47885 matches found
SOA School Management 3.0 - SQL Injection
Exploit Title: SOA School Management 3.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : https://ynetinteractive.com/ Software Link: http://codecanyon.net/item/soa-school-management-software-with-integrated-parents-students-portal/20435367?srank=3 Demo:...
Joomla! Component Calendar Planner 1.0.1 - SQL Injection
Exploit Title: Joomla! Component Calendar Planner 1.0.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://joomlathat.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/calendar-planner/ Demo: http://demo.joomlathat.com/ Version: 1.0.1...
LiveInvoices 1.0 - SQL Injection
Exploit Title: LiveInvoices 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/liveinvoices-complete-invoicing-system-crm/20243375 Demo: http://liveinvoices.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on...
iTech Multi Vendor Script 6.63 - SQL Injection
Exploit Title: iTech Multi Vendor Script 6.63 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/multi-vendor-shopping-script/ Demo: http://multi-vendor.itechscripts.com/ Version: 6.63 Category: Webapps Tested on:...
ZKTime Web Software 2.0 - Cross-Site Request Forgery
Exploit Title: ZKTime Web Software 2.0 - Cross Site Request Forgery CVE-ID: CVE-2017-13129 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category: WebApps Author: Arvind V. Author Social: @FindArvind...
iTech Job Script 9.27 - SQL Injection
Exploit Title: iTech Job Script 9.27 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/job-portal-script/ Demo: http://job-portal.itechscripts.com/ Version: 9.27 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
iTech Travel Script 9.49 - SQL Injection
Exploit Title: iTech Travel Script 9.49 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/travel-portal-script/ Demo: http://travelportal.itechscripts.com/ Version: 9.49 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CV...
iTech Image Sharing Script 4.13 - SQL Injection
Exploit Title: iTech Image Sharing Script 4.13 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/image-sharing-script/ Demo: http://photo-sharing.itechscripts.com/ Version: 4.13 Category: Webapps Tested on:...
Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection
Exploit Title: Joomla! Component Zap Calendar Lite 4.3.4 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: https://zcontent.net/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/zap-calendar-lite/ Demo: http://demo.zapcalendar.com/ Version: 4.3...
iTech Caregiver Script 2.71 - SQL Injection
Exploit Title: iTech Caregiver Script 2.71 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/caregiver-script/ Demo: http://caregiver.itechscripts.com/ Version: 2.71 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N...
DeWorkshop 1.0 - Arbitrary File Upload
Exploit Title: DeWorkshop 1.0 - Arbitrary File Upload Dork: N/A Date: 18.08.2017 Vendor Homepage : https://sarutech.com/ Software Link: https://codecanyon.net/item/deworkshop-auto-workshop-portal/20336737 Demo: https://demo.sarutech.com/deworkshop/ Version: 1.0 Category: Webapps Tested on:...
Mozilla Firefox < 45.0 - 'nsHtml5TreeBuilder' Use-After-Free (EMET 5.52 Bypass)
CVE-2016-1960 / Exploit Title: Mozilla Firefox . 1 https://bugzilla.mozilla.org/showbug.cgi?id=1246014 2 https://ftp.mozilla.org/pub/firefox/releases/44.0.2/win32/en-US/ / "use strict"; / This is executed after having pivoted the stack. esp' points to a region on the heap, and the original stack...
Joomla! Component Appointment 1.1 - SQL Injection
Exploit Title: Joomla! Component Appointment v1.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extensions/extension/appointment/ Demo: http://joomlaextension.biz/appointment/ Version: 1.1 Category:...
DSScan 1.0 - Local Buffer Overflow (PoC)
!/usr/bin/python Exploit Title : DSScan v1.0 Hostname/IP Field SEH Overwrite POC Discovery by : Anurag Srivastava Email : [email protected] Website : http://pyramidcyber.com/ Discovery Date : 18/08/2017 Software Link : https://www.mcafee.com/in/downloads/free-tools/dsscan.aspx...
