47904 matches found
NoMachine 5.3.9 - Local Privilege Escalation
""" Exploit Title: NoMachine LPE - Local Privilege Escalation Date: 09/08/2017 Exploit Author: Daniele Linguaglossa Vendor Homepage: https://www.nomachine.com Software Link: https://www.nomachine.com Version: 5.3.9 Tested on: OSX CVE : CVE-2017-12763 NoMachine uses a file called nxexec in order t...
Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery
Exploit Title: CSRF Date: August 9, 2017 Software Link: https://www.symantec.com/products/messaging-gateway Exploit Author: Dhiraj Mishra Contact: http://twitter.com/mishradhiraj Website: http://datarift.blogspot.in/ CVE: CVE-2017-6328 Category: Symantec Messaging Gateway 1. Description The...
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Cross-Site Scripting / Cross-Site Request Forgery
!-- DALIM SOFTWARE ES Core 5.0 build 7184.1 Multiple Stored XSS And CSRF Vulnerabilities Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 buil...
WebFile Explorer 1.0 - Arbitrary File Download
Exploit Title: WebFile Explorer 1.0 - Arbitrary File Download Dork: N/A Date: 09.08.2017 Vendor Homepage : http://speicher.host/ Software Link: https://codecanyon.net/item/webfile-explorer/20366192/ Demo: http://speicher.host/envato/codecanyon/demo/web-file-explorer/ Version: 1.0 Category: Webapp...
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery
DALIM SOFTWARE ES Core 5.0 build 7184.1 Server-Side Request Forgery Vendor: Dalim Software GmbH Product web page: https://www.dalim.com Affected version: ES/ESPRiT 5.0 build 7184.1 build 7163.2 build 7163.0 build 7135.0 build 7114.1 build 7114.0 build 7093.1 build 7093.0 build 7072.0 build 7051.3...
Android Bluetooth - 'Blueborne' Information Leak (1)
from pwn import import bluetooth if not 'TARGET' in args: log.info'Usage: python CVE-2017-0781.py TARGET=XX:XX:XX:XX:XX:XX' exit target = args'TARGET' count = 30 Amount of packets to send port = 0xf BTPSMBNEP context.arch = 'arm' BNEPFRAMECONTROL = 0x01 BNEPSETUPCONNECTIONREQUESTMSG = 0x01 def...
Unitrends UEB 9.1 - Authentication Bypass / Remote Command Execution
Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...
Unitrends UEB 9.1 - Privilege Escalation
Exploit Title: Authenticated lowpriv RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Benny Husted, Jared Arave, Cale Smith Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)
Sources: - https://github.com/sensepost/gdi-palettes-exp - https://sensepost.com/blog/2017/abusing-gdi-objects-for-ring0-primitives-revolution/ Windows 7 SP1 x86 exploit presented at DEF CON 25 involving the abuse of a newly discovered GDI object abuse technique. DC25 5A1F - Demystifying Windows...
WildMIDI 0.4.2 - Multiple Vulnerabilities
wildmidi multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= WildMIDI is a simple software midi player which has a core softsynth library that can be use with other applications.The WildMIDI library uses Gravis Ultrasound patch files to convert...
Unitrends UEB 9.1 - 'Unitrends bpserverd' Remote Command Execution
Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Jared Arave, Cale Smith, Benny Husted Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted || https://twitter.com/0xC413 Vendor Homepage: https://www.unitrends.com/ Software Link:...
Synology Photo Station 6.7.3-3432 / 6.3-2967 - Remote Code Execution
''' Source: https://blogs.securiteam.com/index.php/archives/3356 Vulnerability details The remote code execution is a combination of 4 different vulnerabilities: Upload arbitrary files to the specified directories Log in with a fake authentication mechanism Log in to Photo Station with any identi...
VMware WorkStation 12.5.5 - Virtual Machine Escape
VMware Escape Exploit VMware Escape Exploit before VMware WorkStation 12.5.5 Host Target: Win10 x64 Compiler: VS2013 Test on VMware 12.5.2 build-4638234 Known issues Failing to heap manipulation causes host process crash. Not quite elaborate because I'm not good at doing heap "fengshui" on winows...
