gif2apng 1.9 - '.gif' Stack Buffer Overflow

Exploit Title: gif2apng 1.9 '.gif' Stack-Buffer Overflow Date: 20 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: http://gif2apng.sourceforge.net/ Version: 1.9 Tested on: Ubuntu 16.04 CVE : gif2apng is vulnerable to a stack based buffer overflow when a malformed gif is supplied. Following i...

Monstra CMS 3.0.4 - Arbitrary Folder Deletion

Exploit Title: Monstra CMS 3.0.4 allows remote attackers to delete folder via an get request Date: 2018-03-26 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: macos 10.12.6, php 5....

Adobe Flash - Out-of-Bounds Write in blur Filtering

The attached swf file causes and out-of-bounds write in blur filtering. This PoC crashes reliably in Firefox for Linux. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44529.zip...

Microsoft Internet Explorer 11.371.16299.0 (Windows 10) - Denial Of Service

''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-Win-10-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ======= www.microsoft.com Product: ======== Internet Explorer Windows 10...

Linux/x86 - chmod 4755 /bin/dash Shellcode (33 bytes)

Linux/x86 - chmod 4755 /bin/dash Shellcode 33 bytes. Shellcode exploit for Linuxx86 platform / Title: chmod 4755 /bin/dash Author: absolomb Website: https://www.sploitspren.com SLAE-ID: 1208 Purpose: setuid bit on /bin/dash Tested On: Ubuntu 14.04 Arch: x86 Size: 33 bytes global start section .te...

Linux/x86 - execve(/bin/sh) + ROT-13 + RShift-2 + XOR Encoded Shellcode (44 bytes)

Linux/x86 - execve/bin/sh + ROT-13 + RShift-2 + XOR Encoded Shellcode 44 bytes. Shellcode exploit for Linuxx86 platform / ; Title : Execve /bin/sh Shellcode encoded with ROT-13 + RShift-2 + XOR ; Date : April, 2018 ; Author : Nuno Freitas ; Blog Post :...

Allok Video to DVD Burner 2.6.1217 - Buffer Overflow (SEH)

Exploit Title: Buffer OverflowSEH on Allok Video to DVD Burner2.6.1217 Date: 23.04.2018 Exploit Author:T3jv1l Vendor Homepage:http://www.alloksoft.com/ Software: www.alloksoft.com/allokdvdburner.exe Category:Local Contact:https://twitter.com/T3jv1l Version: Allok Video to DVD Burner 2.6.1217 Test...

WUZHI CMS 4.1.0 - Cross-Site Request Forgery

Exploit Title: WUZHI CMS 4.1.0 - Cross-Site Request Forgery Date: 2018-04-23 Exploit Author: jiguang [email protected] Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE: CVE-2018-10312 An issue was discovered in WUZHI CMS 4.1....

Adobe Flash - Overflow in Slab Rendering

The attached fuzzed swf file causes heap or stack corruption depending on platform when rendering a slab. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept:...

lastore-daemon D-Bus - Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'lastore-daemon D-Bus Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Deepin Linux systems by using...

Linux/x86 - Bind (1337/TCP) Shell (/bin/sh) + Null-Free Shellcode (92 bytes)

Linux/x86 - Bind 1337/TCP Shell /bin/sh + Null-Free Shellcode 92 bytes. Shellcode exploit for Linuxx86 platform / Linux x86 Bind TCP shellcode This shellcode will listen on port 1337 and give you /bin/sh Shellcode Author: Anurag Srivastava Shellcode Length: 92 Student-ID: SLAE-1219 Note...

ASUS infosvr - Authentication Bypass Command Execution (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ASUS infosvr Auth Bypass Command Execution', 'Description' = %q This module exploits an authentication bypass vulnerability in the infosvr service...

Interspire Email Marketer < 6.1.6 - Remote Admin Authentication Bypass

''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer Software Link: Can't legally provide link but can be found on net...

Microsoft Windows - Local Privilege Escalation

include "stdafx.h" define PML4BASE 0xFFFFF6FB7DBED000 define PDPBASE 0xFFFFF6FB7DA00000 define PDBASE 0xFFFFF6FB40000000 define PTBASE 0xFFFFF68000000000 typedef LARGEINTEGER PHYSICALADDRESS, PPHYSICALADDRESS; pragma packpush,4 typedef struct CMPARTIALRESOURCEDESCRIPTOR UCHAR Type; UCHAR...

Chrome V8 JIT - 'NodeProperties::InferReceiverMaps' Type Confusion

/ https://cs.chromium.org/chromium/src/v8/src/compiler/node-properties.cc?rcl=df84e87191022bf6914f9570069908f10b303245&l=416 Here's a snippet of NodeProperties::InferReceiverMaps. case IrOpcode::kJSCreate: if IsSamereceiver, effect HeapObjectMatcher mtargetGetValueInputeffect, 0; HeapObjectMatche...

Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow (DEP Bypass)

!/usr/bin/env python --------------------------------------------------------------------------------------------------- Exploit Title : Easy File Sharing Web Server 7.2 - 'UserID' Remote Buffer Overflow DEP Bypass Date : 04/24/2018 Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author...

Linux/x86 - Edit /etc/sudoers (ALL ALL=(ALL) NOPASSWD: ALL) For Full Access + Null-Free Shellcode (79 bytes)

Linux/x86 - Edit /etc/sudoers ALL ALL=ALL NOPASSWD: ALL For Full Access + Null-Free Shellcode 79 bytes. Shellcode exploit for Linuxx86 platform / Title: Edit /etc/sudoers with NOPASSWD for ALL Date: 2018-04-19 Author: absolomb Website: https://www.sploitspren.com SLAE-ID: 1208 Purpose: edit...

Adobe Flash - Overflow when Playing Sound

The attached fuzzed swf file causes heap overflow when playing a sound. This PoC crashes a little bit unreliably, it is the most reliable in the standalone Flash player and Microsoft Edge. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44526.zip...

Ericsson-LG iPECS NMS A.1Ac - Cleartext Credential Disclosure

-- coding: utf-8 -- Exploit Title: Ericsson-LG iPECS NMS - Cleartext Cred. Dump Vendor Notification: 03-03-2018 - No response Initial CVE: 04-04-2018 Disclosure: 21-04-2018 Exploit Author: Berk Cem Göksel Contact: twitter.com/berkcgoksel || bgoksel.com Vendor Homepage: http://www.ipecs.com/...

Adobe Flash - Info Leak in Image Inflation

The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png. Proof of Concept:...

Open-AudIT 2.1 - CSV Macro Injection

Hi Guys, Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Google Dork: N/A Date: 21-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link: https://www.open-audit.org/downloads.php Affected Version: 2.1...

VLC Media Player/Kodi/PopcornTime 'Red Chimera' < 2.2.5 - Memory Corruption (PoC)

""" VLC Media Player/Kodi/PopcornTime 'Red Chimera' 2.2.5 Memory Corruption PoC Author: SivertPL [email protected] CVE: CVE-2017-8311 Infamous VLC/Kodi/PopcornTime subtitle attack in libsubtitleplugin.dll. This is the Proof of Concept of the reverse engineered heap corruption vulnerability...

Linux/x86 - Reverse (127.1.1.1:5555/TCP) Shell Shellcode (73 Bytes)

Linux/x86 - Reverse 127.1.1.1:5555/TCP Shell Shellcode 73 Bytes. Shellcode exploit for Linuxx86 platform / Linux x86 Reverse TCP shellcode 127.1.1.1/5555 Shellcode Author: Anurag Srivastava Shellcode Length: 73 Student-ID: SLAE-1219 Note...

WSO2 Carbon / WSO2 Dashboard Server 5.3.0 - Persistent Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Stored XSS Vulnerabilities product: WSO2 Carbon, WSO2 Dashboard Server vulnerable version: WSO2 Identity Server 5.3.0 fixed version: WSO2 Identity Server 5.5.0 C...

UK Cookie Consent - Persistent Cross-Site Scripting

Exploit Title: UK Cookie Consent v2.3.9 - Persistent Cross-Site Scripting Date: 2018-04-22 Exploit Author: B0UG Vendor Homepage: https://catapultthemes.com/ Software Link: https://en-gb.wordpress.org/plugins/uk-cookie-consent/description Version: Tested on version 2.3.9 older versions may also be...

phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery

Exploit Title: phpMyAdmin 4.8.0 Drop database 3. Solution: Upgrade to phpMyAdmin 4.8.0-1 or newer. 4. Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188...

PRTG Network Monitor < 18.1.39.1648 - Stack Overflow (Denial of Service)

Exploit Title: PRTG 18.1.39.1648 - Stack Overflow Date: 2018-04-21 Exploit Author: Lucas "luriel" Carmo Vendor Homepage: https://www.paessler.com/prtg Software Link: https://www.paessler.com/download/prtg-download Version: 18.1.39.1648 CVE : CVE-2018-10253 Post Reference:...

Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure

Title: Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID: CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzhao Vendor Notified: 2018-04-02 Vendor Contact:...

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

!/usr/bin/env python ''' @author: r4wd3r @license: MIT License @contact: [email protected] ''' import argparse import re import sys import requests parser = argparse.ArgumentParser description='Exploits the Apache CouchDB JSON Remote Privilege Escalation Vulnerability' + ' CVE-2017-12635'...

VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)

char initialdnd = "tools.capability.dndversion 4"; static const int cbObj = 0x100; char seconddnd = "tools.capability.dndversion 2"; char chgver = "vmx.capability.dndversion"; char calltransport = "dnd.transport "; char readstring = "ToolsAutoInstallGetParams"; typedef struct DnDCPMsgHdrV4 char...

