47904 matches found
WampServer 3.1.2 - Cross-Site Request Forgery
Exploit Title: WampServer 3.1.2 CSRF to add or delete any virtual hostsremotely Date: 31-03-2018 Software Link: http://www.wampserver.com/en/ Version: 3.1.2 Tested On: Windows 10 Exploit Author: Vipin Chaudhary Contact: http://twitter.com/vipinxsec Website: http://medium.com/@vipinxsec CVE:...
WebLog Expert Enterprise 9.4 - Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: WebLog Expert Enterprise 9.4 - Privilege Escalation Date: 03-31-2018 Vulnerable Software: WebLog Expert Enterprise 9.4 Vendor Homepage: https://www.weblogexpert.com/ Version: 9.4 Software Link: https://www.weblogexpert.com/download.htm Tested On:...
DLink DIR-601 - Admin Password Disclosure
Exploit Title: DLink DIR-601 Unauthenticated Admin password disclosure Google Dork: N/A Date: 12/24/2017 Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windows 10 + Mozilla Firefox CVE : CVE-2018-570...
WampServer 3.1.1 - Cross-Site Scripting / Cross-Site Request Forgery
Exploit Title: WampServer 3.1.1 XSS via CSRF Date: 31-03-2018 Software Link: http://www.wampserver.com/en/ Version: 3.1.1 Tested On: Windows 10 Exploit Author: Vipin Chaudhary Contact: http://twitter.com/vipinxsec Website: http://medium.com/@vipinxsec CVE: CVE-2018-8732 1. Description XSS: cross...
VideoFlow Digital Video Protection (DVP) 2.10 - Hard-Coded Credentials
VideoFlow Digital Video Protection DVP 10 Authenticated Root Remote Code Execution Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is configured as Protector, Sentinel or Fortress Version = The...
VideoFlow Digital Video Protection (DVP) 2.10 - Directory Traversal
VideoFlow Digital Video Protection DVP 10 Authenticated Directory Traversal Vendor: VideoFlow Ltd. Product web page: http://www.video-flow.com Affected version: 2.10 X-Prototype-Version: 1.6.0.2 System = Indicate if the DVP is configured as Protector, Sentinel or Fortress Version = The Operating...
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
Exploit Title: Cross Site Request Forgery- Frog CMS Date: 31-03-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Version: 0.9.5 CVE : CVE-2018-8908 Category: Webapp CMS 1...
OpenCMS 10.5.3 - Cross-Site Scripting
Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...
Sync Breeze Enterprise 10.4.18 - Denial of-Service (PoC)
!/usr/bin/python import socket import sys from struct import pack try: server = sys.argv1 port = 9121 size = 1000 inputBuffer = b"\x41" size header = b"\x75\x19\xba\xab" header += b"\x03\x00\x00\x00" header += b"\x00\x40\x00\x00" header += pack'I', leninputBuffer header += pack'I', leninputBuffer...
Open-AuditIT Professional 2.1 - Cross-Site Request Forgery
Exploit Title: Open-AuditIT Professional 2.1 - Cross-Site Request Forgery CSRF Date: 27-03-2018 Exploit Author: Nilesh Sapariya Contact: https://twitter.com/nileshloganx Website: https://nileshsapariya.blogspot.com Vendor Homepage: https://www.open-audit.org/ Software Link :...
Faleemi Windows Desktop Software - (DDNS/IP) Local Buffer Overflow
''' Faleemi Desktop Software for Windows- DDNS/IP Local Buffer Overflow Vuln Description: Faleemi Desktop Software for Windows and its Beta version Faleemi Plus Desktop Software for WindowsBeta are vulnerable to Buffer Overflow exploit. When overly input is given to DDNS/IP parameter, it overflow...
D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router - Authentication Bypass
Exploit Title: D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Route Authentication Bypass CVE: CVE-2018-9032 Date: 24-03-2018 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: D-Link DIR-850L Wireless AC1200 Dual Band Gigabit Cloud Router...
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extensions/extension/communication/phone-a-sms/acysms/ Affected Version: 3.5...
Allok AVI DivX MPEG to DVD Converter 2.6.1217 - Buffer Overflow (SEH)
!/usr/bin/env python Exploit Title : Allok AVI DivX MPEG to DVD Converter - Buffer Overflow SEH Date : 3/27/18 Exploit Author : wetw0rk Vulnerable Software : Allok AVI DivX MPEG to DVD Converter Vendor Homepage : http://alloksoft.com/ Version : 2.6.1217 Software Link :...
Allok WMV to AVI MPEG DVD WMV Converter 4.6.1217 - Buffer Overflow
SWAMI KARUPASAMI THUNAI Exploit Title: Allok soft WMV to AVI MPEG DVD WMV Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Talented Pentesters Hut Vulnerable Software: Allok WMV to...
Homematic CCU2 2.29.23 - Arbitrary File Write
!/usr/bin/ruby Exploit Title: Homematic CCU2 Arbitrary File Write Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 CVE : 2018-7300 Description:...