WordPress Plugin Easy Modal 2.0.17 - SQL Injection
DefenseCode ThunderScan SAST Advisory WordPress Easy Modal Plugin Multiple Security Vulnerabilities Advisory ID: DC-2017-01-007 Advisory Title: WordPress Easy Modal Plugin Multiple Vulnerabilities Advisory URL: http://www.defensecode.com/advisories.php Software: WordPress Easy Modal plugin...
Microsoft Windows - '.LNK' Shortcut File Code Execution
!/usr/bin/python -- coding: utf-8 -- Title : CVE-2017-8464 | LNK Remote Code Execution Vulnerability CVE : 2017-8464 Authors : ykoster, nixawk Notice : Only for educational purposes. Support : python2 import struct def generateSHELLLINKHEADER: | | | | | | | | | | | | | | | | | | | | | | | | | | |...
Linux x86 - /bin/sh Shellcode (24 bytes)
Linux x86 - /bin/sh Shellcode 24 bytes. Shellcode exploit for Linx86 platform / ;Title: Linux/x86 - /bin/sh Shellcode ;Author: Touhid M.Shaikh ;Contact: https://github.com/touhidshaikh ;Category: Shellcode ;Architecture: Linux x86 ;Description: This shellcode baased on stack method to Execute...
Technicolor TC7337 - 'SSID' Persistent Cross-Site Scripting
// Device : Technicolor TC7337 // Vulnerable URL : https://your.rou.ter.ip/wlscanresults.html // XSS through SSID : ' Exactly 32 bytes uu // ^ // 5char domains are running | 'src' does not requires quotes , and passing the URL with ony '//' // out, grab yours ! +--- it will cause the browser to...
VirtualBox 5.1.22 - Windows Process DLL UNC Path Signature Bypass Privilege Escalation
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1296 VirtualBox: Windows Process DLL UNC Path Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening implemented by the VirtualBox driver can ...
Joomla! Component StreetGuessr Game 1.1.8 - SQL Injection
Exploit Title: Joomla! Component StreetGuessr Game v1.1.8 - SQL Injection Dork: N/A Date: 03.08.2017 Vendor : https://www.nordmograph.com/ Software: https://extensions.joomla.org/extensions/extension/sports-a-games/streetguessr-game/ Demo: https://www.streetguessr.com/en/component/streetguess/...
DNSTracer 1.9 - Local Buffer Overflow
Exploit Title: DNSTracer 1.9 - Buffer Overflow Google Dork: if applicable Date: 03-08-2017 Exploit Author: j0lama Vendor Homepage: http://www.mavetju.org/unix/dnstracer.php Software Link: http://www.mavetju.org/download/dnstracer-1.9.tar.gz Version: 1.9 Tested on: Ubuntu 12.04 CVE : CVE-2017-9430...
VirtualBox 5.1.22 - Windows Process DLL Signature Bypass Privilege Escalation
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1257 VirtualBox: Windows Process DLL Signature Bypass EoP Platform: VirtualBox v5.1.22 r115126 x64 Tested on Windows 10 Class: Elevation of Privilege Summary: The process hardening implemented by the VirtualBox driver can be...
Tiandy IP Cameras 5.56.17.120 - Sensitive Information Disclosure
Vulnerability Summary The following advisory describes sensitive information Disclosure found in Tiandy IP cameras version 5.56.17.120 Tianjin Tiandy Digital Technology Co., Ltd Tiandy Tech is “one of top 10 leading CCTV manufacturer in China and a global supplier of advanced video surveillance...
Dashlane - DLL Hijacking
Vulnerability Summary The following advisory describes a DLL Hijacking vulnerability found in Dashlane. Dashlane is “a password manager app and secure digital wallet. The app is available on Mac, PC, iOS and Android. The app’s premium feature enables users to securely sync their data between an...
Horde Groupware 5.2.21 - Unauthorized File Download
Vulnerability Summary The following advisory describes an unauthorized file download vulnerability found in Horde Groupware version 5.2.21. Horde Groupware Webmail Edition is “a free, enterprise ready, browser based communication suite. Users can read, send and organize email messages and manage...
Muviko 1.0 - 'q' SQL Injection
Exploit Title: Muviko - Video CMS v1.0 – 'q' Parameter SQL Injection Date: 02.08.2017 Vendor Homepage: https://muvikoscript.com/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview Muviko is a movie & video content manageme...
