MyBB Plugin Recent Threads On Index - Cross-Site Scripting

Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads in the side bar on your MyBB forum. 2. Proof of concept:...

WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution

Exploit Title: Plugin Woocommerce CSV importer 3.3.6 – RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/woocommerce-csvimport/ Software Link: https://wordpress.org/plugins/woocommerce-csvimport/ Contact: http://twitter.com/lenonleite Website...

GoldWave 5.70 - Local Buffer Overflow (SEH Unicode)

!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: GoldWave 5.70 - Local Buffer Overflow SEH Unicode Date: 04-05-2018 Vulnerable Software: GoldWave 5.70 Vendor Homepage: https://www.goldwave.com/ Version: 5.70 Software Link: http://goldwave.com//downloads/gwave570.exe Tested...

WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution

Exploit Title: Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE Date: 2018-04-08 Exploit Author: Graeme Robinson Contact: @Grasec Vendor Homepage: http://simple-fields.com Software Link: https://downloads.wordpress.org/plugin/simple-fields.0.3.5.zip Version: 0.2 - 0.3.5 Tested on: Ubuntu 16.04.4 + PHP 5.3.0...

KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection

Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000...

DotNetNuke DNNarticle Module 11 - Directory Traversal

Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information OVE-ID: CVE-2018-9126. 03. Introduction DNN Article is...

Adobe Flash < 28.0.0.161 - Use-After-Free

!/usr/bin/env python coding: UTF-8 import BaseHTTPServer import sys from SimpleHTTPServer import SimpleHTTPRequestHandler print "@Syfi2k" print "+ CVE-2018-4878 poc " print "--------------------------------" print "Calc.exe Shellcode via Msfvenom" print "Based on fixed version...

LineageOS 14.1 Blueborne - Remote Code Execution

Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Date: 04/01/2018 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and testing purposes ONLY. Code in exp4.py More info in...

Cobub Razor 0.7.2 - Cross-Site Request Forgery

Exploit Title: Cobub Razor 0.7.2 Cross Site Request Forgery Date: 2018-03-07 Exploit Author: ppb Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7746 There is a vulnerability. Authentication is not required for...

Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition Security Vendor: ========== www.sophos.com Product: =========== Sophos...

FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass

Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard coded cookie. Using any cookie manager extension, an...

Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-v10.7-TAMPER-PROTECTION-BYPASS-CVE-2018-4863.txt + ISR: Apparition Security Vendor: ============= www.sophos.com Product: =========== Sophos...

GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation

!/usr/bin/env python3 E-DB Note https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc E-DB Note https://sigint.sh//holeybeep This is an exploit for HoleyBeep. To use it, place any command you want root to execute in /tmp/x. $ cat /tmp/x echo PWN...

WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting

Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE :...

Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods

!-- There are multiple use-after-free issues in Array methods in jscript. When jscript executes an Array method such as Array.join, it first retrieves the length of an array. If the input is not an array but an object, then the length property of the object is going to be retrieved and converted ...

WebRTC - Private IP Leakage (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Private IP Leakage to WebPage using WebRTC Function.", 'Description' = %q This module exploits a vulnerability in browsers using well-known...

Microsoft Windows Defender - 'mpengine.dll' Memory Corruption

Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code; given that it still processes the VMSFUPCASE filter...

Z-Blog 1.5.1.1740 - Full Path Disclosure

Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7737 This is a WebSite physical path...

GetSimple CMS 3.3.13 - Cross-Site Scripting

Exploit Title: GetSimple CMS 3.3.13 - Cross Site Scripting Vulnerability Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Affected Version: 3.3.13...

Z-Blog 1.5.1.1740 - Cross-Site Scripting

Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS vulnerability than can attack the users. poc:...

Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting

Exploit Title: Joomla! Component JS Jobs 1.2.0 - Cross Site Scripting Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com/products/js-jobs.html Software Link: https://www.joomsky.com/5/download/1.html...

YzmCMS 3.6 - Cross-Site Scripting

Exploit Title: YzmCMS 3.6 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: http://www.yzmcms.com/ Software Link: http://www.yzmcms.com/ Version: 3.6 CVE : CVE-2018-7653 This is a XSS vulnerability than can attack the users. poc:...

MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting

Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS Date: 3/28/18 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=854 Version: 2.0.3 Tested on: Ubuntu 17.10 1. Description: It is a plugin which add...

ProcessMaker - Plugin Upload (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ProcessMaker Plugin Upload', 'Description' = %q This module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code a...

Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write

/ Bug: The Genesis::InitializeGlobal method initializes the constructor of RegExp as follows: // Builtin functions for RegExp.prototype. Handle regexpfun = InstallFunction global, "RegExp", JSREGEXPTYPE, JSRegExp::kSize + JSRegExp::kInObjectFieldCount kPointerSize, JSRegExp::kInObjectFieldCount,...

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (1)

/ Here's a snippet of JavascriptArray::BoxStackInstance. To fix issue 1420 , "deepCopy" was introduced. But it only deep-copies the array when "instance-head" is on the stack. So simply by adding a single line of code that allocates "head" to the heap, we can bypass the fix. template T...

Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type Confusion

/ Here's a snippet of the method. https://cs.chromium.org/chromium/src/v8/src/elements.cc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051 static Maybe CollectValuesOrEntriesImpl Isolate isolate, Handle object, Handle valuesorentries, bool getentries, int nofitems, PropertyFilter filter ... fo...

