47904 matches found
CyberArk < 10 - Memory Disclosure
Exploit Title: CyberArk 10 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012, Windows 7, Windows 8, Windows 10...
Brother HL Series Printers 1.15 - Cross-Site Scripting
Exploit Title: XSS at Brother HL series printers Date: 30.05.2018 Exploit Author: Huy Kha Vendor Homepage: http://support.brother.com Software Link: Website Version: Brother HL series printers. Tested on: Mozilla FireFox Reflected XSS Payload : "--!" Description : Starting searching for printers...
EMS Master Calendar < 8.0.0.20180520 - Cross-Site Scripting
Exploit Title: EMS Master Calendar alert'XSS'xyz...
Zip-n-Go 4.9 - Buffer Overflow (SEH)
!/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : Zip-n-Go v4.9 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : http://mc1soft.com/index.shtml Vulnerable Software...
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows UAC Protection Bypass Via Slui File Handler Hijack', 'Description' =...
Smartshop 1 - 'id' SQL Injection
Exploit Title: Smartshop 1 - SQL Injection Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website Version: 1 Tested on...
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability add admin Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11671 An issue was discovered in GreenCMS v2.3.0603...
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution
Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11670 An issue was discovered in GreenCMS v2.3.0603...
Smartshop 1 - Cross-Site Request Forgery
Exploit Title: Smartshop 1 - Cross site request forgery Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage: https://www.behance.net/gallery/49080415/Smartshop-Free-e-commerce-website Version...
Git < 2.17.1 - Remote Code Execution
Git Vendor Homepage: https://github.com/git/git CVE: CVE-2018-11235 Version: =2.17.1 Tested on Kali Linux P0C: Create two files: pwned.sh: the file which will contain our commands to be executed commit.sh the fole which contain a normal build with a bit of calls to our pwned.sh file add the...
Epiphany 3.28.2.1 - Denial of Service
Summary: ephy-session.c in libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call, CVE-2018-11396 was assigned to this...
Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion
/ function optw, arr arr0 = 1.1; let res = w.event; arr0 = 2.3023e-320; return res; let arr = 1.1; for let i = 0; i ::EntrySimpleObjectSlotGetter 00007fffd5cf3d50 // w.event 000001a880001235 48ffd0 call rax 000001a880001238 488b8e30bdf0ff mov rcx,qword ptr rsi-0F42D0h 000001a88000123f f2480f10415...
TAC Xenta 511/911 - Directory Traversal
Exploit Title: TAC Xenta 511 and 911 Credentials Disclosure Date: 25.05.2018 Exploit Author: Marek Cybul Vendor Homepage: https://download.schneider-electric.com/files?pFileName=TACXenta911SDS-XENTA911.pdf Version: 5.17 Schneider Electric TAC Xenta 911 and 511 PLCs Directory traversal in help...
Linux/ARM - Egghunter + /bin/sh Shellcode (32 bytes)
Linux/ARM - Egghunter + /bin/sh Shellcode 32 bytes. Shellcode exploit for ARM platform / Linux/ARM Raspberry Pi - Egghunter + /bin/sh Shellcode 32 bytes ------------------------------ // If your shellcode in higer address, use following egghunter. pi@raspberrypi: $ cat egghunter-higher.s .section...
Linux/x86 - Bind (4444/TCP) Shell Shellcode (105 bytes)
Linux/x86 - Bind 4444/TCP Shell Shellcode 105 bytes. Shellcode exploit for Linuxx86 platform / ; Filename: tcpbindshellcodelight.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: binds on TCP port 4444 and spawn a shell on incoming...
Linux/x86 - EggHunter + access() Shellcode (38 bytes)
Linux/x86 - EggHunter + access Shellcode 38 bytes. Shellcode exploit for Linuxx86 platform / ; Filename: egghunter.nasm ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Blog post: https://codiceinsicuro.it/slae/ ; Twitter: @thesp0nge ; SLAE-ID: 1217 ; Purpose: This is the first stage...
Grid Pro Big Data 1.0 - SQL Injection
Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Vendor Homepage: https://codecanyon.net/item/grid-pro-big-data-table-view-data-grid-with-sort-search-and-filter-for-large-mysql-tables/20395348 Version: 1.0 Category: Webapps...
CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting
Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/csv-import-export/21105509 Version: 1.1.0 Category: Webapps Tested on: Kali Linux...
PHP Dashboards NEW 5.5 - 'email' SQL Injection
Exploit Title: PHP Dashboards NEW v5.5 - 'Login' SQL Injection Dork: N/A Date: 31.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104 Version: 5.5 Category: Webapps Tested on: Kali...
New STAR 2.1 - SQL Injection / Cross-Site Scripting
Exploit Title: New STAR 2.1 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/new-star-listen-youtube-music/7486113 Version: 2.1 Category: Webapps Tested on: Kali Linux Descripti...
SearchBlox 8.6.6 - Cross-Site Request Forgery
Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested on: Windows CVE: CVE-2018-11538 1. DETAILS Using...
Procps-ng - Multiple Vulnerabilities
Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege...
Siemens SIMATIC S7-300 CPU - Remote Denial of Service
Exploit Title: Siemens SIMATIC S7-300 CPU - Remote Denial Of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-30 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-300 CPU family: all versions. Tested on: Kali Linux CVE: CVE-2015-2177...
