47904 matches found
Private Message PHP Script 2.0 - Cross-Site Scripting
Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested on: Windows Description : Private Message PHP Script...
Microsoft Internet Explorer 11 (Windows 7 x86/x64) - vbscript Code Execution
Dim lIIl Dim IIIlI6,IllII6 Dim IllI Dim IIllI40 Dim lIlIIl,lIIIll Dim IlII Dim llll,IIIIl Dim llllIl,IlIIII Dim NtContinueAddr,VirtualProtectAddr IlII=195948557 lIlIIl=Unescape"%u0001%u0880%u0001%u0000%u0000%u0000%u0000%u0000%uffff%u7fff%u0000%u0000"...
Zenar Content Management System - Cross-Site Scripting
Exploit Title: Zenar Content Management System - Cross-Site Scripting Software Link: https://zenar.io/ Dork: N/A Author: Berk Dusunur Tested Website: http://demo.zenar.io Date: 2018-05-20 Category: Web App PoC GET Request: POST /zenario/ajax.php?methodcall=refreshPlugin&inIframe=true HTTP/1.1 Hos...
Superfood 1.0 - Multiple Vulnerabilities
Exploit Title: Superfood - Restaurants & Online Food Order System 1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...
mySCADA myPRO 7 - Hard-Coded Credentials
mySCADA myPRO 7 - Hard-Coded Credentials. CVE-2018-11311. Remote exploit for Multiple platform Exploit Title: mySCADA myPRO 7 - Hardcoded FTP Username and Password Date: 2018-05-19 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: https://www.myscada.org/mypro/ Software Link:...
D-Link DSL-3782 - Authentication Bypass
Exploit Title: D-Link DSL 3782 - Authentication Bypass Vendor Homepage: https://eu.dlink.com Version: A1WI20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT77616E6771696F6E67" Category: Webapps Exploit Author: Giulio Comi CVE : CVE-2018-8898 Date: 20/05/2018 Description The web panel ...
Joomla! Component EkRishta 2.10 - Cross-Site Scripting / SQL Injection
Exploit Title: Joomla! extension EkRishta 2.10 - Persistent Cross-Site Scripting / SQL Injection Dork: N/A Date: 2018-05-18 Exploit Author: Sina Kheirkhah || [email protected] Software Link: https://extensions.joomla.org/extensions/extension/living/dating-a-relationships/ek-rishta/ Vendor...
Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)
!/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Easy MPEG to DVD Burner 1.7.11 SEH + DEP Bypass Local Buffer Overflow Date: 2018-05-19 Author: Juan Prescotto Tested Against: Win7 Pro SP1...
Prime95 29.4b8 - Stack Buffer Overflow (SEH)
Exploit Title: Prime95 Local Buffer Overflow SEH Date: 13-4-2018 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: https://www.mersenne.org/ Software Link: https://www.mersenne.org/download/download Version: 29.4b8 Tested on: Windows 10 Pro x64 SPANISH Windows 7 Ho...
Healwire Online Pharmacy 3.0 - Cross-Site Scripting / Cross-Site Request Forgery
Exploit Title: Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Date: 2018-05-17 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/healwire-online-pharmacy/16423338?srank=1499 Version: 3.0 Tested on: windows POC 1 : Cross site scripting :...
SAP B2B / B2C CRM 2.x < 4.x - Local File Inclusion
Title: SAP B2B / B2C CRM 2.x 4.x - Local File Inclusion Application:SAP B2B OR B2C is CRM Versions Affected: SAP B2B OR B2C is CRM 2.x 3.x and 4.x with Bakend R/3 to icssb2b Vendor URL: http://SAP.com Bugs: SAP LFI in B2B OR B2C CRM Sent: 2018-05-03 Reported: 2018-05-03 Date of Public Advisory:...
Monstra CMS < 3.0.4 - Cross-Site Scripting (2)
Exploit Title: Monstra CMS 3.0.4 - Cross-Site Scripting Date: 2018-05-17 Exploit Author: Berk Dusunur Vendor Homepage: https://monstra.org Software Link: https://monstra.org Version: before 3.0.4 Tested on: Pardus / Win10 AppServer Proof Of Concept Monstra is a modern and lightweight Content...
