47885 matches found
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
Exploit Title: Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Google Dork: N/A Date: 14-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.jdownloads.com/ Software Link:...
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before...
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Exploit Title:Brave Browser Brave Window Object Remote Denial of Service. Brave Window Object Remote Denial of Service Proof of Concept Click the below link to Trigger the Vulnerability.. Brave Window Object DoS Test POC...
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)
Exploit Title: Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow Date: 2018-04-14 Exploit Author: jollymongrel Vendor Homepage: http://www.vector.co.jp Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.2 Tested on: Windows 7 32-bit CVE : CVE-2013-5019 import sy...
Microsoft Windows - 'nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation)' Kernel 64-bit Stack Memory Disclosure
/ We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryBasicInformation 0x0 and MemoryPrivilegedBasicInformation 0x8 information classes discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10...
SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title : SysGauge Pro v4.6.12 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software : http://www.sysgauge.com/setups/sysgaugeprosetupv4.6.12.exe...
Microsoft Windows - 'nt!NtQuerySystemInformation (SystemPageFileInformation(Ex))' Kernel 64-bit Stack Memory Disclosure
/ We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation 0x12 and SystemPageFileInformationEx 0x90 information classes discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 t...
Microsoft Windows - 'nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation)' Kernel Pool Memory Disclosure
/ We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose uninitialized kernel pool memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The output structu...
Microsoft Windows - 'nt!NtQueryAttributesFile' Kernel Stack Memory Disclosure
/ We have discovered that the nt!NtQueryAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The paths that we have observed to trigger the leak in our test...
Barco ClickShare CSE-200 - Remote Denial of Service
!/usr/bin/python Exploit Title: Barco ClickShare CSE-200 - Remote Denial of Service Date: 11-04-2018 Hardware Link: https://www.barco.com/de/product/clickshare-cse-200 Exploit Author: Florian Hauser Contact: florian DOT g DOT hauser AT gmail DOT com CVE: requested by Barco Category: Hardware...
Microsoft Windows - 'nt!NtQueryVolumeInformationFile' Kernel Stack Memory Disclosure
/ We have discovered that the nt!NtQueryVolumeInformationFile system call invoked against certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 10 32/64-bit; other versions were not tested. The paths that we have observed to...
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
Exploit Title: Sophos Cyberoam UTM - Privilege Escalation Date: 31/08/2016 Exploit Author: Chintan Gurjar Frogy Vendor Homepage: http://www.sophos.com/ Software Link: https://www.cyberoam.com/downloads/datasheet/CR25iNG.html Version: Cyberoam CR25iNG - 10.6.3 MR-5 CVE : CVE-2016-7786 Category :...
Microsoft Windows - 'nt!NtQueryVirtualMemory (MemoryImageInformation)' Kernel 64-bit Stack Memory Disclosure
/ We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryImageInformation 0x6 information class discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 8 to 10. The layout of the corresponding output...
CloudMe Sync 1.11.0 - Local Buffer Overflow
Exploit Title: Local Buffer Overflow on CloudMe Sync v1.11.0 Date: 08.03.2018 Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1110.exe Category: Local Exploit Discovery: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Version: 1.11.0...
Microsoft Edge - 'OpenProcess()' ACG Bypass
Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02 MicrosoftEdgeCP!StartContentProcessExe+0x164 03...
Microsoft Windows - 'nt!NtQueryFullAttributesFile' Kernel Stack Memory Disclosure
/ We have discovered that the nt!NtQueryFullAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The paths that we have observed to trigger the leak in our te...
Zortam MP3 Media Studio 23.45 - Local Buffer Overflow (SEH)
!/usr/bin/python Title: Zortam Mp3 Media Studio Local Buffer Overflow SEH Author: Kevin McGuigan Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: http://www.zortam.com/ Version: 23.45 Tested on: Windows 7 32 bit Date: 12/04/2018 Vendor did not respond to advisory Fil...
Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessImageFileName)' Kernel 64-bit Pool/Stack Memory Disclosure
/ We have discovered that the nt!NtQueryInformationProcess system call invoked with the ProcessImageFileName 0x1B information class discloses uninitialized kernel memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. According to the ZwQueryInformationProcess...
Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix
Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached signing level to an unsigned file by exploiting a TOCTOU ...
Cobub Razor 0.8.0 - SQL injection
Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn([email protected]、[email protected]) Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8057 The string of the 'channelname'...
AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution
http://support.amd.com/en-us/download?cmpid=CCCOffline - Click "Automatically Detect - Download Now" Installation Automatically Installs "Raptr, Inc Plays TV Service" OR https://plays.tv/download Target OS: Windows Any Privilege: SYSTEM Type: Arbitrary File Execution Notes: Second minor bug allow...
MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Title: MikroTik 6.41.4 Denial of service FTP daemon crash CVE: CVE-2018-10070 CWE: CWE-400 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://mikrotik.com/ Version : 6.41.4 Released 2018-Apr-05 | All Version Date: 13-05-2018 Category: Network Appliance Description: A vulnerabilit...
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
!/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def httprequesturl, type="get", payload="", cookie="" puts verbose"HTTP -...
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
!/usr/bin/env import sys import requests print '' print ' Proof-Of-Concept for CVE-2018-7600' print ' by Vitalii Rudnykh' print ' Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders' print ' https://github.com/a2u/CVE-2018-7600' print '' print 'Provided only for educational or informatio...