Nitro Pro PDF Reader 11.0.3.173 - Javascript API Code Execution (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution', 'Description' = %q This module exploits an unsafe Javascript API implemente...
Joomla! Component Event Registration Pro Calendar 4.1.3 - SQL Injection
Exploit Title: Joomla! Component Event Registration Pro Calendar v4.1.3 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : http://joomlashowroom.com/ Software: https://www.joomlashowroom.com/products/event-registration-pro-calendar Demo: http://demo3.joomlashowroom.com/ Version: 4.1.3 Author:...
Joomla! Component PHP-Bridge 1.2.3 - SQL Injection
Exploit Title: Joomla! Component PHP-Bridge v1.2.3 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : http://www.henryschorradt.de/ Software: https://extensions.joomla.org/extensions/extension/miscellaneous/development/php-bridge/ Demo: http://www.henryschorradt.de/joomla-php-bridge/ Version:...
Premium Servers List Tracker 1.0 - SQL Injection
Exploit Title: Premium Servers List Tracker v1.0 – SQL Injection Date: 02.08.2017 Vendor Homepage: https://codecanyon.net/item/premium-servers-list-tracker/19796599?srank=270 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...
Joomla! Component LMS King Professional 3.2.4.0 - SQL Injection
Exploit Title: Joomla! Component LMS King Professional v3.2.4.0 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : http://king-products.net/ Software: https://extensions.joomla.org/extensions/extension/living/education-a-culture/lms-king-professional-for-joomla/ Demo:...
EDUMOD Pro 1.3 - SQL Injection
Exploit Title: School Management System | EDUMOD Pro v1.3 – SQL Injection Date: 02.08.2017 Vendor Homepage: https://codecanyon.net/item/school-management-system-edumod-pro/19764430?srank=288 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Applicatio...
Joomla! Component Ultimate Property Listing 1.0.2 - SQL Injection
Exploit Title: Joomla! Component Ultimate Property Listing v1.0.2 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : http://faboba.com/ Software: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/ultimate-property-listing/ Demo: http://demoupl.faboba.com/ Version:...
Entrepreneur B2B Script - 'pid' SQL Injection
Exploit Title: Entrepreneur B2B Script - 'pid' Parameter SQL Injection Date: 2017-08-02 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://readymadeb2bscript.com/ Version: All Version Exploit : http://site.com/path/productview1.php?pid=-99999+SQL+Comm...
Joomla! Component SIMGenealogy 2.1.5 - SQL Injection
Exploit Title: Joomla! Component SIMGenealogy v2.1.5 - SQL Injection Dork: N/A Date: 02.08.2017 Vendor : https://www.simbunch.com/ Software: https://extensions.joomla.org/extensions/extension/clients-a-communities/communities/simgenealogy/ Demo: https://www.simbunch.com/demos/simgenealogy Version...
Advantech SUSIAccess < 3.0 - 'RecoveryMgmt' File Upload
!/usr/bin/env ruby =begin Exploit Title: Advantech SUSIAccess RecoveryMgmt File Upload Date: 07/31/17 Exploit Author: james fitts Vendor Homepage: http://www.advantech.com/ Version: Advantech SUSIAccess = 3.0 Tested on: Windows 7 SP1 Relavant Advisories: ZDI-16-630 ZDI-16-628 CVE-2016-9349...
libmad 0.15.1b - 'mp3' Memory Corruption
libmad memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= libmad is a high-quality MPEG audio decoder capable of 24-bit output. Affected version: ===== 0.15.1b Vulnerability Description: ========================== the maddecoderrun functi...
VehicleWorkshop - Authentication Bypass
Type: Admin or Customer login bypass via SQL injection Author: Touhid M.Shaikh Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Mail: touhidshaikh22atgmaildotcom More info: https://blog.touhidshaikh.com/ ===================== PoC ================ Admin Login Page :...
Apple macOS/iOS - 'xpc_data' Objects Sandbox Escape Privilege Escalation
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1247 When XPC serializes large xpcdata objects it creates mach memory entry ports to represent the memory region then transfers that region to the receiving process by sending a send right to the memory entry port in the underlying...