HPE iMC 7.3 - Remote Code Execution (Metasploit)
Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link: http://h10145.www1.hpe.com/Downloads/SoftwareReleases.aspx?ProductNumber=JG747AAE&lang=en&cc=us&prodSeriesId=4176535 Versio...
Linux 4.8.0 < 4.8.0-46 - AF_PACKET packet_set_ring Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'AFPACKET packetsetring Privilege Escalation', 'Description' = %q This module exploits a heap-out-of-bounds write in the packetsetring function in...
DynoRoot DHCP Client - Command Injection
Exploit Title: DynoRoot DHCP - Client Command Injection Date: 2018-05-18 Exploit Author: Kevin Kirsche Exploit Repository: https://github.com/kkirsche/CVE-2018-1111 Exploit Discoverer: Felix Wilhelm Vendor Homepage: https://www.redhat.com/ Version: RHEL 6.x / 7.x and CentOS 6.x/7.x Tested on:...
Microsoft Edge Chakra JIT - Bound Check Elimination Bug
/ Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instaed of the control flow. This may lead to incorrectly remove the bound checks. In the following code, currentBlock's block number is 4...
Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery
Exploit Title: Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Date: 2018-05-18 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/classifieds-multipurpose-portal-infinity-market/16572285?srank=1520 Version: 1.6.2 Tested on: Kali linux Description : CSRF...
Cisco SA520W Security Appliance - Path Traversal
Title: Cisco SA520W Security Appliance - Path Traversal Author: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: https://www.cisco.com/ About Product: =============== Cisco SA 500 Series Security Appliances are designed for businesses with few...
SAP NetWeaver Web Dynpro 6.4 < 7.5 - Information Disclosure
Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure Versions Affected: SAP NetWeaver 6.4 - 7.5 Vendor URL: http://SAP.com Bugs: Information disclosure Enumerate users Sent: 2016-12-15 Reported: 2016-12-15 Date of Public Advisory: 09.02.2016 Reference: SAP Security Note 23445...
Jenkins CLI - HTTP Java Deserialization (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule Msf::Exploit::Remote Rank = ExcellentRanking STAGE1 =...
Intelbras NCLOUD 300 1.0 - Authentication bypass
coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - [email protected] Vendor Homepage: http://www.intelbras.com.br/ Software Link: http://www.intelbras.com.br/empresarial/wi-fi/para-sua-casa/roteadores/ncloud Version: 1.0 Test...
Nanopool Claymore Dual Miner 7.3 - Remote Code Execution
Exploit Title: Nanopool Claymore Dual Miner = 7.3 Remote Code Execution Date: 2018/02/09 Exploit Author: ReverseBrain Vendor Homepage: https://nanopool.org/ Software Link: https://github.com/nanopool/Claymore-Dual-Miner Version: 7.3 and later Tested on: Windows, Linux CVE : 2018-1000049 Suppose t...
NodAPS 4.0 - SQL injection / Cross-Site Request Forgery
Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery Date: 2018-05-16 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/appointment-management-system-nodaps/16197805?srank=1535 Version: 4.0 Tested on: windows...
Powerlogic/Schneider Electric IONXXXX Series - Cross-Site Request Forgery
Exploit Title: Powerlogic Schneider Electric IONXXXX Series - Cross-Site Request Forgery Date: 2018-05-17 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Version: ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, PM5XXX series. Tested o...
Apache Struts 2 - Struts 1 Plugin Showcase OGNL Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apache Struts 2 Struts 1 Plugin Showcase OGNL Code Execution', 'Description' = %q This module exploits a remote code execution vulnerability in t...
Linux < 4.16.9 / < 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall
/ Commit 3a4d44b61625 "ntp: Move adjtimex related compat syscalls to native counterparts" removed the memset in compatgettimex. Since then, the compat adjtimex syscall can invoke doadjtimex with an uninitialized -tai. If doadjtimex doesn't write to -tai e.g. because the arguments are invalid,...
SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass
Exploit Title: SuperCom Online Shopping Ecommerce Cart 1 - Persistent Cross-Site scripting / Cross site request forgery / Authentication bypass Date: 2018-05-17 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/supercom-online-shopping-ecommerce-cart/17085987?srank=1442 Version: 1...
RSA Authentication Manager 8.2.1.4.0-build1394922 / < 8.3 P1 - XML External Entity Injection / Cross-Site Flashing / DOM Cross-Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XXE & XSS vulnerabilities product: RSA Authentication Manager vulnerable version: 8.2.1.4.0-build1394922, 8.3 P1 fixed version: 8.3 P1 and later CVE number: CVE-2018-1247...
totemomail Encryption Gateway 6.0.0 Build 371 - Cross-Site Request Forgery
Date: 14.05.2018 Introduction: ------------- The totemomail Encryption Gateway protects email communication with any external partner by encryption. It doesn't matter whether you exchange emails with technically savvy communication partners or with those who have neither an appropriate...
WhatsApp 2.18.31 - Memory Corruption
!/usr/bin/env python -- coding: utf-8 -- Exploit Author: Juan Sacco at Exploit Pack - http://www.exploitpack.com This vulnerability has been discovered and exploited using Exploit Pack - Framework Tested on: iPhone 5/6s/X iOS 10 and 11.3 Latest release of iOS at the date of writing this code...
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery
Press submit on a page containing the following HTML snippet: alert1" !-- In a real attack, the form can be made to autosubmit so the victim only has to follow a link. Mitigations ================ Upgrade to version 1.2.9 or later. Disclosure policy ================ dxw believes in respon...
Inteno IOPSYS 2.0 < 4.2.0 - 'p910nd' Remote Command Execution
''' Any authenticated user can modify the configuration for it in a way which allows them to read and append to any file as root. This leads to information disclosure and remote code execution. This vulnerability has been assigned the CVE ID: CVE-2018-10123. This PoC requires Python 3.6 and a...
Microsoft Windows - Token Process Trust SID Access Check Bypass Privilege Escalation
Windows: Token Trust SID Access Check Bypass EOP Platform: Windows 10 1709 also tested current build of RS4 Class: Elevation of Privilege Summary: A token’s trust SID isn’t reset when setting a token after process creation allowing a user process to bypass access checks for trust labels...
Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery
Exploit Title: Horse Market Sell & Rent Portal Script 1.5.7 - Cross-Site Request Forgery Date: 2018-05-15 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/horse-market-sell-rent-portal/14174352?srank=1725 CVE: N/A Version: 1.5.7 Tested on: Kali linux Details: Horse Market Sell &...
VirtueMart 3.1.14 - Persistent Cross-Site Scripting
Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting Date: 2018-02-25 Software Link: http://virtuemart.net/ Exploit Author: Mattia Furlani CVE: CVE-2018-7465 Category: webapps 1. Description An XSS issue was discovered in VirtueMart before 3.2.14. All the textareas in the admin area...
MyBB Admin Notes Plugin 1.1 - Cross-Site Request Forgery
Exploit Title: MyBB Admin Notes Plugin - CSRF Date: 2018-05-14 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1106 Version: 1.1 Tested on: Ubuntu 18.04 1. Description: The plugin allows administrators to save notes...
Rockwell Scada System 27.011 - Cross-Site Scripting
Exploit Title: Rockwell Scada System - Cross-Site Scripting Date: 2018-05-16 Exploit Author: t4rkd3vilz Vendor Homepage: https://rockwellautomation.com/ Software Link: http://compatibility.rockwellautomation.com/Pages/MultiProductDownload.aspx?famID=4 Version: 1769-L16ER-BB1B, Version 27.011 and...
Multiplayer BlackJack Online Casino Game 2.5 - Cross-Site Scripting
Exploit Title: Multiplayer BlackJack - Online Casino Game 2.5 - Persistent Cross-Site scripting Date: 2018-05-16 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/multiplayer-blackjack-online-casino-game/15411706?srank=1628 CVE: N/A Version: 2.5 Description : Multiplayer BlackJack...