Yosoro 1.0.4 - Remote Code Execution
Exploit title: Yosoro 1.0.4 - Remote Code Execution Date: 2018-05-29 Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version: 1.0.4 Tested on: MacOS 10.13.4 CVE:...
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform"...
Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection
CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The application does not handle user input properly and allows...
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting Date: 5/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 Version: 1.0.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-11532 1...
GNU Barcode 0.99 - Memory Leak
GNU Barcode 0.99 - Memory Leak Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Affected version: 0.99 Tested on: Ubuntu 16.04.4 Author: Gjoko 'LiquidWorm' Krstic Summary: GNU Barcode is a tool ...
NUUO NVRmini2 / NVRsolo - Arbitrary File Upload
Exploit Title: NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability Google Dork: intitle:NUUO Network Video Recorder Login Date: 2018-05-20 Exploit Author: M3@Pandas Vendor Homepage: http://www.nuuo.com Software Link: N/A Version: all Tested on: PHP Linux CVE : CVE-2018-11523...
Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection
Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector" header, we can...
GNU Barcode 0.99 - Buffer Overflow
GNU Barcode 0.99 - Buffer Overflow Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Author: Gjoko 'LiquidWorm' Krstic Tested on: Ubuntu 16.04.4 Affected version: 0.99 Summary: GNU Barcode is a...
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
Exploit Title: Facebook Clone Script 1.0.5 - Cross-Site Request Forgery Date: 2018-05-29 Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 Description : Facebook Clone Script 1.0.5 has csrf vulnerability which attacker ca...
Facebook Clone Script 1.0.5 - 'search' SQL Injection
Exploit Title: Facebook Clone Script 1.0.5 - 'search' SQL Injection Date: 2018-05-29 Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 POC : SQLi : Parameter : search Type : Union based Payload : 1' UNION SELECT...
IssueTrak 7.0 - SQL Injection
================ Exploit Title: SQL Injection Vulnerability in Issue Trak = 7.0 Possibly applicable up to version 9.7 Date: 05-28-2018 Vendor Homepage: http://issuetrak.com Version: Confirmed 7.0; = 7.0 extremely likely; up to 9.7 very likely Google Dork: inurl:"IssueTrak" inurl:"asp" Discovered...
Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)
Linux/x86 - Bind 5555/TCP Shell Shellcode 98 bytes. Shellcode exploit for Linuxx86 platform include include / ; Bind TCP Shellcode ; Copyright 2018, Luca Di Domenico ; ; This program is free software: you can redistribute it and/or modify ; it under the terms of the GNU General Public License as...
Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection
Exploit Title: Joomla! extension Full Social 1.1.0 - 'searchquery' SQL Injection Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extension/full-social/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 1.1.0 Tested on...
Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery
Exploit Title: Joomla! extension JoomOCShop 1.0 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/joomocshop/ Vendor Homepage:...
WordPress Plugin Events Calendar - SQL Injection
Exploit Title: Wordpress Plugin Events Calendar - SQL Injection Dork: N/A Date: 2018-05-27 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage: https://codecanyon.net/item/wp-events-calendar-plugin/5025660 Version: 1.0 Category: Webapps Tested on: Kali linux Description : An...
TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass
Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Date: 27 May 2018 Website: SecureLayer7.net Contact: [email protected] Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n Hardware: TL-WR841N v13 00000013 Version : Firmwar...
DomainMod 4.09.03 - 'sslpaid' Cross-Site Scripting
Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter Date: 2018-05-28 Exploit Author: longer([email protected]) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod https://github.com/domainmod/domainmod...
CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)
Exploit: CloudMe Sync netstat -nao | find "8888" TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 2640 C:\tasklist | find "2640" CloudMe.exe 2640 Console 1 36,632 K Attacking Machine: root@kali:/Desktop python cloudme.py CloudMe Sync v1.10.9 Buffer Overflow with DEP Bypass + CloudMe Target IP 192.168.12.4...
Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)
log"--- trying kernel exploit --"; function mallocsz var backing = new Uint8Array0x10000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new Uint8Array0x10000+sz4; window.nogc.pushbacking; var ptr =...
Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader
PS4 5.05 Kernel Exploit --- Summary In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This exploit also contai...
Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery
Exploit Title: Joomla! extension jCart for OpenCart 2.3.0.2 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/jcart-for-opencart/ Vendor Homepage:...
ALFTP 5.31 - Local Buffer Overflow (SEH Bypass)
Exploit Title: ALFTP 5.31 - Local Buffer Overflow SEH Bypass Exploit Author: Gokul Babu Vendor Homepage: http://www.altools.com/downloads/alftp.aspx Vulnerable Software: http://advert.estsoft.com/?event=201001127730323 Tested on: Windows XP Professional SP3 -Version-2002 Steps to reproduce-1: eip...
DomainMod 4.09.03 - 'oid' Cross-Site Scripting
Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter Date: 2018-05-28 Exploit Author: longer([email protected]) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.0...
wityCMS 0.6.1 - Cross-Site Scripting
Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...
Werewolf Online 0.8.8 - Information Disclosure
Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Date: 2018-05-24 Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link: https://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details Exploit Author: ManhNho Version...
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting
Exploit Title: Sharetronix CMS XSRF Vulnerability Version : 3.6.2 Exploit Author: Hesam Bazvand Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip Tested on: Windows 10 / Kali Linux Category: WebApps Dork : Use You Mind :D Email : [email protected] Video :...