download: https://extensions.joomla.org/extension/ek-rishta/ CVE: CVE-2018-12254...
rtorrent 0.9.6 - Denial of Service
Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connect'1.3.3.7', 6890...
glibc - 'realpath()' Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "glibc 'realpath' Privilege Escalation", 'Description' = %q This module attempts to gain root privileges on Linux systems by abusing a vulnerabili...
RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation
Title: RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Date: 2017-12-11 Author: LiquidWorm Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell Automation RSLinx Classic 3.90.01 Rockwell Automation RSLinx Classic...
DHCP Client - Command Injection 'DynoRoot' (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'DHCP Client Command Injection DynoRoot', 'Description' = %q This module exploits the DynoRoot vulnerability, a flaw in how the NetworkManager...
MACCMS 10 - Cross-Site Request Forgery (Add User)
Exploit Title: MACCMSV10 CSRF vulnerability add admin account Date: 2018-06-11 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html Software Link: http://www.maccms.com/down.html Version: V10 CVE : CVE-2018-12114 I found a CSRF vulnerability in maccmsv10,this...
Redaxo CMS Mediapool Addon < 5.5.1 - Arbitrary File Upload
Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Date: 2018-06-13 Exploit Author: mn@HackerWerkstatt Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and older Tested on: LinuxMint More: Login required PoC In the...
Microsoft Windows 10 - Child Process Restriction Mitigation Bypass
Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by impersonating the anonymous token leading to a security feature bypass...