LiveCRM 1.0 - SQL Injection
Exploit Title: LiveCRM 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livecrm-complete-business-management-solution/20249151 Demo: http://demo.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on:...
eCardMAX 10.5 - SQL Injection
Exploit Title: eCardMAX 10.5 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : https://www.ecardmax.com/ Software Link: https://www.ecardmax.com/home/ecardmax/ Demo: https://ecardmax.com/ecardmaxdemo/ Version: 10.5 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Exploit...
iTech Business Networking Script 8.26 - SQL Injection
Exploit Title: iTech Business Networking Script 8.26 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/business-networking-script/ Demo: http://professional-network.itechscripts.com/ Version: 8.26 Category: Webapps Tested o...
Joomla! Component Twitch Tv 1.1 - SQL Injection
Exploit Title: Joomla! Component Twitch Tv 1.1 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://www.raindropsinfotech.com/ Software Link: https://extensions.joomla.org/extensions/extension/sports-a-games/game-servers/twitch-tv-component/ Demo:...
MessengerScan 1.05 - Local Buffer Overflow (PoC)
!/usr/bin/python Exploit Title : MessengerScan v1.05 Hostname/IP Field SEH/EIP Overwrite POC Discovery by : Anurag Srivastava Email : [email protected] Discovery Date : 18/08/2017 Software Link : https://www.mcafee.com/in/downloads/free-tools/messengerscan.aspx Tested Version :...
LiveProjects 1.0 - SQL Injection
Exploit Title: LiveProjects 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/liveprojects-complete-project-management-crm/10436800 Demo: http://liveprojects.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested...
LiveSupport 1.0 - SQL Injection
Exploit Title: LiveSupport 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livesupport-complete-ticketing-system-crm/20243447 Demo: http://livesupport.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on:...
Symantec Messaging Gateway 10.6.3-2 - Root Remote Command Execution
This is an advisory for CVE-2017-6327 which is an unauthenticated remote code execution flaw in the web interface of Symantec Messaging Gateway prior to and including version 10.6.3-2, which can be used to execute commands as root. Symantec Messaging Gateway, formerly known as Brightmail, is a...
iTech Movie Script 7.51 - SQL Injection
Exploit Title: iTech Movie Script 7.51 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/movie-portal-script/ Demo: http://movie-portal.itechscripts.com/ Version: 7.51 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
iTech Freelancer Script 5.27 - SQL Injection
Exploit Title: iTech Freelancer Script 5.27 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/freelancer-script/ Demo: http://freelance.itechscripts.com/ Version: 5.27 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
iTech B2B Script 4.42 - SQL Injection
Exploit Title: Itech B2B Script 4.42 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/c/B2B/ Demo: http://b2b.itechscripts.com/ Version: 4.42 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: Exploit Author: Ihsan...
Joomla! Component SP Movie Database 1.3 - SQL Injection
Exploit Title: Joomla! Component SP Movie Database 1.3 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://joomshaper.com/ Software Link: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/sp-movie-database/ Demo:...
NoviFlow NoviWare < NW400.2.6 - Multiple Vulnerabilities
NoviFlow NoviWare = NW400.2.6 multiple vulnerabilities Introduction ========== NoviWare is a high-performance OpenFlow 1.3, 1.4 and 1.5 compliant switch software developed by NoviFlow and available for license to network equipment manufacturers. Multiple vulnerabilities were identified in the...
QuantaStor Software Defined Storage < 4.3.1 - Multiple Vulnerabilities
--- Advisory details --- Title: QuantaStor Software Define Storage mmultiple vulnerabilities Advisory ID: VVVSEC-2017-6943 Advisory URL: http://www.vvvsecurity.com/advisories/vvvsecurity-advisory-2017-6943.txt Date published: 12/08/2017 CVEs: CVE-2017-9978 "Brute force login request using http...
iTech Classifieds Script 7.41 - SQL Injection
Exploit Title: iTech Classifieds Script 7.41 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://itechscripts.com/ Software Link: http://itechscripts.com/classifieds-script/ Demo: http://classifieds.itechscripts.com/ Version: 7.41 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Matrimony Script 2.7 - SQL Injection
Exploit Title: Matrimony Script 2.7 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://www.matrimony-script.com/ Software Link: http://www.matrimony-script.com/php-matrimony-software.html Demo: http://www.matrimonysearch.com/ Version: 2.7 Category: Webapps Tested on:...
