47904 matches found
Wonder CMS 2.3.1 - Unrestricted File Upload
Affected Code: public static function uploadFile + - if ! wCMS::$loggedIn && ! isset$FILES'uploadFile' && ! isset$REQUEST'token' return; + private static function uploadFileAction - if isset$REQUEST'token' && $REQUEST'token' == wCMS::generateToken && isset$FILES'uploadFile' Proof of Concept Steps...
Matrimonial Website Script 2.1.6 - 'uid' SQL Injection
Exploit Title: Matrimonial Website Script 2.1.6 - 'uid' SQL Injection Dork: N/A Date: 2018-02-03 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://www.phpscriptsmall.com/product/matrimonial-website-script/ Version: 2.1.6 Category: Webapps CVE: N/A...
Netis WF2419 Router - Cross-Site Scripting
Exploit Title: Netis-WF2419 HTML Injection Date: 20/01/2018 Exploit Author: Sajibe Kanti Author Contact :https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419 , V3.2.41381 Tested on: Windows 10 CEV : CVE-2018-6190 HTML Injection in Netis-WF2419...
Student Profile Management System Script 2.0.6 - Authentication Bypass
Exploit title: Student Profile Management System Script 2.0.6 - Admin Panel Authentication Bypass Dork: "Powered by: i-Net Solution" Date: 2018-02-06 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage:...
Joomla! Component Zh GoogleMap 8.4.0.0 - SQL Injection
input name="id" value="-11 UNION ALL SELECT...
BOCHS 2.6-5 - Local Buffer Overflow
Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer module An attacker could exploit this vulnerability to execute arbitrary code in the context of the application. Failed exploit attempts will result in a denial-of-service condition. Program...
Microsoft Windows - 'EternalRomance'/'EternalSynergy'/'EternalChampion' SMB Remote Code Execution (Metasploit) (MS17-010)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Windows XP systems that are not part of a domain default to treating all network logons as if they were Guest. This prevents SMB relay attacks from gaining administrativ...
Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection
input name="id" value="-11 UNION ALL SELECT...
Claymore Dual GPU Miner 10.5 - Format String
Claymore’s Dual GPU Miner 10.5 and below is vulnerable to a format strings vulnerability. This allows an unauthenticated attacker to read memory addresses, or immediately terminate the mining process causing a denial of service. After reading about the recent vulnerabilities with previous version...
MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation
/ Title : MalwareFox AntiMalware 2.74.0.150 - Local Privilege Escalation Date : 02/02/2018 Author : Souhail Hammou Vendor Homepage : https://www.malwarefox.com/ Version : 2.74.0.150 Tested on : Windows 7 32-bit / Windows 10 64-bit CVE : CVE-2018-6593 / include include include include pragma...
Joomla! Component Zh YandexMap 6.2.1.0 - 'id' SQL Injection
input name="id" value="-11 UNION ALL SELECT...
Apport/ABRT - 'chroot' Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Apport / ABRT chroot Privilege Escalation', 'Description' = %q This module attempts to gain root privileges on Linux systems by invoking the...
WordPress Core - 'load-scripts.php' Denial of Service
EDB Note: python doser.py -g...
Wonder CMS 2.3.1 - 'Host' Header Injection
Exploit Title: Wonder CMS 2.3.1 Host Header Injection Date: 30-01-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://www.wondercms.com/ Version: 2.3.1 CVE : CVE-2017-14523 Category: Webapp CMS 1...
Online Voting System - Authentication Bypass
Exploit Title: Online Voting System - Authentication Bypass Date: 02.02.2018 Vendor Homepage: http://themashabrand.com Software Link: http://themashabrand.com/p/votin Demo: http://localhost/Onlinevoting Version: 1.0 Category: Webapps Exploit Author: Giulio Comi CVE : CVE-2018-6180 Description A...
Linux/x64 - Twofish Encoded + DNS (CNAME) Password + execve(/bin/sh) Shellcode
Linux/x64 - Twofish Encoded + DNS CNAME Password + execve/bin/sh Shellcode. Shellcode exploit for Linuxx86-64 platform /----- Crypter.c ----- / / Optimized Twofish C implementation by Drew Csillag: https://www.schneier.com/code/twofish-cpy.zip Partially re-written by Andre Lima...
Advance Loan Management System - 'id' SQL Injection
Exploit Title: Advance Loan Management System - 'id' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/advance-loan-management-system-with-savings-system-and-sms-notification/21283070 Version: 1.0 Tested on:...
