47904 matches found
iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting
Exploit Title: iScripts Easycreate 3.2.1 - Stored Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/easycreate/demo/ Version: 3.2.1 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9236 CVE:...
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add user account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE : CVE-2018-9927 An issue was discovered in WUZHI CMS...
Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager - Invalid Access Control
Exploit Title: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability DSA-2018-025 Date: 24/11/2017 Exploit Author: SlidingWindow Vendor Homepage: https://store.Dell EMC.com/en-us/AVAMAR-PRODUCTS/Dell-DELL...
DVD X Player Standard 5.5.3.9 - Buffer Overflow
Exploit Title: Buffer Overflow on DVD X Player Standard 5.5.3.9 Date: 29.03.2018 Vendor Homepage: http://www.dvd-x-player.com Software Link: http://www.dvd-x-player.com/download/DVDXPlayerSetup- Standard.exe Category: Local SEH Based Exploit Credit: Prasenjit Kanti Paul Web:...
WordPress Plugin File Upload 4.3.3 - Stored Cross-Site Scripting (PoC)
Exploit Title: WordPress Plugin WordPress File Upload 4.3.3 - Stored XSS Date: 06/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iptanus.com/ Software Link: https://downloads.wordpress.org/plugin/wp-file-upload.zip Version: 4.3.3 Tested on: Windows 7 / Cent OS 6.5 CVE : CVE-2018-984...
GoldWave 5.70 - Local Buffer Overflow (SEH Unicode)
!/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: GoldWave 5.70 - Local Buffer Overflow SEH Unicode Date: 04-05-2018 Vulnerable Software: GoldWave 5.70 Vendor Homepage: https://www.goldwave.com/ Version: 5.70 Software Link: http://goldwave.com//downloads/gwave570.exe Tested...
H2 Database - 'Alias' Arbitrary Code Execution
''' Exploit Title: H2 Database Alias Abuse Date: 05/04/2018 Exploit Author: gambler Vendor Homepage:www.h2database.com Software Link: http://www.h2database.com/html/download.html Version: all versions Tested on: Linux, Mac OS ''' import sys import argparse import html import requests Blogpost abo...
WordPress Plugin Simple Fields 0.2 - 0.3.5 - Local/Remote File Inclusion / Remote Code Execution
Exploit Title: Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE Date: 2018-04-08 Exploit Author: Graeme Robinson Contact: @Grasec Vendor Homepage: http://simple-fields.com Software Link: https://downloads.wordpress.org/plugin/simple-fields.0.3.5.zip Version: 0.2 - 0.3.5 Tested on: Ubuntu 16.04.4 + PHP 5.3.0...
Yahei PHP Prober 0.4.7 - Cross-Site Scripting
Exploit title: Yahei-PHP Proberv0.4.7 - Cross-Site Scripting Google Dork: intitle:"Proberv0." | inurl:/proberv.php Date: 23/03/2018 Exploit Author: ManhNho Vendor Homepage: http://www.yahei.net/ Software Link: www.yahei.net/tz/tze.zip Version: 0.4.7 CVE: CVE-2018-9238 Tested on: Windows 10 / Kali...
MyBB Plugin Recent Threads On Index - Cross-Site Scripting
Exploit Title: MyBB Recent threads Date: 4th April 2018 Exploit Author: Perileos Software Link: https://community.mybb.com/mods.php?action=view&pid=191 Version: 17.0 Tested on: Windows 10 1. Description: This plugin shows recent threads in the side bar on your MyBB forum. 2. Proof of concept:...
WooCommerce CSV-Importer-Plugin 3.3.6 - Remote Code Execution
Exploit Title: Plugin Woocommerce CSV importer 3.3.6 – RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/woocommerce-csvimport/ Software Link: https://wordpress.org/plugins/woocommerce-csvimport/ Contact: http://twitter.com/lenonleite Website...
WordPress Plugin Google Drive 2.2 - Remote Code Execution
Exploit Title: Plugin Google Drive for WordPress 2.2 – RCE – Unlik Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/wp-google-drive/ Software Link: https://wordpress.org/plugins/wp-google-drive/ Contact: http://twitter.com/lenonleite Website:...
Buddypress Xprofile Custom Fields Type 2.6.3 - Remote Code Execution
Exploit Title: Plugin Buddypress Xprofile Custom Fields Type 2.6.3 RCE – Unlink Date: 08/04/2018 Exploit Author: Lenon Leite Vendor Homepage: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/ Software Link: https://wordpress.org/plugins/buddypress-xprofile-custom-fields-type/...
iScripts SonicBB 1.0 - Reflected Cross-Site Scripting (PoC)
Exploit Title: iScripts SonicBB 1.0 - Reflected Cross-Site Scripting Date: 02/04/2018 Exploit Author: ManhNho Vendor Homepage: https://www.iscripts.com Demo Page: https://www.demo.iscripts.com/sonicbb/demo/ Version: 1.0 Tested on: Windows 10 Category: Webapps CVE: CVE-2018-9235 1. Description...
