47885 matches found
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting
Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: The plugin allows moderators to save notes and display them...
Microsoft Edge Chakra - Cross Context Use-After-Free
f.onload = null; // Garbage collection for let i = 0; i 10; i++ new ArrayBuffer1024 1024 40; let obj = opt; // "opt" returns the freed string constant. ; // Closing the diffrent context f.src = 'about:blank'; But in fact, if you run the code, you will see an exception...
D-Link DSL-2750B - OS Command Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link DSL-2750B OS Command Injection', 'Description' = %q This module exploits a remote command injection vulnerability in D-Link DSL-2750B...
Oracle WebCenter Sites 11.1.1.8.0/12.2.1.x - Cross-Site Scripting
Exploit Title: Multiple XSS Oracle WebCenter Sites FatWire Content Server 7.x 11gR1 Dork: inurl:Satellite?c Date: 18.12.201 Exploit Author: Richard Alviarez Vendor Homepage: http://oracle.com Version: 7.x 11gR1 CVE: CVE-2018-2791 Category: Webapps Tested on: Kali linux...
SAP Internet Transaction Server 6200.x - Session Fixation / Cross-Site Scripting
Exploit Title: SAP Internet Transaction Server ITS 6200.X.X - Session Fixation/ Cross-Site Scripting Dork: /scripts/wgate/ Date: 25.05.2018 Exploit Author: J. Carrillo Lencina 0xd0m7 Vendor Homepage: https://www.sap.com Version: SAP ITS 6200.X.X Category: Webapps Tested on: All Platforms CVE:...
Oracle WebCenter FatWire Content Server < 7 - Improper Access Control
Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 = CVE: CVE-2017-10033 Category: Webapps Tested on: Kali linux...
Timber 1.1 - Cross-Site Request Forgery
Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717 Version: 1.1 Tested on: Kali linux...
OpenDaylight - SQL Injection
OpenDaylight - SQL Injection. CVE-2018-1132. Webapps exploit for Java platform Exploit Title: OpenDaylight SQL Injection Date: 2018-05-24 Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.opendaylight.org CVE: CVE-2018-1132 intro: OpenDaylight ODL is a modular open...
GNU glibc < 2.27 - Local Buffer Overflow
GNU glibc Vendor Homepage: http://www.gnu.org/ CVE: CVE-2018-11237 POC: $ cat mempcpy.c define GNUSOURCE 1 include include define N 97699 char aN; char bN+128; int main void memset a, 'x', N; char c = mempcpy b, a, N; assert c == 0; $ gcc -g mempcpy.c -o mempcpy -fno-builtin-mempcpy $ ./mempcpy...
PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting
Exploit Title: PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaSoft Pro Vendor Homepage: https://codecanyon.net/item/paulnews-newspaper-and-magazine-script/19260686 Version: v1.0 Category: Webapps Test...
EU MRV Regulatory Complete Solution 1 - Authentication Bypass
Exploit Title: EU MRV Regulatory Complete Solution 1 - Authentication Bypass Date: 2018-05-24 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/eu-mrv-regulatory-complete-solution/21680923?srank=11 Version: v1 REQUIRED Tested on: Windows...
Honeywell XL Web Controller - Cross-Site Scripting
Exploit Title: Honeywell XL Web Controller - Cross-Site Scripting Date: 2018-05-24 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : XL1000C50 EXCEL WEB 52 I/O, XL1000C100 EXCEL WEB 104 I/O, XL1000C500 EXCEL WEB 300 I/O, XL1000C1000 EXCEL WEB 600 I/O,...
Linux/x86 - Reverse (10.10.2.4:4444/TCP) Shell Shellcode (68 bytes)
Linux/x86 - Reverse 10.10.2.4:4444/TCP Shell Shellcode 68 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Linux/x86 - Reverse TCP Shell Shellcode 68 bytes ; Date : May, 2018 ; Author : Nuno Freitas ; Blog Post : https://bufferoverflowed.wordpress.com ; Twitter : @nunof11 ; SLAE ID :...
ASP.NET jVideo Kit - 'query' SQL Injection
Exploit Title: ASP.NET jVideo Kit - 'query' SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaSoft Pro Vendor Homepage: https://www.mediasoftpro.com/video-sharing-script/mvc/ Version: v1.0 Category: Webapps Tested on: Kali linux Description : The...
