47904 matches found
iBall ADSL2+ Home Router - Authentication Bypass
Exploit Title: iBall ADSL2+ Home Router Authentication Bypass Vulnerability CVE: CVE-2017-14244 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: iBall ADSL2+ Home Router WRA150N https://www.iball.co.in/Product/ADSL2--Home-Router/7...
Digileave 1.2 - Cross-Site Request Forgery (Update Admin)
!/usr/local/bin/python Exploit Title: Digileave 1.2 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/digileave.asp?id=1 Demo: http://www.digiappz.com/digileave/login.asp Version: 1.2...
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
!/usr/local/bin/python Exploit Title: Digirez 3.4 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/index.asp Demo: http://www.digiappz.com/room/index.asp Version: 3.4 Category: Webapps Test...
DigiAffiliate 1.4 - Cross-Site Request Forgery (Update Admin)
!/usr/local/bin/python Exploit Title: DigiAffiliate 1.4 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/digiaffiliate.asp?id=7 Demo: http://www.digiappz.com/digiaffiliate/login.asp Version: 1.4...
WordPress Plugin Content Timeline - SQL Injection
Exploit Title: Multiple Blind SQL Injections Wordpress Plugin: Content Timeline Google Dork: - Date: September 16, 2017 Exploit Author: Jeroen - ITNerdbox Vendor Homepage: http://www.shindiristudio.com/ Software Link:...
Netdecision 5.8.2 - Local Privilege Escalation
// Netdecision.cpp : Defines the entry point for the console application. / Exploit Title: Netdecision 5.8.2 - Local Privilege Escalation - Winring0x32.sys Date: 2017.09.17 Exploit Author: Peter Baris Vendor Homepage: www.netmechanica.com Software Link: http://www.netmechanica.com/downloads/...
iTech Gigs Script 1.20 - 'cat' SQL Injection
Exploit Title: iTech Gigs Script v1.20 - SQL Injection Date: 2017-09-15 Exploit Author: 8bitsec Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/the-gigs-script/ Version: 1.20 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email: [email protected] Contact:...
PTCEvolution 5.50 - SQL Injection
Exploit Title: PTCEvolution 5.50 - SQL Injection Dork: N/A Date: 15.09.2017 Vendor Homepage: http://ptcevolution.com/ Software Link: http://www.ptcevolution.com/demoo/ Demo: http://demo.ptcevolution.com/ Version: 5.50 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit Author: Ihsa...
UTStar WA3002G4 ADSL Broadband Modem - Authentication Bypass
Exploit Title: UTStar WA3002G4 ADSL Broadband Modem Authentication Bypass Vulnerability CVE: CVE-2017-14243 Date: 15-09-2017 Exploit Author: Gem George Author Contact: https://www.linkedin.com/in/gemgrge Vulnerable Product: UTStar WA3002G4 ADSL Broadband Modem Firmware version: WA3002G4-0021.01...
Contact Manager 1.0 - 'femail' SQL Injection
Exploit Title: Contact Manager 1.0 - SQL Injection Dork: N/A Date: 15.09.2017 Vendor Homepage: http://savsofteproducts.com/ Software Link: http://www.contactmanagerscript.com/download/contactmanager1380185909.zip Demo: http://contactmanagerscript.com/demo/ Version: 1.0 Category: Webapps Tested on...
PTC KSV1 Script 1.7 - 'type' SQL Injection
Exploit Title: PTC KSV1 Script 1.7 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/ptc-ksv1.php Demo: http://www.ksv1demo.gvmhosting.com/ Version: 1.7 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Adserver Script 5.6 - SQL Injection
Exploit Title: Adserver Script 5.6 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/adserverscript.php Demo: http://adserverscript.gvmhosting.com/ Version: 5.6 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...
Lockstep Backup for Workgroups 4.0.3 - Remote Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'Lockstep Backup for Workgroups %q This module exploits a stack buffer overflow found in Lockstep Backup for Workgroups 'james fitts' , 'License' = MSFLICENSE, 'Version' = '$Revision: $', 'References' = 'URL', 'http://secunia.com/advisories/50260/' ,...