Microsoft Credential Security Support Provider - Remote Code Execution
credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal Karni, Preempt [email protected] Build Instructions Linux If you are usin...
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/ Affected Version...
Linux/x64 - x64 Assembly Shellcode (Generator)
Linux/x64 - x64 Assembly Shellcode Generator. Shellcode exploit for Generator platform !/usr/bin/env python Features: - Linux shellcode x64 assembly code generation - stack based smaller payload size - execve based - supports long commands meaning bigger than an x64 register - 64 bits - supports...
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting
Exploit Title: WordPress Plugin WordPress File Upload 4.3.2 - Stored XSS Date: 31/03/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip Version: 4.3.2 Tested on: CentOS 6.5 CVE : CVE-2018-9172 Category :...
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add user account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE : CVE-2018-9927 An issue was discovered in WUZHI CMS...
DVD X Player Standard 5.5.3.9 - Buffer Overflow
Exploit Title: Buffer Overflow on DVD X Player Standard 5.5.3.9 Date: 29.03.2018 Vendor Homepage: http://www.dvd-x-player.com Software Link: http://www.dvd-x-player.com/download/DVDXPlayerSetup- Standard.exe Category: Local SEH Based Exploit Credit: Prasenjit Kanti Paul Web:...
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)
Exploit Title: WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS Date: 06/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip Version: 4.3.3 Tested on: Windows 7 / Cent OS 6.5 CVE : CVE-2018-984...
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control
Exploit Title: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability DSA-2018-025 Date: 24/11/2017 Exploit Author: SlidingWindow Vendor Homepage: https://store.Dell EMC.com/en-us/AVAMAR-PRODUCTS/Dell-DELL...
iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting
Exploit Title: iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/easycreate/demo/ Version: 3.2.1 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9236 CVE:...
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add admin account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE : CVE-2018-9926 An issue was discovered in WUZHI CMS...
Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion
/ I think this commit has introduced the bug: https://chromium.googlesource.com/v8/v8.git/+/9884bc5dee488bf206655f07b8a487afef4ded9b Reduction LoadElimination::ReduceTransitionElementsKindNode node ... if objectmaps.containsZoneHandleSetsourcemap objectmaps.removesourcemap, zone;...
WordPress Plugin Activity Log 2.4.0 - Stored Cross-Site Scripting
Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE : CVE-2018-8729 Category : webapps Description...
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)
Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000...
WordPress Plugin Google Drive 2.2 - Remote Code Execution
Exploit Title: Plugin Google Drive for WordPress 2.2 – RCE – Unlik Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/wp-google-drive/ Software Link: https://wordpress.org/plugins/wp-google-drive/ Contact: http://twitter.com/lenonleite Website:...
WebKit - WebAssembly Parsing Does not Correctly Check Section Order
When a WebAssembly binary is parsed in ModuleParser::parse, it is expected to contain certain sections in a certain order, but can also contain custom sections that can appear anywhere in the binary. The ordering check validateOrder does not adequately check that sections are in the correct order...
WolfCMS 0.8.3.1 - Open Redirection
Exploit Title: WolfCMS 0.8.3.1 Open Redirection Vulnerability Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: https://bitbucket.org/wolfcms/wolf-cms-downloads/downloads/wolfcms-0.8.3.1.z...
WolfCMS 0.8.3.1 - Cross-Site Request Forgery
Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: Affected Version: 0.8.3.1 Category: WebApps Tested on: Win7 Enterprise x86/Kali...
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal
Exploit Title: WP Background Takeover, Directory Traversal = 4.1.4 Google Dork: inurl:/plugins/wpsite-background-takeover Date: 2018-03-08 Exploit Author: Colette Chamberland, Defiant, Inc. Vendor Homepage: https://99robots.com Software Link:...
CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure
Advisory: CyberArk Password Vault Memory Disclosure Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the client. Details ======= Product: CyberArk Password...
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)
Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9235 1. Description...
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
Advisory: CyberArk Password Vault Web Access Remote Code Execution The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web...
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
Exploit title: Yahei-PHP Proberv0.4.7 - Cross-Site Scripting Google Dork: intitle:"Proberv0." | inurl:/proberv.php Date: 23/03/2018 Exploit Author: ManhNho Vendor Homepage: http://www.yahei.net/ Software Link: www.yahei.net/tz/tze.zip Version: 0.4.7 CVE: CVE-2018-9238 Tested on: Windows 10 / Kali...
PMS 0.42 - Local Stack-Based Overflow (ROP)
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while reading the configuration file and parsing the malicious...
H2 Database - 'Alias' Arbitrary Code Execution
''' Exploit Title: H2 Database Alias Abuse Date: 05/04/2018 Exploit Author: gambler Vendor Homepage:www.h2database.com Software Link: http://www.h2database.com/html/download.html Version: all versions Tested on: Linux, Mac OS ''' import sys import argparse import html import requests Blogpost abo...
Cobub Razor 0.7.2 - Add New Superuser Account
Exploit Title: Cobub Razor 0.7.2 Add New Superuser User Date: 2018-03-07 Exploit Author: ppb([email protected]) Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7745 There is a vulnerability that can add an admnistrator use...