47904 matches found
Monstra cms 3.0.4 - Persitent Cross-Site Scripting
Exploit Title: Monstra cms 3.0.4 - Persitent Cross-Site Scripting Date: 2018-04-14 Exploit Author: Wenming Jiang Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: php 5.6, apache2.2.29, macos 10.12.6 CVE...
Drupal avatar_uploader v7.x-1.0-beta8 - Arbitrary File Disclosure
Title: Drupal avataruploader v7.x-1.0-beta8 - Arbitrary File Disclosure Author: Larry W. Cashdollar Date: 2018-03-30 CVE-ID: CVE-2018-9205 Download Site: https://www.drupal.org/project/avataruploader Vendor: https://www.drupal.org/u/robbinzhao Vendor Notified: 2018-04-02 Vendor Contact:...
Oracle Weblogic Server 10.3.6.0 / 12.1.3.0 / 12.2.1.2 / 12.2.1.3 - Deserialization Remote Command Execution
-- coding: utf-8 -- Oracle Weblogic Server 10.3.6.0, 12.1.3.0, 12.2.1.2, 12.2.1.3 Deserialization Remote Command Execution Vulnerability CVE-2018-2628 IMPORTANT: Is provided only for educational or information purposes. Credit: Thanks by Liao Xinxi of NSFOCUS Security Team Reference:...
Cobub Razor 0.8.0 - Physical Path Leakage
Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Date: 2018-04-19 Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL: http://localhost/export.php HTTP Method: GET URL:...
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
Exploit Title: MySQL Squid Access Report 2.1.4 Multiple Vulnerabilities Date: 14-13-2018 Software Link: https://sourceforge.net/projects/mysar/ Exploit Author: Keerati T. Version: 2.1.4 Tested on: Linux 1. Description SQL injection and Cross site script vulnerabilities are found on ALL parameter ...
PDFunite 0.41.0 - '.pdf' Local Buffer Overflow
Exploit Title: PDFunite Malformed pdf buffer overflow Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/artful/+package/poppler-utils Software Link: https://launchpad.net/ubuntu/+source/poppler/0.57.0-2ubuntu4.2 Version: 0.41.0 Tested on: Ubuntu CVE :...
WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting
Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link: https://wordpress.org/plugins/caldera-forms/ Vulnerable App:...
Match Clone Script 1.0.4 - Cross-Site Scripting
Exploit Title: Match Clone Script 1.0.4 - Cross-Site Scripting Date: 23.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/match-clone/ Category: Web Application Exploit Author: ManhNho Version: 1.0.4 Tested on: Window 10 / Kali Linux CV...
Easy File Sharing Web Server 7.2 - Stack Buffer Overflow
Exploit Title: Easy File Sharing Web Server 7.2 stack buffer overflow Date: 03/24/2018 Exploit Author: rebeyond - http://www.rebeyond.net Vendor Homepage: http://www.sharing-file.com/ Software Link: http://www.sharing-file.com/efssetup.exe Version: 7.2 CVE: CVE-2018-9059 Tested on: Windows XP...
Rvsitebuilder CMS - Database Backup Download
Exploit Title: Rvsitebuilder CMS Database Backup Download Exploit Author: Hesam Bazvand Contact: [email protected] Software Link: http://www.rvsitebuilder.com Version: All Version Tested on: Windows 7 / Kali Linux Category: WebApps Dork : inurl:rvsindex.php & /rvsindex.php?/user/login Explo...
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage: http://www.itwatchdogs.com/ Version: 3.2.2 Software Link:...
VX Search 10.6.18 - 'directory' Local Buffer Overflow
!/usr/bin/python Title: VX Search 10.6.18 Local Buffer Overflow Author: Kevin McGuigan Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: http://www.vxsearch.com Version: 10.6.18 Date: 18/04/2018 Tested on: Windows 7 32-bit Vendor did not respond to advisory. Copy the...
