47904 matches found
Joomla! Component Gallery WD 1.3.6 - SQL Injection
Exploit Title: Joomla! Component Gallery WD 1.3.6 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://web-dorado.com/ Software Link: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/gallery-wd/ Software Download:...
Joomla! Component File Download Tracker 3.0 - SQL Injection
Exploit Title: Joomla! Component File Download Tracker 3.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://techsolsystem.com/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/downloads/file-download-tracker/ Version: 3.0 Category:...
Joomla! Component Aist 2.0 - 'id' SQL Injection
Exploit Title: Joomla! Component Aist = 2.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://aist.bmstu.ru/ Software Link: http://aist.bmstu.ru/ Version: = 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5993 Exploit Author: Ihsan Sencan POC: 1...
Joomla! Component Google Map Landkarten 4.2.3 - SQL Injection
Exploit Title: Joomla! Component Google Map Landkarten = 4.2.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomla-24.de/ Software Link: https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/google-map-landkarten/ Software Download:...
Joomla! Component DT Register 3.2.7 - 'id' SQL Injection
Exploit Title: Joomla! Component DT Register 3.2.7 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.dthdevelopment.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/dt-register/ Version: 3.2.7 Category: Webapps Tested on:...
Joomla! Component AllVideos Reloaded 1.2.x - 'divid' SQL Injection
Exploit Title: Joomla! Component AllVideos Reloaded 1.2.x - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://allvideos.fritz-elfert.de Software Link: http://joomlacode.org/gf/project/allvideos15/frs/?action=FrsReleaseBrowse&frspackageid=3564 Version: 1.2.x Category: Webapps Tested...
Joomla! Component Advertisement Board 3.1.0 - 'catname' SQL Injection
Exploit Title: Joomla! Component Advertisement Board 3.1.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://ordasoft.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/advertisement-board/ Version: 3.1.0 Category: Webapps Teste...
Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module < 4.25 - Denial of Service
Exploit Title: Siemens SIPROTEC 4 and SIPROTEC Compact EN100 Ethernet Module V4.25 - Denial of Service Date: 14.02.2018 Exploit Author: M. Can Kurnaz Contact: https://twitter.com/0x43414e Vendor Homepage: https://www.siemens.com Version: All devices that include the EN100 Ethernet module version...
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
Exploit Title: Joomla! Component SIGE version 3. Solution: Update to version 3.3.0 https://downloads.kubik-rubik.de/joomla-extensions/plgsigev3.3.0.zip...
Joomla! Component JTicketing 2.0.16 - SQL Injection
Exploit Title: Joomla! Component JTicketing 2.0.16 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jticketing/ Version: 2.0.16 Category: Webapps Tested on:...
Joomla! Component Realpin 1.5.04 - SQL Injection
Exploit Title: Joomla! Component Realpin = 1.5.04 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://realpin.frumania.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-display/realpin/ Software Download:...
Joomla! Component Project Log 1.5.3 - 'search' SQL Injection
Exploit Title: Joomla! Component Project Log 1.5.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://extensions.thethinkery.net/ Software Link: https://extensions.joomla.org/extensions/extension/clients-a-communities/project-a-task-management/project-log/ Version: 1.5.3 Category...
Joomla! Component JS Jobs 1.1.9 - SQL Injection
Exploit Title: Joomla! Component JS Jobs 1.1.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/js-jobs/ Software Download:...
Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
Exploit Title: Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://ordasoft.com/ Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/medialibrary-basic/ Software Download:...
Joomla! Component InviteX 3.0.5 - 'invite_type' SQL Injection
Exploit Title: Joomla! Component InviteX 3.0.5 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/content-sharing/bookmark-a-recommend/invitex/ Version: 3.0.5 Category: Webapps Tested on:...
Joomla! Component jGive 2.0.9 - SQL Injection
Exploit Title: Joomla! Component JGive 2.0.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/donations/jgive/ Version: 2.0.9 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Joomla! Component JS Autoz 1.0.9 - SQL Injection
Exploit Title: Joomla! Component JS Autoz 1.0.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/js-autoz/ Software Download: http://joomsky.com/js-autoz-download.html...
Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection
Exploit Title: Joomla! Component JquickContact 1.3.2.2.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor: http://coderspirit.blogspot.com.tr/2011/07/jquickcontact.html Software: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/contact-forms/jquickcontact/ Download:...