Enterprise Edition Payment Processor Script 3.7 - SQL Injection
Exploit Title: Enterprise Edition Payment Processor Script 3.7 - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: https://www.goterhosting.com/ Software Link: https://www.goterhosting.com/payment-processor-script.php Demo: http://www.enterprise-edition.gvmhosting.com/ Version: 3.7...
Humax Wi-Fi Router HG100R 2.0.6 - Authentication Bypass
coding: utf-8 Exploit Title: Humax HG100R- Authentication Bypass Date: 14/09/2017 Exploit Author: Kivson Vendor Homepage: http://humaxdigital.com Version: VER 2.0.6 Tested on: OSX Linux CVE : CVE-2017-11435 The Humax Wi-Fi Router model HG100R- 2.0.6 is prone to an authentication bypass...
Justdial Clone Script - 'fid' SQL Injection
Exploit Title: Justdial Clone Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/z1mt4303451/php-scripts/justdial-clone-script Demo: http://74.124.215.220/jusdil/ Version: N/A Category: Webapps...
Theater Management Script - SQL Injection
Exploit Title: Theater Management Script - SQL Injection Dork: N/A Date: 14.09.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.exclusivescript.com/product/8o2b4417538/php-scripts/theater-management-script Demo: http://198.38.86.159/dineshkumarwork/demo/movie/ Versio...
EMC AlphaStor Device Manager - Opcode 0x72 Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'EMC AlphaStor Device Manager Opcode 0x72', 'Description' = %q This module exploits a stack based buffer overflow vulnerability found in EMC Alphastor Device Manager. The overflow is triggered when sending a specially crafted packet to the rrobotd.exe...
Cloudview NMS 2.00b - Writable Directory Traversal Execution (Metasploit)
require 'msf/core' class MetasploitModule "Cloudview NMS 2.00b Writable Directory Traversal Execution", 'Description' = %q This module exploits a vulnerability found in Cloudview NMS server. The software contains a directory traversal vulnerability that allows a remote attacker to write arbitrary...
KingScada AlarmServer 3.1.2.13 - Remote Stack Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'KingScada AlarmServer Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in KingScada 'James Fitts' , 'License' = MSFLICENSE, 'References' = 'CVE', '2014-0787' , 'ZDI', '14-071' , 'URL',...
haneWIN DNS Server 1.5.3 - Remote Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'haneWIN DNS Server Buffer Overflow', 'Description' = %q This module exploits a buffer overflow vulnerability found in haneWIN DNS Server 'james fitts' , 'License' = MSFLICENSE, 'References' = 'EDB', '31260' , 'OSVDB', '102773' , 'Privileged' = false,...
EMC AlphaStor Library Manager < 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'EMC AlphaStor Library Manager Opcode 0x4f', 'Description' = %q This module exploits a stack based buffer overflow found in EMC Alphastor Library Manager version 'james fitts' , 'License' = MSFLICENSE, 'References' = 'URL',...
Foodspotting Clone 1.0 - SQL Injection
Exploit Title: Foodspotting Clone v1.0 - SQL Injection/Reflected XSS Date: 2017-09-13 Exploit Author: 8bitsec Vendor Homepage: http://www.phpscriptsmall.com/ Software Link: http://www.phpscriptsmall.com/product/foodspotting-clone/ Version: 1.0 Tested on: Kali Linux 2.0 | Mac OS 10.12.6 Email:...
ICGrocery 1.1 - 'key' SQL Injection
Exploit Title: Grocery Store Supermarket Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/grocery-store-supermarket-script.htm Demo: http://icloudcenter.net/demos/icgrocery/ Version: 1.1 Category: Webapp...
Cloudview NMS < 2.00b - Arbitrary File Upload (Metasploit)
require 'msf/core' class MetasploitModule 'Cloudview NMS File Upload', 'Description' = %q This module exploits a file upload vulnerability found within Cloudview NMS 'james fitts' , 'License' = MSFLICENSE, 'References' = 'URL', '0day' , 'DefaultOptions' = 'EXITFUNC' = 'thread', , 'Privileged' =...