Monstra cms 3.0.4 - Persitent Cross-Site Scripting

Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Date: 2018-04-14 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: php 5.6, apache2.2.29, macos 10.12.6 CVE...

Free Download Manager 2.0 Built 417 - Local Buffer Overflow (SEH)

Exploit Title: Free Download Manager 2.0 Built 417 - Local Buffer Overflow SEH Date: 2018-04-23 Exploit Author: Marwan Shamel Software Link: https://filehippo.com/downloadfreedownloadmanager/925/ Version: v2.0 Built 417 Tested on: Windows 7 Enterprise SP1 32 bit Special thanks to my wife Steps :...

Ncomputing vSpace Pro 10/11 - Directory Traversal

Exploit Title: Ncomputing vSpace Pro v10 and v11 - Directory Traversal Vulnerability Date: 2018-04-20 Software Vendor: NComputing Software Link: Author: Javier Bernardo Contact: [email protected] Website: http://www.kwell.net CVE: CVE-2018-10201 Category: Webapps Description It is possible to read...

Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution

-- coding: utf-8 -- Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 Deserialization Remote Command Execution Vulnerability CVE-2018-2628 IMPORTANT: Is provided only for educational or information purposes. Credit: Thanks by Liao Xinxi of NSFOCUS Security Team Reference:...

Cobub Razor 0.8.0 - Physical Path Leakage

Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Date: 2018-04-19 Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL: http://localhost/export.php HTTP Method: GET URL:...

Kodi 17.6 - Persistent Cross-Site Scripting

============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831 ============================================= I. VULNERABILITY...

Match Clone Script 1.0.4 - Cross-Site Scripting

Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Date: 23.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho Version: 1.0.4 Tested on: Window 10 / Kali Linux CV...

MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting

Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities Date: 14-13-2018 Software Link: https://sourceforge.net/projects/mysar/ Exploit Author: Keerati T. Version: 2.1.4 Tested on: Linux 1. Description SQL injection and Cross site script vulnerabilities are found on ALL parameter ...

RSVG 2.40.13 / 2.42.2 - '.svg' Buffer Overflow

Exploit Title: Buffer-overflow in RSVG while converting a malformed svg Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin Software Link: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin Version: Ubuntu: 2.40.13 Defaul...

Easy File Sharing Web Server 7.2 - Stack Buffer Overflow

Exploit Title: Easy File Sharing Web Server 7.2 stack buffer overflow Date: 03/24/2018 Exploit Author: rebeyond - http://www.rebeyond.net Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe Version: 7.2 CVE: CVE-2018-9059 Tested on: Windows XP...

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link: https://wordpress.org/plugins/caldera-forms/ Vulnerable App:...

Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery

Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities Google Dork: N/A Date: 17-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com Software Link:...

Rvsitebuilder CMS - Database Backup Download

Exploit Title: Rvsitebuilder CMS Database Backup Download Exploit Author: Hesam Bazvand Contact: [email protected] Software Link: http://www.rvsitebuilder.com Version: All Version Tested on: Windows 7 / Kali Linux Category: WebApps Dork : inurl:rvsindex.php & /rvsindex.php?/user/login Explo...

VX Search 10.6.18 - 'directory' Local Buffer Overflow

!/usr/bin/python Title: VX Search 10.6.18 Local Buffer Overflow Author: Kevin McGuigan Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: http://www.vxsearch.com Version: 10.6.18 Date: 18/04/2018 Tested on: Windows 7 32-bit Vendor did not respond to advisory. Copy the...

PDFunite 0.41.0 - '.pdf' Local Buffer Overflow

Exploit Title: PDFunite Malformed pdf buffer overflow Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/artful/+package/poppler-utils Software Link: https://launchpad.net/ubuntu/+source/poppler/0.57.0-2ubuntu4.2 Version: 0.41.0 Tested on: Ubuntu CVE :...

Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities

Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage: http://www.itwatchdogs.com/ Version: 3.2.2 Software Link:...

Lutron Quantum 2.0 - 3.2.243 - Information Disclosure

''' Exploit Title: Login bypass and data leak - Lutron Quantum 2.0 - 3.2.243 firmware Date: 20-03-2018 Exploit Author: David Castro Contact: https://twitter.com/SadFud75 Vendor Homepage: http://www.lutron.com Software Link:...

Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service

Exploit Title:Brave Browser...

Reaper 5.78 - Local Buffer Overflow

Exploit Title: Reaper 5.78 - Local Buffer Overflow Exploit Author: bzyo CVE: CVE-2018-9131 Date: 2018-03-30 Vulnerable Software: Reaper 5.78 Vendor Homepage: https://www.reaper.fm/ Version: 5.78 Software Link: https://www.reaper.fm/download.php Tested On: Windows 7 x86 lots of bad chars, use...

D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting

Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting XSS Date: 14.04.2018 Exploit Author: Sayan Chatterjee Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=678 Category: Hardware Wi-fi Router Hardware Version: T1 Firmware...