Joomla! Component Form Maker 3.6.12 - SQL Injection
Exploit Title: Joomla! Component Form Maker 3.6.12 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://demo.web-dorado.com/ Software Link: https://extensions.joomla.org/extensions/extension/contacts-and-feedback/forms/form-maker/ Version: 3.6.12 Category: Webapps Tested on:...
Joomla! Component Saxum Numerology 3.0.4 - SQL Injection
Exploit Title: Joomla! Component Saxum Numerology 3.0.4 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: http://www.saxum2003.hu/en/downloadsen/category/7-saxumnumerology-komponens.html Software Download:...
Joomla! Component Timetable Responsive Schedule For Joomla! 1.5 - 'alias' SQL Injection
Exploit Title: Joomla! Component Timetable Responsive Schedule For Joomla 1.5 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://quanticalabs.com/joomla/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/timetable-responsive-schedule-for-joomla/...
Joomla! Component Solidres 2.5.1 - SQL Injection
Exploit Title: Joomla! Component Solidres 2.5.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://solidres.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/solidres/ Version: 2.5.1 Category: Webapps Tested on:...
Joomla! Component Staff Master 1.0 RC 1 - SQL Injection
Exploit Title: Joomla! Component Staff Master = 1.0 RC 1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.systemsunited.net/ Software Link: http://www.systemsunited.net/ Version: = 1.0 RC 1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5992 Exploit Author:...
Joomla! Component ccNewsletter 2.x.x 'id' - SQL Injection
Exploit Title: Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.chillcreations.com/ Software Link: https://extensions.joomla.org/extension/ccnewsletter/ Version: 2.x Stable Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection
Exploit Title: Joomla! Component Smart Shoutbox 3.0.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://thekrotek.com/ Software Link: https://extensions.joomla.org/extension/smart-shoutbox/ Version: 3.0.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5975 Explo...
Joomla! Component SimpleCalendar 3.1.9 - SQL Injection
Exploit Title: Joomla! Component SimpleCalendar 3.1.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://albonico.ch/ Software Link: http://software.albonico.ch/downloads/file/3-simplecalendar-3-1-9.html Version: 3.1.9 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Joomla! Component Saxum Picker 3.2.10 - SQL Injection
Exploit Title: Joomla! Component Saxum Picker 3.2.10 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: https://extensions.joomla.org/extensions/extension/sports-a-games/games/saxumpicker/ Software Download:...
Joomla! Component NeoRecruit 4.1 - SQL Injection
Exploit Title: Joomla! Component NeoRecruit 4.1 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://neojoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/jobs-a-recruitment/neorecruit/ Version: 4.1 Category: Webapps Tested on:...
Joomla! Component Saxum Astro 4.0.14 - SQL Injection
Exploit Title: Joomla! Component Saxum Astro 4.0.14 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.saxum2003.hu/ Software Link: https://extensions.joomla.org/extensions/extension/living/astrology-a-horoscope/saxumastro/ Software Download:...
Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection
Exploit Title: Joomla! Pinterest Clone Social Pinboard 2.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.apptha.com/ Software Link: https://www.apptha.com/joomla/social-pinboard-script Version: 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-5987...
PHIMS - Hospital Management Information System - 'Password' SQL Injection
Exploit Title: PHIMS - Hospital Management Information System - 'Password' SQL Injection Dork: N/A Date: 2018-02-16 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/phims/14974225?srank=1566 Version: All version Category: Webapps...
Joomla! Component SquadManagement 1.0.3 - SQL Injection
Exploit Title: Joomla! Component SquadManagement 1.0.3 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.larshildebrandt.de/ Software Link: https://extensions.joomla.org/extensions/extension/sports-a-games/sports/squadmanagement/ Software Download:...
TV - Video Subscription - Authentication Bypass SQL Injection
Exploit Title: TV - Video Subscription - Authentication Bypass Dork: N/A Date: 2018-02-14 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/tv-video-subscription/13966427?srank=1677 Version: All version Category: Webapps CVE: N/A...
JBoss Remoting 6.14.18 - Denial of Service
Exploit Title: Exploit Denial of Service JBoss Remoting 4447/9999 Date: 14-02-2018 Exploit Author: Frank Spierings Vendor Homepage: https://www.redhat.com/en/technologies/jboss-middleware/application-platform/get-started Software Link: http://ftp.redhat.com/pub/redhat/jboss/eap/ Version: JBoss EA...