RSVG 2.40.13 / 2.42.2 - '.svg' Buffer Overflow
Exploit Title: Buffer-overflow in RSVG while converting a malformed svg Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin Software Link: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin Version: Ubuntu: 2.40.13 Defaul...
Lutron Quantum 2.0 - 3.2.243 - Information Disclosure
''' Exploit Title: Login bypass and data leak - Lutron Quantum 2.0 - 3.2.243 firmware Date: 20-03-2018 Exploit Author: David Castro Contact: https://twitter.com/SadFud75 Vendor Homepage: http://www.lutron.com Software Link:...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Request Forgery
Exploit Title: Joomla! Component Js Jobs - Multiple Cross Site Request Forgery Vulnerabilities Google Dork: N/A Date: 17-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com Software Link:...
Kodi 17.6 - Persistent Cross-Site Scripting
============================================= MGC ALERT 2018-003 - Original release date: March 19, 2018 - Last revised: April 16, 2018 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 CVSS Base Score - CVE-ID: CVE-2018-8831 ============================================= I. VULNERABILITY...
Brave Browser < 0.13.0 - 'window.close(self)' Denial of Service
Exploit Title:Brave Browser Brave Window Object Remote Denial of Service. Brave Window Object Remote Denial of Service Proof of Concept Click the below link to Trigger the Vulnerability.. Brave Window Object DoS Test POC...
Brave Browser < 0.13.0 - 'long alert() argument' Denial of Service
Exploit Title:Brave Browser...
Reaper 5.78 - Local Buffer Overflow
Exploit Title: Reaper 5.78 - Local Buffer Overflow Exploit Author: bzyo CVE: CVE-2018-9131 Date: 2018-03-30 Vulnerable Software: Reaper 5.78 Vendor Homepage: https://www.reaper.fm/ Version: 5.78 Software Link: https://www.reaper.fm/download.php Tested On: Windows 7 x86 lots of bad chars, use...
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
Exploit Title: Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Google Dork: N/A Date: 14-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.jdownloads.com/ Software Link:...
Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow (PoC)
Exploit Title: Ultra MiniHTTPd 1.2 - 'GET' Remote Stack Buffer Overflow Date: 2018-04-14 Exploit Author: jollymongrel Vendor Homepage: http://www.vector.co.jp Software Link: http://www.vector.co.jp/soft/winnt/net/se275154.html Version: 1.2 Tested on: Windows 7 32-bit CVE : CVE-2013-5019 import sy...
D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting
Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross Site Scripting XSS Date: 14.04.2018 Exploit Author: Sayan Chatterjee Vendor Homepage: http://www.dlink.co.in Hardware Link: http://www.dlink.co.in/products/?pid=678 Category: Hardware Wi-fi Router Hardware Version: T1 Firmware...
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Drupalgeddon2', 'Description' = %q CVE-2018-7600 / SA-CORE-2018-002 Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before...
Microsoft Windows - 'nt!NtQueryVolumeInformationFile' Kernel Stack Memory Disclosure
/ We have discovered that the nt!NtQueryVolumeInformationFile system call invoked against certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 10 32/64-bit; other versions were not tested. The paths that we have observed to...
Microsoft Windows - 'nt!NtQueryFullAttributesFile' Kernel Stack Memory Disclosure
/ We have discovered that the nt!NtQueryFullAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The paths that we have observed to trigger the leak in our te...
Microsoft Windows - 'nt!NtQueryAttributesFile' Kernel Stack Memory Disclosure
/ We have discovered that the nt!NtQueryAttributesFile system call invoked with paths of certain kernel objects discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The paths that we have observed to trigger the leak in our test...
Barco ClickShare CSE-200 - Remote Denial of Service
!/usr/bin/python Exploit Title: Barco ClickShare CSE-200 - Remote Denial of Service Date: 11-04-2018 Hardware Link: https://www.barco.com/de/product/clickshare-cse-200 Exploit Author: Florian Hauser Contact: florian DOT g DOT hauser AT gmail DOT com CVE: requested by Barco Category: Hardware...
