47904 matches found
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
Cisco Catalyst 2960 IOS 12.255SE1 - 'ROCEM' Remote Code Execution. CVE-2017-3881. Remote exploit for Hardware platform !/usr/bin/python Author: Artem Kondratenko @artkond import socket import sys from time import sleep setcredless = True if lensys.argv 3: print sys.argv0 + ' host --set/--unset'...
Cisco Catalyst 2960 IOS 12.2(55)SE1 - 'ROCEM' Remote Code Execution
!/usr/bin/python Author: Artem Kondratenko @artkond import socket import sys from time import sleep setcredless = True if lensys.argv 3: print sys.argv0 + ' host --set/--unset' sys.exit elif sys.argv2 == '--unset': setcredless = False elif sys.argv2 == '--set': pass else: print sys.argv0 + ' host...
Solaris 7 < 11 (SPARC/x86) - 'EXTREMEPARR' dtappgather Privilege Escalation
!/bin/ksh Exploit PoC reverse engineered from EXTREMEPARR which provides local root on Solaris 7 - 11 x86 & SPARC. Uses a environment variable of setuid binary dtappgather to manipulate file permissions and create a user owned directory anywhere on the system as root. Can then add a shared object...
Cisco Catalyst 2960 IOS 12.2(55)SE11 - 'ROCEM' Remote Code Execution
!/usr/bin/python Exploit Title: Cisco Catalyst 2960 - Buffer Overflow Exploit Details: https://artkond.com/2017/04/10/cisco-catalyst-remote-code-execution/ Date: 04.10.2017 Exploit Author: https://twitter.com/artkond Vendor Homepage: https://www.cisco.com/ Version: IOS version...
MyClassifiedScript 5.1 - SQL Injection
Exploit Title: Classified Portal Software 5.1 - SQL Injection Google Dork: N/A Date: 11.04.2017 Vendor Homepage: http://www.myclassifiedscript.com/ Software: http://www.myclassifiedscript.com/demo.html Demo: http://www.clpage.com/ Version: 5.1 Tested on: Win7 x64, Kali Linux x64 Exploit Author:...
Apple WebKit - 'JSC::SymbolTableEntry::isWatchable' Heap Buffer Overflow
function x = 0 var a; function arguments function b var g = 1; a5; f; g; ; , unsigned int, unsigned int webkit/WebKitBuild/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0x15fcc73 4 0x10c2901ea in JSC::ScriptExecutable::...
Apple WebKit - 'Document::adoptNode' Use-After-Free
var s = document.body.appendChilddocument.createElement'script'; s.type = '0'; s.textContent = 'document.body.appendChildparent.i0'; var i0 = s.appendChilddocument.createElement'iframe'; s.type = ''; var f = document.body.appendChilddocument.createElement'iframe'; f.contentDocument.adoptNodei0;...
Apple WebKit / Safari 10.0.3 (12602.4.8) - Universal Cross-Site Scripting via a Focus Event and a Link Element
child = mfirstChild removeBetweennullptr, child-nextSibling, child; notifyChildNodeRemovedthis, child; If the location hash value is set, the page will give focus to the associated element. However, if there is a stylesheet that has not been loaded yet, the focusing will be delayed until the...
Brother MFC-J6520DW - Authentication Bypass / Password Change
ASCII hex -- md5 e.g. AuthCookie=c243a9ee18a9327bfd419f31e75e71c7 for 'test' password This information can be used to crack current password from exported cookie. Fix: Minimize network access to Brother MFC device or disable HTTPS interface. Confirmed vulnerable: MFC-J6973CDW MFC-J4420DW MFC-8710...
Horde Groupware Webmail 3/4/5 - Multiple Remote Code Executions
Source: https://blogs.securiteam.com/index.php/archives/3107 Vulnerabilities Summary The following advisory describes two 2 vulnerabilities found in Horde Groupware Webmail. Horde Groupware Webmail Edition is a free, enterprise ready, browser based communication suite. Users can read, send and...
Xen - Broken Check in 'memory_exchange()' Permits PV Guest Breakout
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1184 This bug report describes a vulnerability in memoryexchange that permits PV guest kernels to write to an arbitrary virtual address with hypervisor privileges. The vulnerability was introduced through a broken fix for...
MyBB smilie Module < 1.8.11 - 'pathfolder' Directory Traversal
Description: ============ product: MyBB Homepage: https://mybb.com/ vulnerable version: input'pathfolder'; Line 327 $dir = @opendirMYBBROOT.$path; if we input "pathfolder" to "../../bypass/smile",Directory Traversal success! ============ Fixed: ============ This vulnerability was fixed in version...
Apple WebKit - 'JSC::B3::Procedure::resetReachability' Use-After-Free
function for var i = 0; i 1000000; ++i const v = Array & 1 ? v : 1; typeof o = 'object'; ; !-- Asan Log: ================================================================= ==32191==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000099738 at pc 0x000106c7af16 bp 0x700006a57850 sp...
Proxifier for Mac 2.18 - Multiple Vulnerabilities
Source: https://www.securify.nl/advisory/SFY20170401/multiplelocalprivilegeescalationvulnerabilitiesinproxifierformac.html Abstract Multiple local privileges escalation vulnerabilities were found in the KLoader binary that ships with Proxifier. KLoader is responsible for loading a Kernel Extensio...
FAQ Script 3.1.3 - 'category_id' SQL Injection
Exploit Title: FAQ Script 3.1.3 - SQL Injection Google Dork: N/A Date: 11.04.2017 Vendor Homepage: http://www.phponly.com/ Software: http://www.phponly.com/faq.html Demo: http://www.phponly.com/demo/faq/ Version: 3.1.3 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan Author Web:...