Microsoft Windows Subsystem for Linux - 'execve()' Local Privilege Escalation
define GNUSOURCE include include include include include include include include include include include include include include include define RINGSIZE 0x2000000 define PIPESIZE 0xb8 define PTRSIZE 0x8 define STRHDRSIZE 0x18 define LEAKOFFSET 0x68 define SHELLCODEOFFSET 0x200 define...
Joomla! Component JMS Music 1.1.1 - SQL Injection
Exploit Title: Joomla! Component JMS Music 1.1.1 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: https://www.joommasters.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/jms-music/ Version: 1.1.1 Category: Webapps Tested on:...
FiberHome AN5506 - Remote DNS Change
FIBERHOME AN5506 Unauthenticated Remote DNS Change Vulnerability Software Version RP2617 Device Model AN5506-04-F Vendor Homepage: www.fiberhome.com/ Date: 01/02/2018 Exploit Author: r0ots3c http://wandoelmo.com.br https://www.facebook.com/wsec.info Description: Vulnerability exists in web...
Oracle Hospitality Simphony (MICROS) 2.7 < 2.9 - Directory Traversal
Exploit Title: Oracle Hospitality Simphony MICROS directory traversal Date: 30.01.2018 Exploit Author: Dmitry Chastuhin https://twitter.com/chipik Vendor Homepage: http://www.oracle.com/ Version: 2.7, 2.8 and 2.9 Tested on: Win, nix CVE : CVE-2018-2636 !/usr/bin/env python...
Joomla! Component Jimtawl 2.1.6 - Arbitrary File Upload
Exploit Title: Joomla! Component Jimtawl 2.2.5 - Arbitrary File Upload Dork: N/A Date: 01.02.2018 Vendor Homepage: http://janguo.de/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/streaming-a-broadcasting/jimtawl/ Software Download:...
Real Estate Custom Script - 'route' SQL Injection
Exploit Title: Real Estate Custom Script - 'route' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13.3 Email:...
Joomla! Component JEXTN Classified 1.0.0 - 'sid' SQL Injection
Exploit Title: Joomla! Component JEXTN Classified 1.0.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/ads-a-affiliates/classified-ads/jextn-classified/ Version: 1.0.0 Category: Webapps Tested on:...
IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting
Exploit Title: IPSwitch MoveIt Stored Cross Site Scripting XSS Date: 1-31-2017 Software Link: https://www.ipswitch.com/moveit Affected Version: 8.1-9.4 only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable Exploit Author: 1N3@CrowdShield - https://crowdshield.com Early...
Fancy Clone Script - 'search_browse_product' SQL Injection
Exploit Title: Fancy Clone Script - 'searchbrowseproduct' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://pofitec.com/ Software Link: https://pofitec.com/fancy-clone-script.php Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.13.3 Email: [email protected] Contac...
Joomla! Component JEXTN Membership 3.1.0 - 'usr_plan' SQL Injection
...
Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection
Exploit Title: Joomla! Component JEXTN Reverse Auction 3.1.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/jextn-reverse-auction/ Version: 3.1.0 Category: Webapps Tested on:...
Event Manager 1.0 - SQL Injection
Exploit Title: Event Manager PHP Script 1.0 - SQL Injection Dork: N/A Date: 01.02.2018 Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/eventmanager-php-script-admin-panel/21280741 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author:...
Joomla! Component JE PayperVideo 3.0.0 - 'usr_plan' SQL Injection
...
Geovision Inc. IP Camera/Video/Access Control - Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access
STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis November 2017 PoC: https://github.com/mcw0/PoC Python...
Geovision Inc. IP Camera & Video - Remote Command Execution
!/usr/bin/env python2.7 SOF Geovision Inc. IP Camera & Video Server Remote Command Execution PoC Researcher: bashis November 2017 1. Pop stunnel TLSv1 reverse root shell Local listener: 'ncat -vlp --ssl'; Verified w/ v7.60 2. Dump all settings of remote IPC with Login/Passwd in cleartext Using: -...
BMC Server Automation RSCD Agent - NSH Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'BMC Server Automation RSCD Agent NSH Remote ' \ 'Command Execution', 'Description' = %q This module exploits a weak access control check in the B...
WebKit - 'detachWrapper' Use-After-Free
::detachWrapper /Users/projectzero/webkit/WebKit/WebKitBuild/Release/WebCore.framework/Versions/A/WebCore:x8664+0xfe2b9f...
Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)
Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 29/01/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.4.18.exe Version: 10.4.18 Tested on:...