CyberArk Password Vault Web Access < 9.9.5 / < 9.10 / 10.1 - Remote Code Execution
Advisory: CyberArk Password Vault Web Access Remote Code Execution The CyberArk Password Vault Web Access application uses authentication tokens which consist of serialized .NET objects. By crafting manipulated tokens, attackers are able to gain unauthenticated remote code execution on the web...
CyberArk Password Vault < 9.7 / < 10 - Memory Disclosure
Advisory: CyberArk Password Vault Memory Disclosure Data in the CyberArk Password Vault may be accessed through a proprietary network protocol. While answering to a client's logon request, the vault discloses around 50 bytes of its memory to the client. Details ======= Product: CyberArk Password...
WebKit - WebAssembly Parsing Does not Correctly Check Section Order
When a WebAssembly binary is parsed in ModuleParser::parse, it is expected to contain certain sections in a certain order, but can also contain custom sections that can appear anywhere in the binary. The ordering check validateOrder does not adequately check that sections are in the correct order...
KYOCERA Multi-Set Template Editor 3.4 - Out-Of-Band XML External Entity Injection
Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000...
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)
Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and uncomplicated control to handle a fleet for up to 10,000...
PMS 0.42 - Local Stack-Based Overflow (ROP)
Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while reading the configuration file and parsing the malicious...
Cobub Razor 0.7.2 - Add New Superuser Account
Exploit Title: Cobub Razor 0.7.2 Add New Superuser User Date: 2018-03-07 Exploit Author: ppb([email protected]) Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7745 There is a vulnerability that can add an admnistrator use...
WolfCMS 0.8.3.1 - Open Redirection
Exploit Title: WolfCMS 0.8.3.1 Open Redirection Vulnerability Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: https://bitbucket.org/wolfcms/wolf-cms-downloads/downloads/wolfcms-0.8.3.1.z...
WolfCMS 0.8.3.1 - Cross-Site Request Forgery
Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: Affected Version: 0.8.3.1 Category: WebApps Tested on: Win7 Enterprise x86/Kali...
WordPress Plugin Background Takeover < 4.1.4 - Directory Traversal
Exploit Title: WP Background Takeover, Directory Traversal = 4.1.4 Google Dork: inurl:/plugins/wpsite-background-takeover Date: 2018-03-08 Exploit Author: Colette Chamberland, Defiant, Inc. Vendor Homepage: https://99robots.com Software Link:...
LineageOS 14.1 Blueborne - Remote Code Execution
Exploit Title: LineageOS 14.1 Android 7.1.2 Blueborne RCE CVE-2017-0781 Date: 04/01/2018 Exploit Author: Marcin Kozlowski Tested on: LinageOS 14.1 Android 7.1.2 without BlueBorne Patch CVE : CVE-2017-0781 Provided for legal security research and testing purposes ONLY. Code in exp4.py More info in...
GNU Beep 1.3 - 'HoleyBeep' Local Privilege Escalation
!/usr/bin/env python3 E-DB Note https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc E-DB Note https://sigint.sh//holeybeep This is an exploit for HoleyBeep. To use it, place any command you want root to execute in /tmp/x. $ cat /tmp/x echo PWN...
Adobe Flash < 28.0.0.161 - Use-After-Free
!/usr/bin/env python coding: UTF-8 import BaseHTTPServer import sys from SimpleHTTPServer import SimpleHTTPRequestHandler print "@Syfi2k" print "+ CVE-2018-4878 poc " print "--------------------------------" print "Calc.exe Shellcode via Msfvenom" print "Based on fixed version...
Sophos Endpoint Protection Control Panel 10.7 - Weak Password Encryption
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-CONTROL-PANEL-v10.7-INSECURE-CRYPTO-CVE-2018-9233.txt + ISR: Apparition Security Vendor: ========== www.sophos.com Product: =========== Sophos...
Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-v10.7-TAMPER-PROTECTION-BYPASS-CVE-2018-4863.txt + ISR: Apparition Security Vendor: ============= www.sophos.com Product: =========== Sophos...
Cobub Razor 0.7.2 - Cross-Site Request Forgery
Exploit Title: Cobub Razor 0.7.2 Cross Site Request Forgery Date: 2018-03-07 Exploit Author: ppb Vendor Homepage: https://github.com/cobub/razor/ Software Link: https://github.com/cobub/razor/ Version: 0.72 CVE : CVE-2018-7746 There is a vulnerability. Authentication is not required for...
DotNetNuke DNNarticle Module 11 - Directory Traversal
Advisory Information Title: Directory Traversal Vulnerability in DNNarticle module Date published: n/a Date of last update: n/a Vendors contacted: zldnn.com Discovered by: Esmaeil Rahimian Severity: Critical 02. Vulnerability Information OVE-ID: CVE-2018-9126. 03. Introduction DNN Article is...
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass
Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard coded cookie. Using any cookie manager extension, an...