VehicleWorkshop - Arbitrary File Upload
Exploit Title: VehicleWorkshop Unrestricted File Upload or Shell Upload Exploit Author: Touhid M.Shaikh Date: 1/08/2017 Vendor Homepage: https://github.com/spiritson/VehicleWorkshop Tested on : Kali Linux 2.0 64 bit and Windows 7 =================== Vulnerable Page: ===================...
SOL.Connect ISET-mpp meter 1.2.4.2 - SQL Injection
Vulnerability type: SQL injection, leading to administrative access through authentication bypass. ----------------------------------- Product: SOL.Connect ISET-mpp meter ----------------------------------- Affected version: SOL.Connect ISET-mpp meter 1.2.4.2 and possibly earlier Vulnerable...
Advantech SUSIAccess < 3.0 - Directory Traversal / Information Disclosure (Metasploit)
require 'msf/core' class MetasploitModule 'Advantech SUSIAccess Server Directory Traversal Information Disclosure', 'Description' = %q This module exploits an information disclosure vulnerability found in Advantech SUSIAccess 'james fitts' , 'License' = MSFLICENSE, 'References' = 'CVE', '2016-934...
Solarwinds Kiwi Syslog 9.6.1.6 - Denial of Service
Exploit Title: Solarwinds Kiwi Syslog 9.6.1.6 - Remote Denial of Service Type Mismatch Date: 26/05/2017 Exploit Author: Guillaume Kaddouch Twitter: @gkweb76 Blog: https://networkfilter.blogspot.com GitHub: https://github.com/gkweb76/exploits Vendor Homepage: http://www.solarwinds.com/ Software...
JoySale 2.2.1 - Arbitrary File Upload
JoySale Arbitrary File Upload Exploit Title: JoySale Arbitrary File Upload Exploit Author: Mutlu Benmutlu Date: 1/08/2017 Vendor Homepage: http://www.hitasoft.com/product/joysale-advanced-classifieds-script/ Version: Joysale v2.2.1 latest Google Dork: "joysale-style.css" Tested on : MacOS Sierra...
libvorbis 1.3.5 - Multiple Vulnerabilities
libvorbis multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= The libvorbis package contains a general purpose audio and music encoding format. This is useful for creating encoding and playing decoding sound in an open patent free format. Affecte...
libao 1.2.0 - Denial of Service
libao memory corruption vulnerability ================ Author : qflb.wu =============== Introduction: ============= Libao is a cross-platform audio library that allows programs to output audio using a simple API on a wide variety of platforms. Affected version: ===== 1.2.0 Vulnerability...
Sound eXchange (SoX) 14.4.2 - Multiple Vulnerabilities
Sound eXchange SoX multiple vulnerabilities ================ Author : qflb.wu =============== Introduction: ============= SoX is a cross-platform Windows, Linux, MacOS X, etc. command line utility that can convert various formats of computer audio files in to other formats. It can also apply...
DivFix++ 0.34 - Denial of Service
DivFix++ denial of service vulnerability ================ Author : qflb.wu =============== Introduction: ============= DivFix++ is FREE AVI Video Fix & Preview program. Affected version: ===== v0.34 Vulnerability Description: ========================== the DivFixppCore::aviheaderfix function in...
Vorbis Tools oggenc 1.4.0 - '.wav' Denial of Service
vorbis-tools oggenc vulnerability ================ Author : qflb.wu =============== Introduction: ============= The Vorbis Tools package contains command-line tools useful for encoding, playing or editing files using the Ogg CODEC. Affected version: ===== 1.4.0 Vulnerability Description:...
Jenkins < 1.650 - Java Deserialization
import random import string from decimal import Decimal import requests from requests.exceptions import RequestException Exploit Title: Jenkins CVE-2016-0792 Deserialization Remote Exploit Google Dork: intitle: "Dashboard Jenkins" + "Manage Jenkins" Date: 30-07-2017 Exploit Author: Janusz Piechów...
DiskBoss Enterprise 8.2.14 - Remote Buffer Overflow
!/usr/bin/env python Exploit Title: DiskBoss Enterprise v8.2.14 Remote buffer overflow Date: 2017-07-30 Exploit Author: Ahmad Mahfouz Author Homepage: www.unixawy.com Vendor Homepage: http://www.diskboss.com/ Software Link: http://www.diskboss.com/setups/diskbossentsetupv8.2.14.exe Version: v8.2....