Joomla! Component KissGallery 1.0.0 - SQL Injection
Exploit Title: Joomla! Component KissGallery 1.0.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage: http://terrywcarter.com/ Software Link: https://extensions.joomla.org/extensions/extension/photos-a-images/galleries/kissgallery/ Demo: http://demo.terrywcarter.com/kissgallery Version:...
LiveSales 1.0 - SQL Injection
Exploit Title: LiveSales 1.0 - SQL Injection Dork: N/A Date: 18.08.2017 Vendor Homepage : http://livecrm.co/ Software Link: https://codecanyon.net/item/livesales-complete-sales-management-crm/20243171 Demo: http://livesales.livecrm.co/livecrm/web/ Version: 1.0 Category: Webapps Tested on:...
ZKTime Web Software 2.0 - Improper Access Restrictions
Exploit Title: ZKTime Web Software 2.0 - Broken Authentication CVE-ID: CVE-2017-14680 Vendor Homepage: https://www.zkteco.com/product/ZKTimeWeb2.0435.html Vendor of Product: ZKTeco Affected Product Code: ZKTime Web - 2.0.1.12280 Category: WebApps Author: Arvind V. Author Social: @FindArvind...
Linux/x86-64 - Reverse Shell (192.168.1.2:4444) Shellcode (153 bytes)
Linux/x86-64 - Reverse Shell 192.168.1.2:4444 Shellcode 153 bytes. Shellcode exploit for Linx86-64 platform / ;Title: Linux/x8664 - Reverse Shell Shellcode 192.168.1.2:4444 ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x8664...
MyDoomScanner 1.00 - Local Buffer Overflow (PoC)
!/usr/bin/python Exploit Title : MyDoomScanner1.00 Hostname/IP Field SEH Overwrite POC Discovery by : Anurag Srivastava Email : [email protected] Discovery Date : 17/08/2017 Software Link : https://www.mcafee.com/in/downloads/free-tools/mydoomscanner.aspx Tested Version : 1.00...
Food Ordering Script 1.0 - SQL Injection
Exploit Title: Food Ordering Script 1.0 - SQL Injection Dork: N/A Date: 17.08.2017 Vendor Homepage : http://www.earthtechnology.co.in/ourproducts.html Software Link: https://www.foodorderingscript.com/ Demo: https://www.foodorderingscript.com/demo-new/ Version: 1.0 Category: Webapps Tested on:...
Microsoft Edge Chakra - Uninitialized Arguments (1)
ParseNodePtr Parser::ParseVariableDeclaration tokens declarationType, charcountt ichMin, BOOL fAllowIn/ = TRUE/, BOOL pfForInOk/ = nullptr/, BOOL singleDefOnly/ = FALSE/, BOOL allowInit/ = TRUE/, BOOL isTopVarParse/ = TRUE/, BOOL isFor/ = FALSE/, BOOL nativeForOk /= nullptr/ ... if pid ==...
Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrectly Re-parses
GetOriginalEntryPoint : nullptr; if this-pCurrentFunction && this-pCurrentFunction-IsFunctionParsed Assertthis-pCurrentFunction-StartInDocument == pnode-ichMin; pCurrentFunction" is the consturctor, but "pnode" refers to the method "f". PoC: -- class MyClass fa printa; constructor 'use asm';...
Microsoft Edge - Out-of-Bounds Access when Fetching Source
// The attached JavaScript file causes an out-of-bounds access of the source buffer when fetching the source for one of the functions during delayed compilation. The out-of-bounds value is then treated as the pointer to the source. This is likely an exploitable condition. // In the debug build of...
Microsoft Edge 40.15063.0.0 Chakra - Incorrect JIT Optimization with TypedArray Setter #3
'use strict'; function funca, b, c a0 = 1.2; b0 = c; a1 = 2.2; a0 = 2.3023e-320; function main let a = 1.1, 2.2; let b = new Uint32Array100; for let i = 0; i a0 = ; return 0; ; a0.toString; main; // Tested on Microsoft Edge 40.15063.0.0Insider Preview...
