47904 matches found
Readymade Video Sharing Script 3.2 - HTML Injection
Exploit Title: Readymade Video Sharing Script 3.2 - HTML Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Demo: http://www.smsemailmarketing.in/demo/videosharing/ Version: 3.2...
Bus Booking Script 1.0 - 'txtname' SQL Injection
...
FS Lynda Clone 1.0 - SQL Injection
...
pfSense 2.4.1 - Cross-Site Request Forgery Error Page Clickjacking (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Clickjacking Vulnerability In CSRF Error Page pfSense', 'Description' = %q This module exploits a Clickjacking vulnerability in pfSense 'Yorick...
Dup Scout Enterprise - 'Login' Buffer Overflow (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Dup Scout Enterprise Login Buffer Overflow', 'Description' = %q This module exploits a stack buffer overflow in Dup Scout Enterprise 10.0.18. The...
Multiple OEM - 'nsd' Remote Stack Format String (PoC)
STX Subject: Remote Stack Format String in 'nsd' binary from multiple OEM Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis December 2017 PoC: https://github.com/mcw0/PoC Release date: December 14, 2017 Full Disclosure: 0-Day - PoC - 1 $ curl...
Linksys WVBR0 - 'User-Agent' Remote Command Injection
!/usr/bin/python -- coding: utf-8 -- Author: Nixawk CVE-2017-17411 Linksys WVBR0 25 Command Injection """ $ python2.7 exploit-CVE-2017-17411.py Usage: python exploit-CVE-2017-17411.py $ python2.7 exploit-CVE-2017-17411.py http://example.com/ + Target is exploitable by CVE-2017-17411 """ import...
vBulletin 5.x - 'cacheTemplates' Remote Arbitrary File Deletion
SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: https://blogs.securiteam.com/index.php/archives/3573 Vulnerability Summary The following advisory describes a unauthenticated deserialization vulnerability that leads to arbitrary delete files and, unde...
vBulletin 5.x - 'routestring' Remote Code Execution
SSD Advisory – vBulletin routestring Unauthenticated Remote Code Execution Source: https://blogs.securiteam.com/index.php/archives/3569 Vulnerability Summary The following advisory describes a unauthenticated file inclusion vulnerability that leads to remote code execution found in vBulletin...
Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection
Exploit Title: Joomla! Component JEXTN Question And Answer 3.1.0 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/communication/question-a-answers/jextn-question-and-answer/ Version: 3.1.0 Category:...
Joomla! Component JEXTN Video Gallery 3.0.5 - 'id' SQL Injection
Exploit Title: Joomla! Component JEXTN Video Gallery 3.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link: https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/jextn-video-gallery/ Version: 3.0.5 Category: Webapps Tested on:...
GNU C Library Dynamic Loader glibc ld.so - Memory Leak / Buffer Overflow
Qualys Security Advisory Buffer overflow in glibc's ld.so ======================================================================== Contents ======================================================================== Summary Memory Leak Buffer Overflow Exploitation Acknowledgments...
Meinberg LANTIME Web Configuration Utility 6.16.008 - Arbitrary File Read
Title: Meinberg LANTIME Web Configuration Utility - Arbitrary File Read Author: Jakub Palaczynski CVE: CVE-2017-16787 Exploit tested on: ================== Meinberg LANTIME Web Configuration Utility 6.16.008 Vulnerability affects: ====================== All LTOS6 firmware releases before 6.24.004...
Apple macOS/iOS - Multiple Kernel Use-After-Frees due to Incorrect IOKit Object Lifetime Management in IOTimeSyncClockManagerUserClient
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1377 IOTimeSyncClockManagerUserClient provides the userspace interface for the IOTimeSyncClockManager IOService. IOTimeSyncClockManagerUserClient overrides the IOUserClient::clientClose method but it treats it like a destructor...
Apple XNU Kernel - Memory Corruption due to Integer Overflow in __offsetof Usage in posix_spawn on 32-bit Platforms
posixspawn is a complex syscall which takes a lot of arguments from userspace. The third argument is a pointer to a further arguments descriptor in userspace with the following structure on 32-bit: struct user32posixspawnargsdesc uint32t attrsize; / size of attributes block / uint32t attrp; /...