Linux/x86 - Reverse (10.0.7.17:4444/TCP) Shell (/bin/sh) Shellcode (101 Bytes)
Linux/x86 - Reverse 10.0.7.17:4444/TCP Shell /bin/sh Shellcode 101 Bytes. Shellcode exploit for Linuxx86 platform / Name : Jonathan "Chops" Crosby Email : [email protected] Twitter : @securitychops Website : https://securitychops.com Blog Post :...
SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change
Exploit Title: SKT LTE Wi-Fi SDT-CW3B1 - Unauthorized Admin Credential Change Shodan Dork: SDT-CW3B1 Date: 2018-05-23 Exploit Author: Safak Aslan Vendor Homepage: http://telesquare.co.kr/ Version: SKT CW3B1 sw version 1.2.0 Tested on: Windows CVE: - Class: Unauthorized Admin Credential Change...
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting
Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 -...
WordPress Plugin Peugeot Music - Arbitrary File Upload
Exploit Title: Wordpress Plugin Peugeot Music - Arbitrary File Upload Google Dork: inurl:/wp-content/plugins/peugeot-music-plugin/ Date: 2018-05-23 Exploit Author: Mr.7z Vendor Homepage: - Software Link: - Version: 1.0 Tested on: Windows 10 64bit Home Edition Exploit:...
Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection
Exploit Title: Wecodex Hotel CMS 1.0 - 'Admin Login' SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/hotel-management-system-in-php-and-mysql/7 Version: 1.0 Category: Webapps Tested on...
SAT CFDI 3.3 - SQL Injection
Exploit Title: SAT CFDI 3.3 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com/item/view/verification-and-validation-system-sat-cfdi-33/8 Version: 3.3 Category: Webapps Tested on: Kali linux Description : PHP Dashboards is...
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection
Exploit Title: MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 - seventh update Category...
EasyService Billing 1.0 - SQL Injection / Cross-Site Scripting
Exploit Title: EasyService Billing 1.0 - 'template.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Version: 1.0...
MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting
Exploit Title: MySQL Smart Reports 1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-smart-reports-online-report-generator-with-existing-data/16836503 Version: 1.0 Category: Webapps...
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing
OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning information in WbXML. A malformed OMACP WAP push message can cause memory...
School Management System CMS 1.0 - 'username' SQL Injection
Exploit Title: School Management System CMS 1.0 - Admin Login SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/school-management-system-in-php-and-mysql/5 Version: 1.0 Category: Webapps...
Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection
Exploit Title: Wecodex Restaurant CMS 1.0 - 'Login' SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/restaurant-system-in-php-and-mysql/6 Version: 1.0 Category: Webapps Tested on: Kali...
FTPShell Server 6.80 - Denial of Service
Exploit Title: FTPShell Server 6.80 - Local Denial of Service Exploit Author: Hashim Jawad Date: 2018-05-23 Vendor Homepage: http://www.ftpshell.com/ Vulnerable Software: http://www.ftpshell.com/downloadserver.htm Tested on: Windows 7 Enterprise - SP1 x86 Steps to reproduce: under FTP user accoun...
Gigs 2.0 - 'username' SQL Injection
Exploit Title: Gigs v2.0 - Login Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/gigs-services-marketplace/20716059 Version: v2.0 Category: Webapps Tested on: Kali linux Description : PHP Dashboards is prone to a...
PHP Dashboards 4.5 - SQL Injection
Exploit Title: PHP Dashboards 4.5 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104 Version: v4.5 Category: Webapps Tested on: Kali linux Description: PHP...
FTPShell Server 6.80 - Buffer Overflow (SEH)
!/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : FTPShell Server v6.80 - Local Buffer Overflow SafeSEH Bypass Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : http://www.ftpshell.com/...
Linux/x86 - Bind (4444/TCP) Shell (/bin/sh) + IPv6 Shellcode (113 bytes)
Linux/x86 - Bind 4444/TCP Shell /bin/sh + IPv6 Shellcode 113 bytes. Shellcode exploit for Linuxx86 platform // Title: Linux/x86 - IPv6 TCP bind tcp shell on 4444 port // Length : 113 bytes // Author : Matteo Malvica // Tested On : kali linux 4.15 // Contact : [email protected] // Description: it...
Honeywell Scada System - Information Disclosure
Exploit Title: Honeywell Scada System - Information Disclosure Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.honeywell.com Version: WebVersion : 3.2.1.294365 - DeviceType : IPC-HFW2320R-ZS Tested on: Linux To be written after the destination IP address...
