47885 matches found
CSV Import & Export 1.1.0 - SQL Injection / Cross-Site Scripting
Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/csv-import-export/21105509 Version: 1.1.0 Category: Webapps Tested on: Kali Linux...
Siemens SIMATIC S7-300 CPU - Remote Denial of Service
Exploit Title: Siemens SIMATIC S7-300 CPU - Remote Denial Of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-30 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-300 CPU family: all versions. Tested on: Kali Linux CVE: CVE-2015-2177...
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform"...
Yosoro 1.0.4 - Remote Code Execution
Exploit title: Yosoro 1.0.4 - Remote Code Execution Date: 2018-05-29 Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version: 1.0.4 Tested on: MacOS 10.13.4 CVE:...
SearchBlox 8.6.6 - Cross-Site Request Forgery
Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested on: Windows CVE: CVE-2018-11538 1. DETAILS Using...
Dolibarr ERP/CRM 7.0.0 - (Authenticated) SQL Injection
CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The application does not handle user input properly and allows...
Procps-ng - Multiple Vulnerabilities
Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged process hiding 3. Local Privilege...
Facebook Clone Script 1.0.5 - 'search' SQL Injection
Exploit Title: Facebook Clone Script 1.0.5 - 'search' SQL Injection Date: 2018-05-29 Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 POC : SQLi : Parameter : search Type : Union based Payload : 1' UNION SELECT...
IssueTrak 7.0 - SQL Injection
================ Exploit Title: SQL Injection Vulnerability in Issue Trak = 7.0 Possibly applicable up to version 9.7 Date: 05-28-2018 Vendor Homepage: http://issuetrak.com Version: Confirmed 7.0; = 7.0 extremely likely; up to 9.7 very likely Google Dork: inurl:"IssueTrak" inurl:"asp" Discovered...
GNU Barcode 0.99 - Buffer Overflow
GNU Barcode 0.99 - Buffer Overflow Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Author: Gjoko 'LiquidWorm' Krstic Tested on: Ubuntu 16.04.4 Affected version: 0.99 Summary: GNU Barcode is a...
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
Exploit Title: Facebook Clone Script 1.0.5 - Cross-Site Request Forgery Date: 2018-05-29 Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 Description : Facebook Clone Script 1.0.5 has csrf vulnerability which attacker ca...
NUUO NVRmini2 / NVRsolo - Arbitrary File Upload
Exploit Title: NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability Google Dork: intitle:NUUO Network Video Recorder Login Date: 2018-05-20 Exploit Author: M3@Pandas Vendor Homepage: http://www.nuuo.com Software Link: N/A Version: all Tested on: PHP Linux CVE : CVE-2018-11523...
Sitemakin SLAC 1.0 - 'my_item_search' SQL Injection
Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi LinuXx64 Proof of Concept:...
Pivotal Spring Java Framework < 5.0 - Remote Code Execution
Pivotal Spring Java Framework Vendor Homepage: https://pivotal.io/agile/press-release/pivotal-releases-spring-framework-for-modern-java-application-development CVE: CVE: CVE-2018-1270 Version: = 5.0.x Description: By connecting to spring STOMP, and putting the key for "selector" header, we can...
GNU Barcode 0.99 - Memory Leak
GNU Barcode 0.99 - Memory Leak Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Affected version: 0.99 Tested on: Ubuntu 16.04.4 Author: Gjoko 'LiquidWorm' Krstic Summary: GNU Barcode is a tool ...
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting Date: 5/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 Version: 1.0.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-11532 1...
Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)
log"--- trying kernel exploit --"; function mallocsz var backing = new Uint8Array0x10000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new Uint8Array0x10000+sz4; window.nogc.pushbacking; var ptr =...
Linux/x86 - Bind (5555/TCP) Shell Shellcode (98 bytes)
Linux/x86 - Bind 5555/TCP Shell Shellcode 98 bytes. Shellcode exploit for Linuxx86 platform include include / ; Bind TCP Shellcode ; Copyright 2018, Luca Di Domenico ; ; This program is free software: you can redistribute it and/or modify ; it under the terms of the GNU General Public License as...