Apple macOS/iOS - Kernel Double Free due to Incorrect API Usage in Flow Divert Socket Option Handling
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1373 SOFLOWDIVERTTOKEN is a socket option on the SOLSOCKET layer. It's implemented by flowdiverttokensetstruct socket so, struct sockopt sopt in flowdivert.c. The relevant code is: error = sooptgetmsopt, &token; if error goto don...
Apple macOS - Kernel Code Execution due to Lack of Bounds Checking in AppleIntelCapriController::GetLinkConfig
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1375 AppleIntelCapriController::GetLinkConfig trusts a user-supplied value in the structure input which it uses to index a small table of pointers without bounds checking. The OOB-read pointer is passed to...
Accesspress Anonymous Post Pro < 3.2.0 - Arbitrary File Upload
Exploit Title: Unauthenticated Arbitrary File Upload Date: November 12, 2017 Exploit Author: Colette Chamberland Author contact: [email protected] Author homepage: https://defiant.com Vendor Homepage: https://accesspressthemes.com/ Software Link:...
Joomla! Component JBuildozer 1.4.1 - 'appid' SQL Injection
Exploit Title: Joomla! Component JBuildozer 1.4.1 - SQL Injection Dork: N/A Date: 12.12.2017 Vendor Homepage: http://jbuildozer.com/ Software Link: https://extensions.joomla.org/extensions/extension/authoring-a-content/content-construction/jbuildozer/ Version: 1.4.1 Category: Webapps Tested on:...
Vivotek IP Cameras - Remote Stack Overflow (PoC)
STX Subject: Vivotek IP Cameras - Remote Stack Overflow Researcher: bashis September-October 2017 PoC: https://github.com/mcw0/PoC Release date: November 13, 2017 Full Disclosure: 43 days Attack Vector: Remote Authentication: Anonymous no credentials needed Firmware Vulnerable: Only 2017 versions...
MLM Forced Matrix 2.0.9 - 'newid' SQL Injection
Exploit Title: MLM Forced Matrix 2.0.9 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/mlm-forced-matrix/ Version: 2.0.9 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihs...
Muslim Matrimonial Script 3.02 - 'succid' SQL Injection
Exploit Title: Muslim Matrimonial Script 3.02 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/matrimonial-script/ Version: 3.02 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Multiplex Movie Theater Booking Script 3.1.5 - 'moid' / 'eid' SQL Injection
Exploit Title: Multiplex Movie Theater Booking Script 3.1.5 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/multiplex-theater-booking-script/ Version: 3.1.5 Category: Webapps Tested on:...
Car Rental Script 2.0.4 - 'val' SQL Injection
Exploit Title: Car Rental Script 2.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/car-rental-script/ Version: 2.0.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihs...
Entrepreneur Bus Booking Script 3.0.4 - 'sourcebus' SQL Injection
Exploit Title: Entrepreneur Bus Booking Script 3.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/entrepreneur-bus-booking-script/ Version: 3.0.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
MLM Forex Market Plan Script 2.0.4 - 'newid' / 'eventid' SQL Injection
Exploit Title: MLM Forex Market Plan Script 2.0.4 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/mlm-forex-market-plan-script/ Version: 2.0.4 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...
Groupon Clone Script 3.01 - 'state_id' / 'search' SQL Injection
Exploit Title: Groupon Clone Script 3.01 - 'stateid' 's' SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/groupon-clone-script/ Version: 3.01 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Multireligion Responsive Matrimonial 4.7.2 - 'succid' SQL Injection
Exploit Title: Multireligion Responsive Matrimonial 4.7.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/multireligion-responsive-matrimonial/ Version: 4.7.2 Category: Webapps Tested on:...
Responsive Events & Movie Ticket Booking Script 3.2.1 - 'findcity.php?q' SQL Injection
Exploit Title: Responsive Events & Movie Ticket Booking Script 3.2.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/responsive-events-movie-ticket-booking-script/ Version: 3.2.1 Category: Webapps...