Libuser - 'roothelper' Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Libuser roothelper Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Red Hat based Linux systems, includi...
2345 Security Guard 3.7 - '2345NsProtect.sys' Denial of Service
Exploit Title: BSOD by IOCTL 0x8000200D in 2345NsProtect.sys of 2345 Security Guard 3.7 Date: 20180513 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe Version: v3.7 REQUIRED Tested on: Windows X64 CVE : CVE-2018-...
XATABoost 1.0.0 - SQL Injection
Exploit Title: XATABoost CMS Sql Injection Google Dork: inurl:php?id= Powered by XATABOOST Date: 02.01.2018 Exploit Author: MgThuraMoeMyint Vendor Homepage: http://www2.xataboost.com Version: 1.0.0 Tested on: Kali Linux SQL Injection Type: Union Based Example URL:...
Linux/x86 - Reverse (127.0.0.1:4444/TCP) Shell (/bin/sh) Shellcode (96 Bytes)
Linux/x86 - Reverse 127.0.0.1:4444/TCP Shell /bin/sh Shellcode 96 Bytes. Shellcode exploit for Linuxx86 platform / ; Title: Linux/x86 - TCP reverse shell ; Author: Paolo Perego ; Website: https://codiceinsicuro.it ; Blog post: https://codiceinsicuro.it/slae/assignment-2-create-a-reverse-shellcode...
Monstra CMS 3.0.4 - Remote Code Execution
Monstra CMS 3.0.4 - Remote Code Execution. CVE-2018-9037. Webapps exploit for PHP platform Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037 Date: 2018-05-14 Exploit Author: Jameel Nabbo Vendor Homepage: https://github.com/monstra-cms/monstra Software Link:...
Microsoft Windows 2003 SP2 - 'RRAS' SMB Remote Code Execution
!/usr/bin/env python -- coding: utf-8 -- Tested in Windows Server 2003 SP2 ES - Only works when RRAS service is enabled. The exploited vulnerability is an arbitraty pointer deference affecting the dwVarID field of the MIBOPAQUEQUERY structure. dwVarID sent by the client is used as a pointer to an...
WUZHI CMS 4.1.0 - 'tag[pinyin]' Cross-Site Scripting
Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10311 An issue was discovered in WUZHI CMS 4.1.0...
WUZHI CMS 4.1.0 - 'form[qq_10]' Cross-Site Scripting
Exploit Title: WUZHI CMS 4.1.0 XSS Vulnerability Date: 2018-4-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10313 An issue was discovered in WUZHI CMS 4.1.0...
EMC RecoverPoint 4.3 - 'Admin CLI' Command Injection
Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint for VMs 4.3, RecoverPoint 4.4.SP1.P1 CVE: CVE-2018-11...
Open-AudIT Community 2.2.0 - Cross-Site Scripting
Exploit Title: Open-AudIT Community - 2.2.0 – Cross-Site Scripting Exploit Author: Tejesh Kolisetty Vendor Homepage: https://opmantek.com/ Software Link: https://opmantek.com/network-tools-download/ Affected Version: 2.2.0 Category: WebApps Tested on: Win7 Professional CVE : CVE-2018-10314 1...
Open-AudIT Professional - 2.1.1 - Cross-Site Scripting
Exploit Title: Open-AudIT Professional 2.1.1 – Multiple Cross-Site Scripting Exploit Author: Tejesh Kolisetty Vendor Homepage: https://opmantek.com/ Software Link: https://opmantek.com/network-tools-download/ Affected Version: 2.1.1 Category: WebApps Tested on: Win7 Professional CVE : CVE-2018-91...
2345 Security Guard 3.7 - '2345BdPcSafe.sys' Denial of Service
Exploit Title: BSOD by IOCTL 0x002220e0 in 2345BdPcSafe.sys of 2345 Security Guard 3.7 Date: 20180509 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe Version: v3.7 REQUIRED Tested on: Windows X64 CVE : CVE-2018-...