Tenda W3002R/A302/w309r Wireless Router v5.07.64_en - Remote DNS Change (PoC)
Tenda W3002R/A302/w309r Wireless Router V5.07.64en Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with...
osCommerce 2.3.4.1 - Remote Code Execution
Exploit Title: osCommerce 2.3.4.1 Remote Code Execution Date: 29.0.3.2018 Exploit Author: Simon Scannell - https://scannell-infosec.net Version: 2.3.4.1, 2.3.4 - Other versions have not been tested but are likely to be vulnerable Tested on: Linux, Windows If an Admin has not removed the /install/...
SysGauge 4.5.18 - Local Denial of Service
!/usr/bin/python Exploit Title : SysGauge v4.5.18 - Local Denial of Service Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage : http://www.sysgauge.com/ Vulnerable Software : http://www.sysgauge.com/setups/sysgaugesetupv4.5.18.exe Note :...
Tenda W316R Wireless Router 5.07.50 - Remote DNS Change
Tenda W316R Wireless Router V5.07.50 Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable syste...
Systematic SitAware - NVG Denial of Service
Exploit Title: SitAware NVG Denial of Service Date: 03/31/2018 Exploit Author: 2u53 Vendor Homepage: https://systematic.com/defence/products/c2/sitaware/ Version: 6.4 SP2 Tested on: Windows Server 2012 R2 CVE: CVE-2018-9115 Remarks: PoC needs bottlypy: https://bottlepy.org/docs/dev/...
Tenda FH303/A300 Firmware v5.07.68_EN - Remote DNS Change
Tenda FH303/A300 Firmware V5.07.68EN Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable syste...
Joomla! Component Acymailing Starter 5.9.5 - CSV Macro Injection
Exploit Title: Joomla! Component Acymailing Starter 5.9.5 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link: https://extensions.joomla.org/extension/acymailing-starter/ Affected Version: 5.9.5 Category:...
Tenda W308R v2 Wireless Router 5.07.48 - (Cookie Session) Remote DNS Change
Tenda W308R v2 Wireless Router V5.07.48 Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Users with vulnerable...
WordPress Plugin WP Security Audit Log 3.1.1 - Sensitive Information Disclosure
Exploit Title: WP Security Audit Log Plugin, Sensitive Information Disclosure CheckDirectory $useruploadpath wpmkdirp $useruploadpath ;...
Homematic CCU2 2.29.23 - Remote Command Execution
!/usr/bin/ruby Exploit Title: Homematic CCU2 Remote Command Execution Date: 28-03-18 Exploit Author: Patrick Muench, Gregor Kopf Vendor Homepage: http://www.eq-3.de Software Link: http://www.eq-3.de/service/downloads.html?id=268 Version: 2.29.23 CVE : 2018-7297 Description:...
WordPress Plugin Contact Form 7 to Database Extension 2.10.32 - CSV Injection
Exploit Title : Contact Form 7 to Database Extension Wordpress Plugin CSV Injection Date: 23-03-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: None Software Link: https://wordpress.org/plugins/contact-form-7-to-database-extension Version: 2.10.32...
Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow
SWAMI KARUPASAMI THUNAI Exploit Title: Alloksoft Video joiner 4.6.1217 - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Vulnerable Software: Allok Video joiner Vendor Homepage:...
WordPress Plugin Relevanssi 4.0.4 - Reflected Cross-Site Scripting
Exploit Title : Relevanssi Wordpress Search Plugin Reflected Cross Site Scripting XSS Date: 23-03-2018 Exploit Author : Stefan Broeder Contact : https://twitter.com/stefanbroeder Vendor Homepage: https://www.relevanssi.com Software Link: https://wordpress.org/plugins/relevanssi Version: 4.0.4 CVE...
MiniCMS 1.10 - Cross-Site Request Forgery
test document.forms0.submit;...
Vtiger CRM 6.3.0 - (Authenticated) Arbitrary File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Vtiger CRM 6.3.0 - Authenticated Arbitrary File Upload', 'Description' = %q Vtiger 6.3.0 CRM's administration interface allows for the upload of ...
Advantech WebAccess < 8.1 - webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow
!/usr/bin/python2.7 Exploit Title: Advantech WebAccess 8.1 webvrpcs DrawSrv.dll Path BwBuildPath Stack-Based Buffer Overflow RCE Date: 03-29-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
Cisco Smart Install - Crash (PoC)
smiibcinitdiscoveryBoF.py import socket import struct from optparse import OptionParser Parse the target options parser = OptionParser parser.addoption"-t", "--target", dest="target", help="Smart Install Client", default="192.168.1.1" parser.addoption"-p", "--port", dest="port", type="int",...
GitStack - Unsanitized Argument Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unsanitized Argument RCE', 'Description' = %q This module exploits a remote code execution vulnerability that exists in GitStack through...
Joomla! Component Fields - SQLi Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Joomla Component Fields SQLi Remote Code Execution', 'Description' = %q This module exploits a SQL injection vulnerability in the comfields...