Professional Service Script 1.0 - 'service-list?city' SQL Injection
Exploit Title: Professional Service Script 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/professional-service-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Readymade Video Sharing Script 3.2 - SQL Injection
Exploit Title: Readymade Video Sharing Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ Version: 3.2 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Advanced Real Estate Script 4.0.7 - SQL Injection
Exploit Title: Advanced Real Estate Script 4.0.7 - SQL Injection Dork: N/A Date: 10.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advanced-real-estate-script/ Version: 4.0.7 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Single Theater Booking Script 3.2.1 - 'findcity.php?q' SQL Injection
Exploit Title: Single Theater Booking Script 3.2.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/single-theater-booking-script/ Version: 3.2.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Responsive Realestate Script 3.2 - 'property-list?tbud' SQL Injection
Exploit Title: Responsive Realestate Script 3.2 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/responsive-realestate-script/ Version: 3.2 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Readymade PHP Classified Script 3.3 - 'subctid' / 'mctid' SQL Injection
Exploit Title: Readymade PHP Classified Script 3.3 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/advance-olx-clone/ Version: 3.3 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
PHP Multivendor Ecommerce 1.0 - 'sid' / 'searchcat' / 'chid1' SQL Injection
Exploit Title: PHP Multivendor Ecommerce 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-multivendor-ecommerce/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Lawyer Search Script 1.1 - 'lawyer-list?city' SQL Injection
Exploit Title: Lawyer Search Script 1.1 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/lawyer-script/ Version: 1.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan...
Laundry Booking Script 1.0 - 'list?city' SQL Injection
Exploit Title: Laundry Booking Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/laundry-booking-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Autho...
Kickstarter Clone Acript 2.0 - 'projid' SQL Injection
Exploit Title: Kickstarter Clone Acript 2.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/kickstarter-clone-script/ Version: 2.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Multivendor Penny Auction Clone Script 1.0 - SQL Injection
Exploit Title: Multivendor Penny Auction Clone Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/penny-auction-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Opensource Classified Ads Script 3.2 - SQL Injection
...
Apple macOS XNU Kernel - Memory Disclosure due to bug in Kernel API for Detecting Kernel Memory Disclosures
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1372 the kernel libproc API proclistuptrs has the following comment in it's userspace header: / Enumerate potential userspace pointers embedded in kernel data structures. Currently inspects kqueues only. NOTE: returned "pointers"...
LibTIFF pal2rgb 4.0.9 - Heap Buffer Overflow
Source: http://bugzilla.maptools.org/showbug.cgi?id=2750 The vulnerability is triggered by ./tools/pal2rgb $FILE /dev/null The asan debug information is below: TIFFFetchNormalTag: Warning, IO error during reading of "XResolution"; tag ignored. TIFFFetchNormalTag: Warning, IO error during reading ...
Online Exam Test Application Script 1.6 - 'exams.php?sort' SQL Injection
Exploit Title: Online Exam Test Application Script 1.6 - 'Exams.php 'sort' SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/online-exam-test-application/ Version: 1.6 Category: Webapps Tested on:...
Facebook Clone Script 1.0 - 'id' / 'send' SQL Injection
Exploit Title: Facebook Clone Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/facebook-clone/ Demo: http://smsemailmarketing.in/demo/fbclone/ Version: 1.0 Category: Webapps Tested on:...
Yoga Class Script 1.0 - 'list?city' SQL Injection
Exploit Title: Yoga Class Script 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/yoga-class-script/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsan...
Hot Scripts Clone 3.1 - 'subctid' / 'mctid' SQL Injection
Exploit Title: Hot Scripts Clone 3.1 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/ Version: 3.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...
Foodspotting Clone Script 1.0 - 'quicksearch.php?q' SQL Injection
Exploit Title: Foodspotting Clone Script 1.0 - 'q' SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/foodspotting-clone/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
Secure E-commerce Script 2.0.1 - 'searchcat' / 'searchmain' SQL Injection
Exploit Title: Secure E-commerce Script 2.0.1 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/secure-e-commerce-script/ Version: 2.0.1 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...
Food Order Script 1.0 - 'list?city' SQL Injection
Exploit Title: Food Order Script 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/food-order-script-2/ Demo: http://ordermanagementscript.com/demo/food-order/ Version: 1.0 Category: Webapps Tested...