Sielco Sistemi Winlog 2.07.16 - Remote Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'Sielco Sistemi Winlog %q This module exploits a stack based buffer overflow found in Sielco Sistemi Winlog 'James Fitts' , 'License' = MSFLICENSE, 'Version' = '$Revision: $', 'References' = , 'Privileged' = true, 'DefaultOptions' = 'EXITFUNC' = 'thread',...
ICJewelry 1.1 - 'key' SQL Injection
Exploit Title: Jewelry Store Site Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/jewelry-site-script.htm Demo: http://icloudcenter.net/demos/icjewelry/ Version: 1.1 Category: Webapps Tested on:...
ICClassifieds 1.1 - SQL Injection
Exploit Title: Classifieds Software Script Like Craigslist 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/craigslist-like-classifieds-script.htm Demo: http://icloudcenter.net/demos/icclassifieds/ Version: 1.1...
ICSurvey 1.1 - SQL Injection
Exploit Title: ICSurvey- Survey Creating Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/survey-creating-script.htm Demo: http://icloudcenter.net/demos/icsurvey/ Version: 1.1 Category: Webapps Tested on...
IC-T-Shirt 1.2 - 'key' SQL Injection
Exploit Title: Custom T-Shirt WebStore Script 1.2 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/t-shirt.htm Demo: http://icloudcenter.net/demos/ictshirt/ Version: 1.2 Category: Webapps Tested on:...
ICAutosales 2.2 - SQL Injection
Exploit Title: Auto Dealer Car Sales PHP Script 2.2 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/auto-dealer-car-sales-script.htm Demo: http://icloudcenter.net/demos/icautosales/ Version: 2.2 Category: Webapps...
Astaro Security Gateway 7 - Remote Code Execution
!/usr/bin/python Astaro Security Gateway v7 - Unauthenticated Remote Code Execution Exploit Authors: Jakub Palaczynski and Maciej Grabiec Tested on versions: 7.500 and 7.506 Date: 13.12.2016 Vendor Homepage: https://www.sophos.com/ CVE: CVE-2017-6315 import socket import sys import os import...
Carel PlantVisor 2.4.4 - Directory Traversal Information Disclosure (Metasploit)
require 'msf/core' class MetasploitModule 'Carel Pl@ntVisor Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carel Pl@ntVisor 'james fitts' , 'License' = MSFLICENSE, 'References' = 'CVE', '2011-3487' , 'BID', '49601' , , 'DisclosureDate' =...
Dameware Mini Remote Control 4.0 - Username Stack Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'Dameware Mini Remote Control Username Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow vulnerability found in Dameware Mini Remote Control v4.0. The overflow is caused when sending an overly long username to t...
Carlo Gavazzi Powersoft 2.1.1.1 - Directory Traversal File Disclosure (Metasploit)
require 'msf/core' class MetasploitModule 'Carlo Gavazzi Powersoft Directory Traversal', 'Description' = %q This module exploits a directory traversal vulnerability found in Carlo Gavazzi Powersoft 'james fitts' , 'License' = MSFLICENSE, 'References' = 'URL', 'http://gleg.net/agorascadaupd.shtml'...
EMC CMCNE 11.2.1 - FileUploadController Remote Code Execution (Metasploit)
require 'msf/core' class MetasploitModule 'EMC CMCNE FileUploadController Remote Code Execution', 'Description' = %q This module exploits a fileupload vulnerability found in EMC Connectrix Manager Converged Network Edition MSFLICENSE, 'Author' = 'james fitts' , 'References' = 'ZDI', '13-279' ,...
Alienvault OSSIM av-centerd - Util.pm sync_rserver Command Execution (Metasploit)
require 'msf/core' class MetasploitModule 'Alienvault OSSIM av-centerd Util.pm syncrserver Command Execution', 'Description' = %q This module exploits a command injection vulnerability found within the syncrserver function in Util.pm. The vulnerability is triggered due to an incomplete blacklist...
Fatek Automation PLC WinProladder 3.11 Build 14701 - Stack Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'Fatek Automation PLC WinProladder Stack-based Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in Fatek Automation PLC WinProladder v3.11 Build 14701. The vulnerability is triggered when a client connects to a...