SysGauge Pro 4.6.12 - Local Buffer Overflow (SEH)
!/usr/bin/python Exploit Title : SysGauge Pro v4.6.12 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software : http://www.sysgauge.com/setups/sysgaugeprosetupv4.6.12.exe...
Microsoft Windows - 'nt!NtQuerySystemInformation (SystemPageFileInformation(Ex))' Kernel 64-bit Stack Memory Disclosure
/ We have discovered that the nt!NtQuerySystemInformation system call invoked with the SystemPageFileInformation 0x12 and SystemPageFileInformationEx 0x90 information classes discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 t...
Microsoft Windows - 'nt!NtQueryVirtualMemory (Memory(Privileged)BasicInformation)' Kernel 64-bit Stack Memory Disclosure
/ We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryBasicInformation 0x0 and MemoryPrivilegedBasicInformation 0x8 information classes discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10...
CloudMe Sync 1.11.0 - Local Buffer Overflow
Exploit Title: Local Buffer Overflow on CloudMe Sync v1.11.0 Date: 08.03.2018 Vendor Homepage: https://www.cloudme.com/en Software Link: https://www.cloudme.com/downloads/CloudMe1110.exe Category: Local Exploit Discovery: Prasenjit Kanti Paul Web: http://hack2rule.wordpress.com/ Version: 1.11.0...
Zortam MP3 Media Studio 23.45 - Local Buffer Overflow (SEH)
!/usr/bin/python Title: Zortam Mp3 Media Studio Local Buffer Overflow SEH Author: Kevin McGuigan Twitter: @h3xagram Author Website: https://www.7elements.co.uk Vendor Website: http://www.zortam.com/ Version: 23.45 Tested on: Windows 7 32 bit Date: 12/04/2018 Vendor did not respond to advisory Fil...
Microsoft Windows - 'CiSetFileCache' TOCTOU Incomplete Fix
Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached signing level to an unsigned file by exploiting a TOCTOU ...
Sophos Cyberoam UTM CR25iNG - 10.6.3 MR-5 - Direct Object Reference
Exploit Title: Sophos Cyberoam UTM - Privilege Escalation Date: 31/08/2016 Exploit Author: Chintan Gurjar Frogy Vendor Homepage: http://www.sophos.com/ Software Link: https://www.cyberoam.com/downloads/datasheet/CR25iNG.html Version: Cyberoam CR25iNG - 10.6.3 MR-5 CVE : CVE-2016-7786 Category :...
Microsoft Windows - 'nt!NtQueryVirtualMemory (MemoryImageInformation)' Kernel 64-bit Stack Memory Disclosure
/ We have discovered that the nt!NtQueryVirtualMemory system call invoked with the MemoryImageInformation 0x6 information class discloses uninitialized kernel stack memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 8 to 10. The layout of the corresponding output...
Microsoft Windows - 'nt!NtQueryInformationProcess (ProcessImageFileName)' Kernel 64-bit Pool/Stack Memory Disclosure
/ We have discovered that the nt!NtQueryInformationProcess system call invoked with the ProcessImageFileName 0x1B information class discloses uninitialized kernel memory to user-mode clients. The vulnerability affects 64-bit versions of Windows 7 to 10. According to the ZwQueryInformationProcess...
Microsoft Edge - 'OpenProcess()' ACG Bypass
Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02 MicrosoftEdgeCP!StartContentProcessExe+0x164 03...
Cobub Razor 0.8.0 - SQL injection
Exploit Title: Cobub Razor 0.8.0 SQL injection Vulnerability Date: 2018-04-16 Exploit Author: Kyhvedn([email protected]、[email protected]) Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8057 The string of the 'channelname'...