EPIC MyChart - X-Path Injection
Exploit Title: Epic Systems Corporation MyChart X-Path Injection Google Dork: MyChartĀ® licensed from Epic Systems Corporation Date: 8/19/16 Exploit Author: Shayan Sadigh http://threat.tevora.com/author/shayan/ Vendor Homepage: https://www.epic.com/software Software Link: N/A Version: N/A Tested o...
ABRT - 'raceabrt' Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ABRT raceabrt Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Fedora systems with a vulnerable version ...
PSNews Website 1.0.0 - 'Keywords' SQL Injection
Exploit Title: PSNews Website Same Backend with Mobile Apps 1.0.0 - 'Keywords' SQL Injection Dork: N/A Date: 2018-02-16 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/psnews-website/21360354?srank=9 Version: 1.0.0 Category:...
Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting
Exploit Title: Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting Date: 16-02-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis - RUNESEC Vendor Homepage: https://www.oracle.com Affected Software: Oracle Primavera P6...
Front Accounting ERP 2.4.3 - Cross-Site Request Forgery
...
Joomla! Component Fastball 2.5 - 'season' SQL Injection
Exploit Title: Joomla! Component Fastball 2.5 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.fastballproductions.com/ Software Link: http://www.fastballproductions.com/ Version: 2.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: CVE-2018-6373 Exploit Author: Ihsan...
Joomla! Component JomEstate PRO 3.7 - 'id' SQL Injection
Exploit Title: Joomla! Component JomEstate PRO = 3.7 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://comdev.eu/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jomestate-pro/ Version: = 3.7 Category: Webapps Tested on:...
Pdfium - Pattern Shading Integer Overflows
This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in cpdfrenderstatus.cpp rely on a helper function to compute the numb...
Microsoft Edge Chakra JIT - 'LdThis' Type Confusion
/ LdThis instructions' value type is assumed to be "Object". Since "this" can be other objects like an array, it has to be assumed to be "LikelyObject", otherwise, operations to "this" will not be checked properly. PoC: / function optarr arr0 = 1.1; this0 = ; arr0 = 2.3023e-320; function main let...
Microsoft Edge Chakra JIT - 'NewScObjectNoCtor' Array Type Confusion
/ This is similar to the previous issues 1457, 1459 MSRC 42551, MSRC 42552. If a JavaScript function is used as a consturctor, it sets the new object's "proto" to its "prototype". The JIT compiler uses NewScObjectNoCtor instructions to perform it, but those instructions are not checked by...
Microsoft Edge Chakra JIT - 'Array.prototype.reverse' Array Type Confusion
/ This is simillar to the previous issue 1457. But this time, we use Array.prototype.reverse. Array.prototype.reverse can be inlined and may invoke EnsureNonNativeArray to convert the prototype of "this" to a Var array. Call flow: JavascriptArray::EntryReverse - FillFromPrototypes -...
Microsoft Edge Chakra JIT - ImplicitCallFlags Checks Bypass
/ Here's a snippet of ExecuteImplicitCall which is responsible for updating the ImplicitCallFlags flag. template inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall ... Js::ImplicitCallFlags saveImplicitCallFlags = this-GetImplicitCallFlag...
Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace
Related to issue 1490 . When parsing ShadingPatterns; according to the specification they shouldn't be permitted to have a pattern colorspace as their base colorspace, but this is not validated, leading to out-of-bounds reads when rendering using the malformed shading pattern. bool...
Chrome V8 - 'Runtime_RegExpReplace' Integer Overflow
/ Here's a snippet of the method. ASSIGNRETURNFAILUREONEXCEPTION isolate, captureslengthobj, Object::ToLengthisolate, captureslengthobj; const int captureslength = PositiveNumberToUint32captureslengthobj; ... if functionalreplace const int argc = hasnamedcaptures ? captureslength + 3 :...
Microsoft Edge Chakra JIT - Memory Corruption
/ Let's consider the following example code. function opt let arr = ; return arr'x'; // Optimize the "opt" function. for let i = 0; i inline Js::Var ExecuteImplicitCallJs::RecyclableObject function, Js::ImplicitCallFlags flags, Fn implicitCall // For now, we will not allow Function that is marked...
Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly (2)
It seems this is the patch for the bug. https://github.com/Microsoft/ChakraCore/pull/4226/commits/874551dd00ff6f404e593c7e0162efb54b953f5a The following two cases will bypass the fix. 1: function opt let obj = new Number2.3023e-320; for let i = 0; i 1; i++ obj.x = 1; obj = +obj; obj.x = 1; functi...