Z-Blog 1.5.1.1740 - Full Path Disclosure
Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7737 This is a WebSite physical path...
WordPress Plugin Activity Log 2.4.0 - Cross-Site Scripting
Exploit Title : Activity Log Wordpress Plugin Stored Cross Site Scripting XSS Date: 25-02-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://pojo.me Software Link: https://wordpress.org/plugins/aryo-activity-log/ Version: 2.4.0 CVE :...
GetSimple CMS 3.3.13 - Cross-Site Scripting
Exploit Title: GetSimple CMS 3.3.13 - Cross Site Scripting Vulnerability Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://get-simple.info/ Software Link: http://get-simple.info/download/ Affected Version: 3.3.13...
Microsoft Windows Defender - 'mpengine.dll' Memory Corruption
Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unrar code; given that it still processes the VMSFUPCASE filter...
Microsoft Windows - Multiple Use-After-Free Issues in jscript Array Methods
!-- There are multiple use-after-free issues in Array methods in jscript. When jscript executes an Array method such as Array.join, it first retrieves the length of an array. If the input is not an array but an object, then the length property of the object is going to be retrieved and converted ...
Z-Blog 1.5.1.1740 - Cross-Site Scripting
Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS vulnerability than can attack the users. poc:...
YzmCMS 3.6 - Cross-Site Scripting
Exploit Title: YzmCMS 3.6 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: http://www.yzmcms.com/ Software Link: http://www.yzmcms.com/ Version: 3.6 CVE : CVE-2018-7653 This is a XSS vulnerability than can attack the users. poc:...
MyBB Plugin Downloads 2.0.3 - Cross-Site Scripting
Exploit Title: MyBB Downloads Plugin v2.0.3 - Persistent XSS Date: 3/28/18 Author: 0xB9 Contact: luxorforums.com/User-0xB9 or 0xB9atprotonmail.com Software Link: https://community.mybb.com/mods.php?action=view&pid=854 Version: 2.0.3 Tested on: Ubuntu 17.10 1. Description: It is a plugin which add...
Joomla! Component JS Jobs 1.2.0 - Cross-Site Scripting
Exploit Title: Joomla! Component JS Jobs 1.2.0 - Cross Site Scripting Google Dork: N/A Date: 03-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://www.joomsky.com/products/js-jobs.html Software Link: https://www.joomsky.com/5/download/1.html...
WebRTC - Private IP Leakage (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Private IP Leakage to WebPage using WebRTC Function.", 'Description' = %q This module exploits a vulnerability in browsers using well-known...
ProcessMaker - Plugin Upload (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ProcessMaker Plugin Upload', 'Description' = %q This module will generate and upload a plugin to ProcessMaker resulting in execution of PHP code a...
Google Chrome V8 - 'ElementsAccessorBase::CollectValuesOrEntriesImpl' Type Confusion
/ Here's a snippet of the method. https://cs.chromium.org/chromium/src/v8/src/elements.cc?rcl=3cbf26e8a21aa76703d2c3c51adb9c96119500da&l=1051 static Maybe CollectValuesOrEntriesImpl Isolate isolate, Handle object, Handle valuesorentries, bool getentries, int nofitems, PropertyFilter filter ... fo...
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (2)
/ Here's a snippet of JavascriptArray::BoxStackInstance. template T JavascriptArray::BoxStackInstanceT instance, bool deepCopy AssertThreadContext::IsOnStackinstance; // On the stack, the we reserved a pointer before the object as to store the boxed value T boxedInstanceRef = T instance - 1; T...
Google Chrome V8 - 'Genesis::InitializeGlobal' Out-of-Bounds Read/Write
/ Bug: The Genesis::InitializeGlobal method initializes the constructor of RegExp as follows: // Builtin functions for RegExp.prototype. Handle regexpfun = InstallFunction global, "RegExp", JSREGEXPTYPE, JSRegExp::kSize + JSRegExp::kInObjectFieldCount kPointerSize, JSRegExp::kInObjectFieldCount,...
Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) (1)
/ Here's a snippet of JavascriptArray::BoxStackInstance. To fix issue 1420 , "deepCopy" was introduced. But it only deep-copies the array when "instance-head" is on the stack. So simply by adding a single line of code that allocates "head" to the heap, we can bypass the fix. template T...
OpenCMS 10.5.3 - Cross-Site Request Forgery
Exploit Title: OpenCMS 10.5.3 Multiple Cross Site Request Forgery Vulnerabilities Injection Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...
Secutech RiS-11/RiS-22/RiS-33 - Remote DNS Change
Secutech RiS-11/RiS-22/RiS-33 V5.07.52esFRI01 Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable systems or devices w...
LifeSize ClearSea 3.1.4 - Directory Traversal
''' Tittle: LifeSize ClearSea 3.1.4 Directory Traversal Vulnerabilities Author: rsp3ar Impact: Remote Code Execution Post-Authentication Recommendation: Use strong password for default 'admin' user and secure management access to the device. Please consult vendor for replacement/alternative...