ALFTP 5.31 - Local Buffer Overflow (SEH Bypass)
Exploit Title: ALFTP 5.31 - Local Buffer Overflow SEH Bypass Exploit Author: Gokul Babu Vendor Homepage: http://www.altools.com/downloads/alftp.aspx Vulnerable Software: http://advert.estsoft.com/?event=201001127730323 Tested on: Windows XP Professional SP3 -Version-2002 Steps to reproduce-1: eip...
Sony Playstation 4 (PS4) 5.07 - 'Jailbreak' WebKit / 'bpf v2' Kernel Loader
PS4 5.05 Kernel Exploit --- Summary In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking and kernel-level modifications to the system. This exploit also contai...
Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery
Exploit Title: Joomla! extension jCart for OpenCart 2.3.0.2 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/jcart-for-opencart/ Vendor Homepage:...
Joomla! Component Full Social 1.1.0 - 'search_query' SQL Injection
Exploit Title: Joomla! extension Full Social 1.1.0 - 'searchquery' SQL Injection Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extension/full-social/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version: 1.1.0 Tested on...
wityCMS 0.6.1 - Cross-Site Scripting
Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1 Version: 0.6.1 Tested on:...
DomainMod 4.09.03 - 'sslpaid' Cross-Site Scripting
Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter Date: 2018-05-28 Exploit Author: longer([email protected]) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod https://github.com/domainmod/domainmod...
Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery
Exploit Title: Joomla! extension JoomOCShop 1.0 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/e-commerce-integrations/joomocshop/ Vendor Homepage:...
WordPress Plugin Events Calendar - SQL Injection
Exploit Title: Wordpress Plugin Events Calendar - SQL Injection Dork: N/A Date: 2018-05-27 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage: https://codecanyon.net/item/wp-events-calendar-plugin/5025660 Version: 1.0 Category: Webapps Tested on: Kali linux Description : An...
DomainMod 4.09.03 - 'oid' Cross-Site Scripting
Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter Date: 2018-05-28 Exploit Author: longer([email protected]) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.0...
CloudMe Sync < 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)
Exploit: CloudMe Sync netstat -nao | find "8888" TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 2640 C:\tasklist | find "2640" CloudMe.exe 2640 Console 1 36,632 K Attacking Machine: root@kali:/Desktop python cloudme.py CloudMe Sync v1.10.9 Buffer Overflow with DEP Bypass + CloudMe Target IP 192.168.12.4...
TP-Link TL-WR840N/TL-WR841N - Authenticaton Bypass
Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Date: 27 May 2018 Website: SecureLayer7.net Contact: [email protected] Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n Hardware: TL-WR841N v13 00000013 Version : Firmwar...
Lyrist - 'id' SQL Injection
Exploit Title: Lyrist - Music Lyrics Script - SQL Injection Date: 2018-05-26 Exploit Author: Meisam Monsef - [email protected] - @meisamrce Vendor Homepage: https://www.codester.com/items/7250/lyrist-music-lyrics-script Version: All Version Exploit :...
Werewolf Online 0.8.8 - Information Disclosure
Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Date: 2018-05-24 Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link: https://apkpure.com/werewolf-online-unreleased/com.werewolfapps.online/download?from=details Exploit Author: ManhNho Version...
Bitmain Antminer D3/L3+/S9 - Remote Command Execution
Exploit Title: Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution Google Dork: N/A Date: 27/05/2018 Exploit Author: Corrado Liotta Vendor Homepage: https://www.bitmain.com/ Software Link: N/A Version: Antminer - D3, L3+, S9, and other Tested on: Windows/Linux CVE :...
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting
Exploit Title: Sharetronix CMS XSRF Vulnerability Version : 3.6.2 Exploit Author: Hesam Bazvand Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip Tested on: Windows 10 / Kali Linux Category: WebApps Dork : Use You Mind :D Email : [email protected] Video :...
Baby Names Search Engine 1.0 - 'a' SQL Injection
Exploit Title: Baby Names Search Engine v1.0 - 'a' SQL Injection Dork: N/A Date: 27.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaGeni Vendor Homepage: https://codecanyon.net/item/baby-names-search-engine/11864316 Version: 2.0 Category: Webapps Tested on: Kali linux Description :...
My Directory 2.0 - SQL Injection / Cross-Site Scripting
Exploit Title: My Directory 2.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 27.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/my-directory/15859886 Version: 2.0 Category: Webapps Tested on: Kali linux Description : The vulnerability allow...