Shipping System CMS 1.0 - SQL Injection
Exploit Title: Shipping System CMS 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/shipping-system-by-parcel-in-php-and-mysql/4 Version: 1.0 Category: Webapps Tested on: Kali lin...
Siemens SCALANCE S613 - Remote Denial of Service
Exploit Title: Siemens SCALANCE S613 - Remote Denial of Service Date: 2018-05-23 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SCALANCE S613 MLFB: 6GK5613-0BA00-2AA3: All versions. Tested on: Kali Linux CVE: CVE-2016-3963 !/usr/bin/python import socket import sys i...
Mobile Card Selling Platform 1 - Cross-Site Request Forgery
Exploit Title: Mcard - Mobile Card Selling Platform 1 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kali linux POC : CSRF POC document.forms0.submit;...
Online Store System CMS 1.0 - SQL Injection
Exploit Title: Online Store System CMS 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-in-php-and-mysql/3 Version: 1.0 Category: Webapps Tested on: Kali linux...
NewsBee CMS 1.4 - Cross-Site Request Forgery
NewsBee CMS 1.4 - Cross-Site Request Forgery. Webapps exploit for PHP platform Title: NewsBee CMS 1.4 - Cross-Site Request Forgery Author: indoushka Tested on: windows 10 Français V.Pro Vendor: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Dork: N...
eWallet Online Payment Gateway 2 - Cross-Site Request Forgery
Exploit Title: eWallet - Online Payment Gateway 2 - Cross-Site Request Forgery Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/ewallet-online-payment-gateway/19316332?srank=1110 Version: 2 Tested on: Kali linux POC : eWallet - Online Payment Gateway 2 suffers fr...
EasyService Billing 1.0 - 'p1' SQL Injection
Exploit Title: EasyService Billing 1.0 - 'customer-new-s.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Version:...
Library CMS 1.0 - SQL Injection
Exploit Title: Library CMS 1.0 - SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/library-management-system-in-php-and-mysql/1 Version: 1.0 Category: Webapps Tested on: Kali linux...
PHP Dashboards 4.5 - 'email' SQL Injection
Exploit Title: PHP Dashboards v4.5 - Registration Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/php-dashboards-v40-collaborative-social-dashboards/19314871 Version: v4.5 Category: Webapps Tested on: Kali linux...
Mcard Mobile Card Selling Platform 1 - SQL Injection
Exploit Title: Exploit Title: Mcard Mobile Card Selling Platform 1 - SQL Injection Date: 2018-05-23 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/mcard-mobile-card-selling-platform/19307193?srank=15 Version: 1 Tested on: Kali linux POC 1 : Attacker can bypass admin panel...
Wecodex Store Paypal 1.0 - SQL Injection
Exploit Title: Wecodex Store Paypal 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-with-paypal-sdk-in-php/9 Version: 1.0 Category: Webapps Tested on: Kali linux Description : PHP...
GPSTracker 1.0 - 'id' SQL Injection
Exploit Title: GPSTracker v1.0 - Login Page SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.wecodex.com https://codecanyon.net/item/gpstracker-gps-trackgin-system/21873663 Version: 1.0 Category: Webapps Tested on: Kali linux...
MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting
Exploit Title: MySQL Blob Uploader 1.7 - 'download.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 - seventh...
MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting
Exploit Title: MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysql-file-and-image-uploader-and-sharing-blob-file-server/17748300 Version: 1.7 -...
Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting
Exploit Title: Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easy-file-uploader-php-multiple-uploader-with-file-manager/17222287 Version: 1.4 / fourth update Category:...
AMD / ARM / Intel - Speculative Execution Variant 4 Speculative Store Bypass
/ ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in section 2.4.4.5 "Memory Disambiguation": A load instruction micro-op may depe...
NewsBee CMS 1.4 - 'download.php' SQL Injection
Exploit Title: NewsBee CMS 1.4 - 'download.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version: 1.4 / fourth update Category: Webapps Tested...
Auto Car 1.2 - 'car_title' SQL Injection / Cross-Site Scripting
Exploit Title: Auto car 1.2 - 'cartitle' SQL Injection / Cross-Site Scripting Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/auto-car-car-listing-script/19221368?srank=1159 Version: 1.2 Tested on: Win 10 POC 1: SQLi: Parameter: cartitle Type:...