Microsoft Edge Chakra - 'JavascriptFunction::EntryCall' Fails to Handle 'CallInfo' Properly
GetScriptContext, Js::Constants::MinStackDefault; RUNTIMEARGUMENTSargs, callInfo; ScriptContext scriptContext = function-GetScriptContext; Assert!callInfo.Flags & CallFlagsNew; /// /// Check Argument0 has internal Call property /// If not, throw TypeError /// if args.Info.Count == 0 ||...
Microsoft Edge Chakra - 'JavascriptArray::ConcatArgs' Type Confusion
void JavascriptArray::ConcatArgsRecyclableObject pDestObj, TypeId remoteTypeIds, Js::Arguments& args, ScriptContext scriptContext, uint start, uint startIdxDest, BOOL firstPromotedItemIsSpreadable, BigIndex firstPromotedItemLength, bool spreadableCheckedAndTrue JSREENTRANCYLOCKjsReentLock,...
Microsoft Edge Chakra - Buffer Overflow
sxCall.argCount; //pnode-sxCall.argCount=0xFFFF argCount++; // include "this" //overflow!!!! argCount==0 BOOL fSideEffectArgs = FALSE; unsigned int tmpCount = CountArgumentspnode-sxCall.pnodeArgs, &fSideEffectArgs; AssertargCount == tmpCount; if argCount != Js::ArgSlotargCount...
Microsoft Edge Chakra - 'chakra!Js::GlobalObject' Integer overflow
= 0; AnalysisAssertscriptContext; if scriptContext-GetThreadContext-EvalDisabled throw Js::EvalDisabledException; ifdef PROFILEEXEC scriptContext-ProfileBeginJs::EvalCompilePhase; endif void frameAddr = nullptr; GETCURRENTFRAMEIDframeAddr; HRESULT hr = SOK; HRESULT hrParser = SOK; HRESULT hrCodeG...
Microsoft Edge Chakra - 'PreVisitCatch' Missing Call
root-sxFnc.pnodeVars; pnode; pnode = pnode-sxVar.pnodeNext Symbol sym = pnode-sxVar.sym; if sym != nullptr && !pnode-sxVar.isBlockScopeFncDeclVar && sym-GetIsBlockVar if sym-GetIsCatch || pnode-nop == knopVarDecl && sym-GetIsBlockVar ... sym = funcInfo-bodyScope-FindLocalSymbolsym-GetName;...
Photogallery Project 1.0 - SQL Injection
Exploit Title: Photogallery Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/photogallery-project-in-php/ Demo: http://surajkumar.in/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64...
Online Quiz Project 1.0 - SQL Injection
Exploit Title: Online Quiz Project 1.0 - Multiple Vulnerabilities Dork: N/A Date: 17.08.2017 Vendor Homepage : http://surajkumar.in/ Software Link: http://surajkumar.in/product/online-quiz-project-php/ Demo: http://surajkumar.in/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...
Microsoft Edge Chakra - 'EmitAssignment' uses the 'this' Register Without Initializing
000c ProfiledLdEnvSlot R4 = 13 Line 28: super.a = 1; Col 13: ^ 0018 LdHomeObjProto R8 R4 001d ProfiledStSuperFld R8.this=R5 = R3 0 0025 LdUndef R0 Line 29: Col 9: ^ 0027 Ret PoC: -- class Parent ; class Child extends Parent constructor = super.a = 10; // Implicitly use the "this" register. So it...
Adobe Flash - Invoke Accesses Trait Out-of-Bounds
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1320 The attached fuzzed swf file causes the traits of an ActionScript object to be accessed out of bounds. This can probably lead to exploitable type confusion. Proof of Concept:...
Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrect Usage of 'PushPopFrameHelper' (Denial of Service)
GetScriptContext-GetThreadContext-GetLeafInterpreterFrame; GetLoopHeaderinterpreterFrame-GetCurrentLoopNum; GetCurrentLoopNum == -1 ... PoC: -- function asmModule 'use asm'; let a = 1, 2, 3, 4; for let i = 0; i 0x100000; i++ // JIT a0 = 1; if i === 0x30000 a0 = ; // the array type changed,...