ClipperCMS 1.3.3 - Cross-Site Scripting
Exploit Title: ClipperCMS 1.3.3 Persistent XSS on 'Site name' field Date: 05/27/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://www.clippercms.com/ Software Link: https://github.com/ClipperCMS/ClipperCMS/releases/tag/clipper1.3.3 Version: 1.3.3 Tested on:...
BookingWizz Booking System 5.5 - 'id' SQL Injection
Exploit Title: BookingWizz Booking System 5.5 - 'bs-services-add.php' SQL Injection Dork: N/A Date: 27.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/booking-system/87919 Version: 5.5 Category: Webapps Tested on: Kali linux Description : The service...
Listing Hub CMS 1.0 - SQL Injection
Exploit Title: Listing Hub CMS 1.0 - Multiple SQL Injection Dork: N/A Date: 27.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/listing-hub-cms-directory-listings-theme/21361294 Version: 1.0 Category: Webapps Tested on: Kali linux Description : An...
Ingenious School Management System - 'id' SQL Injection
Exploit Title: Ingenious School Management System - SQL Injection Date: 2018-05-26 Exploit Author: Meisam Monsef - [email protected] - @meisamrce Vendor Homepage: https://www.codester.com/items/4945/ingenious-school-management-system Version: All Version Exploit :...
WordPress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting
Exploit Title: Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 26.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage: https://codecanyon.net/item/wp-booking-calendar/4639530 Version: 3.0.0 Category: Webapps Tested on:...
EasyService Billing 1.0 - 'q' SQL Injection
!-- Exploit Title: EasyService Billing 1.0 SQL Injection on page jobcard-ongoing.php?q= Date: 25-05-2018 Software Link: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Exploit Author: Divya Jain Version: EasyService Billing 1.0 CVE:...
Ajax Full Featured Calendar 2.0 - 'search' SQL Injection
Exploit Title: Ajax Full Featured Calendar 2.0 - 'search' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ajax-full-featured-calendar-2/10158465 Version: 2.0 Category: Webapps Tested on: Kali linux Description : The...
EasyService Billing 1.0 - Cross-Site Scripting
!-- Exploit Title: EasyService Billing 1.0 Cross-Site Scripting in 'q' Parameter Date: 25-05-2018 Software Link: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Exploit Author: Divya Jain Version: EasyService Billing 1.0 CVE: CVE-2018-11443...
mySurvey 1.0 - 'id' SQL Injection
Exploit Title: mySurvey 1.0 - 'statistic.php' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysurvey/6794645 Version: 1.0 Category: Webapps Tested on: Kali linux Description : You can see the notifications on the le...
EasyService Billing 1.0 - Cross-Site Request Forgery
history.pushState'', '', '/' input type="hidden" nam...
Employee Work Schedule 5.9 - 'cal_id' SQL Injection
Exploit Title: EWS 5.9 - 'search' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/employee-work-schedule-multicalendar/10545683 Version: 5.9 Category: Webapps Tested on: Kali linux Description : The vulnerability allo...
easyLetters 1.0 - 'id' SQL Injection
Exploit Title: easyLetters 1.0 - 'id' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easyletters/5281396 Version: 1.0 Category: Webapps Tested on: Kali linux ==================================================== Demo ...
Symfony 2.7.0 < 4.0.10 - Denial of Service
The PDOSessionHandler class allows to store sessions on a PDO connection. Under some configurations see below and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources. An application is vulnerable when: - It is using...
KomSeo Cart 1.3 - 'my_item_search' SQL Injection
Exploit Title: KomSeo Cart 1.3 - 'edit.php' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: SITEMAKIN Vendor Homepage: https://sitemakin.com Version: 1.3 Category: Webapps Tested on: Kali linux Description : The vulnerability allows an attacker to inject...
Skia and Firefox - Integer Overflow in SkTDArray Leading to Out-of-Bounds Write
!-- Skia bug report: https://bugs.chromium.org/p/skia/issues/detail?id=7674 Mozilla bug report: https://bugzilla.mozilla.org/showbug.cgi?id=1441941 In Skia, SkTDArray stores length fCount and capacity fReserve as 32-bit ints and does not perform any integer overflow checks. There are a couple of...