WebKit - 'WebCore::FrameView::clientToLayoutViewportPoint' Use-After-Free
function jsfuzzer var b = document.createElement"body"; a.appendb; ta.autofocus = true; var iframe = document.createElement"iframe"; b.appendChildiframe; li.appendChilddd; iframe.contentDocument.caretRangeFromPoint; function eventhandler ta.insertAdjacentElement"beforeBegin",a; ::operator...
LabF nfsAxe 3.7 TFTP Client - Local Buffer Overflow
!/usr/bin/python Exploit Author: Miguel Mendez Z Exploit Title: LabF nfsAxe v3.7 - TFTP "Input Directory" Local Buffer Overflow Date: 29-01-2018 Software: LabF nfsAxe Version: v3.7 Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/nfsaxe.exe Tested on: Windows 7 x86...
Hotspot Shield - Information Disclosure
Vulnerability Summary The following advisory describes a information disclosure found in Hotspot Shield. Hotspot Shield “provides secure and private access to a free and open internet. Enabling access to social networks, sports, audio and video streaming, news, dating, gaming wherever you are.”...
Joomla! Component Picture Calendar for Joomla! 3.1.4 - Directory Traversal
Exploit Title: Joomla! Component Picture Calendar for Joomla 3.1.4 - Directory Traversal Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/picture-calendar-for-joomla/ Version:...
HPE iMC 7.3 - RMI Java Deserialization
Exploit Title: HPE iMC 7.3 Java RMI Registry Deserialization RCE Vulnerability Date: 01-28-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.hpe.com Software Link:...
Advantech WebAccess < 8.3 - SQL Injection
!/usr/bin/python2.7 Exploit Title: Advantech WebAccess BWSCADARest Login Method SQL Injection Authentication Bypass Vulnerability Date: 01-13-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
Joomla! Component Visual Calendar 3.1.3 - 'id' SQL Injection
Exploit Title: Joomla! Component Visual Calendar 3.1.3 - SQL Injection Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/visual-calendar/ Version: 3.1.3 Category: Webapps Tested o...
System Shield 5.0.0.136 - Privilege Escalation
/ Exploit Title - System Shield AntiVirus & AntiSpyware Arbitrary Write Privilege Escalation Date - 29th January 2018 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://www.iolo.com/ Tested Version - 5.0.0.136 Driver Version - 5.4.11.1 - amp.sys Tested on OS - 64bit Windows 7 and...
Joomla! Component CP Event Calendar 3.0.1 - 'id' SQL Injection
Exploit Title: Joomla! Component CP Event Calendar 3.0.1 - SQL Injection Dork: N/A Date: 30.01.2018 Vendor Homepage: http://www.joomlacalendars.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/cp-event-calendar/ Version: 3.0.1 Category: Webapps Test...
BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure
Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version: BMC RSCD agent 8.3.00.64 CVE: CVE-2016-5063 Vendor...
Oracle WebLogic - wls-wsat Component Deserialization Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Oracle WebLogic wls-wsat Component Deserialization RCE', 'Description' = %q The Oracle WebLogic WLS WSAT Component is vulnerable to a XML...
Arq 5.10 - Local Privilege Escalation (1)
!/usr/bin/env ruby Arq USE AT YOUR OWN RISK - THIS WILL OVERWRITE THE ROOT USER'S CRONTAB! $binarytarget = "/tmp/arq510exp" class Arq510PrivEsc def i...
iBall WRA150N - Multiple Vulnerabilities
Vulnerabilities summary The following advisory describes two 2 vulnerabilities found in iB-WRA150N devices, firmware 1.2.6 build 110401 Rel.47776n. iB-WRA150N is “a powerful solution to Internet connectivity at home, small offices and work stations. The key is if you are using an ADSL2+ connectio...
Arq 5.10 - Local Privilege Escalation (2)
!/bin/bash Arq payload.sh EOF !/bin/bash rm -rf $HOME/.arq510privescexp while : do pid=\ps auxwww |grep '$app/Contents/MacOS/Arq' |grep -v grep |xargs \ |cut -d ' ' -f2\ if "$pid" != "" ; then ki...
macOS - 'sysctl_vfs_generic_conf' Stack Leak Through Struct Padding
/ The sysctls vfs.generic.conf. are handled by sysctlvfsgenericconf, which is implemented as follows: static int sysctlvfsgenericconf SYSCTLHANDLERARGS int name, namelen; struct vfstable vfsp; struct vfsconf vfsc; voidoidp; name = arg1; namelen = arg2; check for namelen==1 mountlistlock; for vfsp...