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (2)

/ Here's a snippet of JavascriptArray::BoxStackInstance. template T JavascriptArray::BoxStackInstanceT instance, bool deepCopy AssertThreadContext::IsOnStackinstance; // On the stack, the we reserved a pointer before the object as to store the boxed value T boxedInstanceRef = T instance - 1; T...

VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials

VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is configured as Protector, Sentinel or Fortress Version = The...

WebLog Expert Enterprise 9.4 - Privilege Escalation

Exploit Author: bzyo Twitter: @bzyo Exploit Title: WebLog Expert Enterprise 9.4 - Privilege Escalation Date: 03-31-2018 Vulnerable Software: WebLog Expert Enterprise 9.4 Vendor Homepage: https://www.weblogexpert.com/ Version: 9.4 Software Link: https://www.weblogexpert.com/download.htm Tested On:...

LifeSize ClearSea 3.1.4 - Directory Traversal

''' Tittle: LifeSize ClearSea 3.1.4 Directory Traversal Vulnerabilities Author: rsp3ar Impact: Remote Code Execution Post-Authentication Recommendation: Use strong password for default 'admin' user and secure management access to the device. Please consult vendor for replacement/alternative...

OpenCMS 10.5.3 - Cross-Site Scripting

Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...

WampServer 3.1.2 - Cross-Site Request Forgery

Exploit Title: WampServer 3.1.2 CSRF to add or delete any virtual hostsremotely Date: 31-03-2018 Software Link: http://www.wampserver.com/en/ Version: 3.1.2 Tested On: Windows 10 Exploit Author: Vipin Chaudhary Contact: http://twitter.com/vipinxsec Website: http://medium.com/@vipinxsec CVE:...

Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)

Exploit Title:​​ Cross Site Request Forgery- Frog CMS Date: 31-03-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Version: 0.9.5 CVE : CVE-2018-8908 Category: Webapp CMS 1...

Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change

Secutech RiS-11/RiS-22/RiS-33 V5.07.52esFRI01 Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices w...

OpenCMS 10.5.3 - Cross-Site Request Forgery

Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...

DLink DIR-601 - Admin Password Disclosure

Exploit Title: DLink DIR-601 Unauthenticated Admin password disclosure Google Dork: N/A Date: 12/24/2017 Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windows 10 + Mozilla Firefox CVE : CVE-2018-570...

WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery

Exploit Title: WampServer 3.1.1 XSS via CSRF Date: 31-03-2018 Software Link: http://www.wampserver.com/en/ Version: 3.1.1 Tested On: Windows 10 Exploit Author: Vipin Chaudhary Contact: http://twitter.com/vipinxsec Website: http://medium.com/@vipinxsec CVE: CVE-2018-8732 1. Description XSS: cross...

VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal

VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is configured as Protector, Sentinel or Fortress Version = The Operating...

Sync Breeze Enterprise 10.4.18 - Denial of-Service (PoC)

!/usr/bin/python import socket import sys from struct import pack try: server = sys.argv1 port = 9121 size = 1000 inputBuffer = b"\x41" size header = b"\x75\x19\xba\xab" header += b"\x03\x00\x00\x00" header += b"\x00\x40\x00\x00" header += pack'I', leninputBuffer header += pack'I', leninputBuffer...

Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow

''' Faleemi Desktop Software for Windows- DDNS/IP Local Buffer Overflow Vuln Description: Faleemi Desktop Software for Windows and its Beta version Faleemi Plus Desktop Software for WindowsBeta are vulnerable to Buffer Overflow exploit. When overly input is given to DDNS/IP parameter, it overflow...

Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)

Tenda W3002R/A302/w309r Wireless Router V5.07.64en Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with...

Tenda W316R Wireless Router 5.07.50 - Remote DNS Change

Tenda W316R Wireless Router V5.07.50 Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable syste...

WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure

Exploit Title: WP Security Audit Log Plugin, Sensitive Information Disclosure CheckDirectory $useruploadpath wpmkdirp $useruploadpath ;...

SysGauge 4.5.18 - Local Denial of Service

!/usr/bin/python Exploit Title : SysGauge v4.5.18 - Local Denial of Service Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software : http://www.sysgauge.com/setups/sysgaugesetupv4.5.18.exe Note :...

Homematic CCU2 2.29.23 - Remote Command Execution

!/usr/bin/ruby Exploit Title: Homematic CCU2 Remote Command Execution Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 CVE : 2018-7297 Description:...

WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting

Exploit Title : Relevanssi Wordpress Search Plugin Reflected Cross Site Scripting XSS Date: 23-03-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://www.relevanssi.com Software Link: https://wordpress.org/plugins/relevanssi Version: 4.0.4 CVE...

Systematic SitAware - NVG Denial of Service

Exploit Title: SitAware NVG Denial of Service Date: 03/31/2018 Exploit Author: 2u53 Vendor Homepage: https://systematic.com/defence/products/c2/sitaware/ Version: 6.4 SP2 Tested on: Windows Server 2012 R2 CVE: CVE-2018-9115 Remarks: PoC needs bottlypy: https://bottlepy.org/docs/dev/...

Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change

Tenda FH303/A300 Firmware V5.07.68EN Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable syste...

Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection

Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extension/acymailing-starter/ Affected Version: 5.9.5 Category:...