Exodus Wallet (ElectronJS Framework) - Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Exodus Wallet ElectronJS Framework remote Code Execution', 'Description' = %q This module exploits a Remote...
Open-AuditIT Professional 2.1 - Cross-Site Scripting
Exploit Title: Open-AuditIT Professional 2.1 - Stored Cross site scripting XSS Date: 27-03-2018 Exploit Author: Nilesh Sapariya Contact: https://twitter.com/nileshloganx Website: https://nileshsapariya.blogspot.com Vendor Homepage: https://www.open-audit.org/ Version: 2.1 CVE : CVE-2018-8903...
Tenda N11 Wireless Router 5.07.43_en_NEX01 - Remote DNS Change
!/bin/bash Tenda N11 Wireless Router V5.07.43enNEX01 Cookie Session Weakness Remote DNS Change PoC Exploit Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usually set up by cybercriminals. Use...
TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
''' --------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Directory Traversal Date: 2018-03-27 Exploit Author: Sven Fassbender Contact:...
Microsoft Windows Remote Assistance - XML External Entity Injection
Exploit Title: Microsoft Windows Remote Assistance XXE Date: 27/03/2018 Exploit Author: Nabeel Ahmed Tested on: Windows 7 x64, Windows 10 x64 CVE : CVE-2018-0878 Category: Remote Exploits Invitation.msrcincident ------------------------ /xxe.xml" %remote;%root;%oob; xxe.xml ----------------------...
TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
--------------------------------------------------------------------- 1. About --------------------------------------------------------------------- Exploit Title: TwonkyMedia Server 7.0.11-8.5 Persistent XSS Date: 2018-03-27 Exploit Author: Sven Fassbender Contact: https://twitter.com/mezdanak...
TeamCity < 9.0.2 - Disabled Registration Bypass
var login = 'testuser'; //логин пользователя var password = 'SuperMEgaPa$$'; //пароль var email = '[email protected]'; // email / Code / var b = BS.LoginForm; var publickey = $F"publicKey"; var encryptedpass = BS.Encrypt.encryptDatapassword, $F"publicKey"; var parameters =...
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution (PoC)
TestLink Open Source Test Management 1.9.16 - Remote Code Execution PoC. CVE-2018-7466. Remote exploit for Linux platform Title: TestLink Open Source Test Management= 1.9.16 Remote Code Execution By Manish error1046 Vendor Home Page: http://testlink.org Disovered At: Indishell Lab CVE ID:...
DLINK DCS-5020L - Remote Code Execution (PoC)
“The DCS-5020L Wireless N Day & Night Pan/Tilt Cloud Camera is a day/night network camera that easily connects to your existing home network for remote viewing on a range of mobile devices. It features pan, tilt and digital zoom function to allow you to see a wider area with a single camera,...
ClipBucket - 'beats_uploader' Arbitrary File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ClipBucket beatsuploader Unauthenticated Arbitrary File Upload", 'Description' = %q This module exploits a vulnerability found in ClipBucket...
LabF nfsAxe 3.7 - Privilege Escalation
Exploit Author: bzyo Twitter: @bzyo Exploit Title: LabF nfsAxe 3.7 - Privilege Escalation Date: 03-24-2018 Vulnerable Software: LabF nfsAxe 3.7 Vendor Homepage: http://www.labf.com/ Version: 3.7 Software Link: http://www.labf.com/download/nfsaxe.exe Tested On: Windows 7 x86 and x64 Requires Windo...
Laravel Log Viewer < 0.13.0 - Local File Download
Exploit Title: Laravel log viewer by rap2hpoutre local file download LFD Date: 23/02/2018 Exploit Author: Haboob Team Software Link: https://github.com/rap2hpoutre/laravel-log-viewer/tree/v0.11.1 Version: v0.12.0 and below CVE : CVE-2018-8947 1. Description Unauthorized user can access Laravel lo...
Fast AVI MPEG Splitter 1.2 - Stack-Based Buffer Overflow
SWAMI KARUPASAMI THUNAI Exploit Title: Stack Based Buffer Overflow in Allok Fast AVI MPEG Splitter 1.2 Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Vulnerable Software: Allok Fast AVI MPEG Splitter 1.2 Vendor Homepage:...
Acrolinx Server < 5.2.5 - Directory Traversal
Exploit Title: Acrolinx Dashboard Directory Traversal CVE: CVE 2018-7719 Date: 19.02.2017 Exploit Author: Berk Dusunur Vendor Homepage: www.acrolinx.com Version:Before 5.2.5 PoC Acrolinx dashboard windows works on the server...
Microsoft Windows Manager (7 x86) - Menu Management Component UAF Privilege Elevation
include include include include pragma commentlib, "psapi.lib" define POCDEBUG 0 if POCDEBUG == 1 define POCDEBUGBREAK getchar elif POCDEBUG == 2 define POCDEBUGBREAK DebugBreak else define POCDEBUGBREAK endif static PVOIDfastcall pfnHMValidateHandleHANDLE, BYTE = NULL; static constexpr UINT...