Microsoft Windows .NET Framework - Remote Code Execution
Source: https://github.com/Voulnet/CVE-2017-8759-Exploit-sample Running CVE-2017-8759 exploit sample. Flow of the exploit: Word macro runs in the Doc1.doc file. The macro downloads a badly formatted txt file over wsdl, which triggers the WSDL parser log. Then the parsing log results in running...
Alienvault OSSIM av-centerd 4.7.0 - 'get_log_line' Command Injection (Metasploit)
require 'msf/core' require 'rexml/document' class MetasploitModule 'Alienvault OSSIM av-centerd Command Injection getlogline', 'Description' = %q This module exploits a command injection flaw found in the getlogline function found within Util.pm. The vulnerability is triggered due to an unsanitiz...
ICDental Clinic 1.2 - 'key' SQL Injection
Exploit Title: Dental Clinic Site Script 1.2 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/dental-clinic-script.htm Demo: http://icloudcenter.net/demos/icdentalclinic/ Version: 1.2 Category: Webapps Tested on:...
ICProductConfigurator 1.1 - 'key' SQL Injection
Exploit Title: Customized Products Shopping Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/bpProductConfigurator.htm Demo: http://icloudcenter.net/demos/icproductconfigurator/ Version: 1.1 Category:...
ICHotelReservation 3.3 - 'key' SQL Injection
Exploit Title: Hotel Reservation Site Script 3.3 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/hotel-reservation-site-script.htm Demo: http://icloudcenter.net/demos/ichotelreservation/ Version: 3.3 Category:...
ICRestaurant software 1.4 - 'key' SQL Injection
Exploit Title: Restaurant Site Script 1.4 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/restaurant-site-script.htm Demo: http://icloudcenter.net/demos/icrestaurant/ Version: 1.4 Category: Webapps Tested on:...
ICAuction 2.2 - 'id' SQL Injection
Exploit Title: eBay like Auction PHP Script 2.2 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/ebay-like-auction-script.htm Demo: http://icloudcenter.net/demos/icauction/ Version: 2.2 Category: Webapps Tested on:...
ICEstate 1.1 - 'id' SQL Injection
Exploit Title: Real Estate Marketplace Site ASP.NET Script 1.1 - SQL Injection Dork: N/A Date: 13.09.2017 Vendor Homepage: http://www.icloudcenter.com/ Software Link: http://www.icloudcenter.com/real-estate-marketplace-site.htm Demo: http://www.icloudcenter.com/demos/icestatemarket/ Version: 1.1...
EMC CMCNE Inmservlets.war FileUploadController 11.2.1 - Remote Code Execution (Metasploit)
require 'msf/core' class MetasploitModule 'EMC CMCNE Inmservlets.war FileUploadController Remote Code Execution', 'Description' = %q This module exploits a file upload vulnerability found in EMC Connectrix Manager Converged Network Edition 'james fitts' , 'License' = MSFLICENSE, 'References' =...
Viap Automation WinPLC7 5.0.45.5921 - Recv Buffer Overflow (Metasploit)
require 'msf/core' class MetasploitModule 'VIPA Authomation WinPLC7 recv Stack Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in VIPA Automation WinPLC7 'james fitts' , 'License' = MSFLICENSE, 'References' = 'ZDI', '17-112' , 'CVE', '2017-5177' ,...
Trend Micro Control Manager - ImportFile Directory Traversal Remote Code Execution (Metasploit)
require 'msf/core' require 'msf/core/exploit/phpexe' class MetasploitModule 'Trend Micro Control Manager importFile Directory Traversal RCE', 'Description' = %q This module exploits a directory traversal vulnerability found in Trend Micro Control Manager. The vulnerability is triggered when sendi...
Infinite Automation Mango Automation - Command Injection (Metasploit)
require 'msf/core' class MetasploitModule 'Infinite Automation Mango Automation Command Injection', 'Description' = %q This module exploits a command injection vulnerability found in Infinite Automation Systems Mango Automation v2.5.0 - 2.6.0 beta builds prior to 430. , 'Author' = 'james fitts' ,...