Microsoft Windows - 'nt!NtQueryInformationTransactionManager (TransactionManagerRecoveryInformation)' Kernel Pool Memory Disclosure
/ We have discovered that the nt!NtQueryInformationTransactionManager system call invoked with the TransactionManagerRecoveryInformation 4 information class may disclose uninitialized kernel pool memory to user-mode clients. The vulnerability affects Windows 7 to 10, 32/64-bit. The output structu...
AMD Plays.tv 1.27.5.0 - 'plays_service.exe' Arbitrary File Execution
http://support.amd.com/en-us/download?cmpid=CCCOffline - Click "Automatically Detect - Download Now" Installation Automatically Installs "Raptr, Inc Plays TV Service" OR https://plays.tv/download Target OS: Windows Any Privilege: SYSTEM Type: Arbitrary File Execution Notes: Second minor bug allow...
Microsoft Credential Security Support Provider - Remote Code Execution
credssp This is a poc code for exploiting CVE-2018-0886. It should be used for educational purposes only. It relies on a fork of the rdpy projecthttps://github.com/preempt/rdpy, allowing also credssp relay. Written by Eyal Karni, Preempt [email protected] Build Instructions Linux If you are usin...
MikroTik 6.41.4 - FTP daemon Denial of Service (PoC)
Title: MikroTik 6.41.4 Denial of service FTP daemon crash CVE: CVE-2018-10070 CWE: CWE-400 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://mikrotik.com/ Version : 6.41.4 Released 2018-Apr-05 | All Version Date: 13-05-2018 Category: Network Appliance Description: A vulnerabilit...
Drupal < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution (PoC)
!/usr/bin/env import sys import requests print '' print ' Proof-Of-Concept for CVE-2018-7600' print ' by Vitalii Rudnykh' print ' Thanks by AlbinoDrought, RicterZ, FindYanot, CostelSalanders' print ' https://github.com/a2u/CVE-2018-7600' print '' print 'Provided only for educational or informatio...
Drupal < 7.58 / < 8.3.9 / < 8.4.6 / < 8.5.1 - 'Drupalgeddon2' Remote Code Execution
!/usr/bin/env ruby CVE-2018-7600 Drupal &1' ; " bashcmd = "echo " + Base64.strictencode64bashcmd + " | base64 -d" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Function httprequest type data def httprequesturl, type="get", payload="", cookie="" puts verbose"HTTP -...
Joomla! Convert Forms version 2.0.3 - Formula Injection (CSV Injection)
Exploit Title: Joomla Extension Convert Forms version 2.0.3 is vulnerable to Formula Injection CSV Injection Google Dork: N/A Date: 12-04-2018 Exploit Author: Jetty Sairam Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/convert-forms/ Affected Version...
Linux/x64 - x64 Assembly Shellcode (Generator)
Linux/x64 - x64 Assembly Shellcode Generator. Shellcode exploit for Generator platform !/usr/bin/env python Features: - Linux shellcode x64 assembly code generation - stack based smaller payload size - execve based - supports long commands meaning bigger than an x64 register - 64 bits - supports...
Google Chrome V8 JIT - 'LoadElimination::ReduceTransitionElementsKind' Type Confusion
/ I think this commit has introduced the bug: https://chromium.googlesource.com/v8/v8.git/+/9884bc5dee488bf206655f07b8a487afef4ded9b Reduction LoadElimination::ReduceTransitionElementsKindNode node ... if objectmaps.containsZoneHandleSetsourcemap objectmaps.removesourcemap, zone;...
WordPress Plugin File Upload 4.3.2 - Stored Cross-Site Scripting
Exploit Title: WordPress Plugin WordPress File Upload 4.3.2 - Stored XSS Date: 31/03/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip Version: 4.3.2 Tested on: CentOS 6.5 CVE : CVE-2018-9172 Category :...
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add Admin)
Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add admin account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE : CVE-2018-9926 An issue was discovered in WUZHI CMS...
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)
Exploit Title: WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS Date: 06/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip Version: 4.3.3 Tested on: Windows 7 / Cent OS 6.5 CVE : CVE-2018-984...