Apple WebKit / Safari 10.0.3 (12602.4.8) - Synchronous Page Load Universal Cross-Site Scripting
URL scriptURL; URL url; if protocolIsJavaScripturlString scriptURL = completeURLurlString; // completeURL encodes the URL. url = blankURL; else url = completeURLurlString; if shouldConvertInvalidURLsToBlank && !url.isValid url = blankURL; Frame frame = loadOrRedirectSubframeownerElement, url,...
Social Directory Script 2.0 - SQL Injection
Exploit Title: Social Directory Script 2.0 - SQL Injection Google Dork: N/A Date: 11.04.2017 Vendor Homepage: http://www.phponly.com/ Software: http://www.phponly.com/Social-Directory.html Demo: http://www.phponly.com/demo/link/ Version: 2.0 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihs...
Proxifier for Mac 2.17/2.18 - Privesc Escalation
Source: https://m4.rkw.io/blog/cve20177643-local-root-privesc-in-proxifier-for-mac--218.html Proxifier 2.18 also 2.17 and possibly some earlier version ships with a KLoader binary which it installs suid root the first time Proxifier is run. This binary serves a single purpose which is to load and...
MyBB < 1.8.11 - 'email' MyCode Cross-Site Scripting
Description: ============ product:MyBB Homepage:https://mybb.com/ vulnerable version:1.8.11 Severity:High risk =============== Proof of Concept: ============= 1.post a thread or reply any thread ,write: email=2"onmouseover="alertdocument.locationhover me/email then when user’s mouse hover it,XSS...
WordPress Plugin Spider Event Calendar 1.5.51 - Blind SQL Injection
============================================= MGC ALERT 2017-003 - Original release date: April 06, 2017 - Last revised: April 10, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score ============================================= I. VULNERABILITY -----------------------...
Moxa MXview 2.8 - Private Key Disclosure
Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-REMOTE-PRIVATE-KEY-DISCLOSURE.txt + ISR: APPARITIONSEC Vendor: ============ www.moxa.com Product: =========== MXview V2.8 Download:...
Moxa MX AOPC-Server 1.5 - XML External Entity Injection
Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MX-AOPC-SERVER-v1.5-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product: ======================= MX-AOPC UA SERVER - 1.5 Moxa's MX-AOPC...
Moxa MXview 2.8 - Denial of Service
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOXA-MXVIEW-v2.8-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ============ www.moxa.com Product: =========== MXView v2.8 Download:...
Quest Privilege Manager 6.0.0 - Arbitrary File Write
!/usr/bin/env python2 """ Exploit Title: Quest Privilege Manager pmmasterd Arbitrary File Write Date: 10/Mar/2017 Exploit Author: m0t Vendor Homepage: https://www.quest.com/products/privilege-manager-for-unix/ Version: 6.0.0-27, 6.0.0-50 Tested on: ubuntu 14.04 x8664, ubuntu 16.04 x86, ubuntu 12....
Jobscript4Web 4.5 - Authentication Bypass
---------------- Title = Jobscript4Web 4.5 - Authentication Bypass Date = 8/4/2017 Soft = http://www.jobscript4web.com/index.html liVE Demo = http://www.simplejobs.co.in/soft4u --------------- AutHor = TurkCyberArmy --------------- Bizler Turk siber ordusu bunyesinde goreve basladik. Dosta guven...
Sony Playstation 4 (PS4) 3.50 < 4.07 - WebKit Code Execution (PoC)
PS4 4.0x Code Execution ============== This repo is my edit of the 4.0x webkit exploit released by qwertyoruiopz. The edit re-organizes, comments, and adds portability across 3.50 - 4.07 3.50, 3.55, 3.70, 4.00, and of course 4.06/4.07. The commenting and reorganization was mostly for my own...
Adobe (Multiple Products) - XML Injection File Content Disclosure
!/bin/bash Exploit Title: Adobe XML Injection file content disclosure Date: 07-04-2017 Exploit Author: Thomas Sluyter Website: https://www.kilala.nl Vendor Homepage: http://www.adobe.com/support/security/bulletins/apsb10-05.html Version: Multiple Adobe products Tested on: Windows Server 2003,...
WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting
alert1" !-- In a real attack, forms can be submitted automatically and spear-phishing attacks can be convincing. Mitigations ================ Disable the plugin until a new version is released that fixes this bug. Disclosure policy ================ dxw believes in responsible disclosure. Your...
QNAP TVS-663 QTS < 4.2.4 build 20170313 - Command Injection
QNAP QTS multiple RCE vulnerabilities ===================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt Overview -------- QNAP QTS firmware contains multiple Command Injection CWE-77 vulnerabilities...
e107 CMS 2.1.4 - Cross-Site Request Forgery
...
WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery
2.6 realease --...
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
====== Software: WordPress WHIZZ Version: active or disactive plugins: Mitigations ================ Disable the plugin until a new version is released that fixes this bug. FIX: ========== https://wordpress.org/plugins/whizz/ 1.1.1 changelog-Specifically...
Ladder System 6.0 - 'faqid' SQL Injection
Exploit Title: My Gaming Ladder System 6.0 - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: http://www.mygamingladder.com/ Software: http://www.mygamingladder.com/ladder.shtml Demo: http://www.ladder.tf2.co.za/ Version: 6.0 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihs...
Calendar Template 2.0 - 'editid1' SQL Injection
Exploit Title: Calendar v2.0 for ASPRunnerPro/PHPRunner/ASPRunner.NET. - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/templates/calendar/index.htm Demo: https://xlinesoft.com/livedemo/calendar/ Version: 2.0 Tested on: Win7...
Quiz Template 1.0 - 'testid' SQL Injection
Exploit Title: Quiz Template v1.0 for ASPRunnerPro/PHPRunner. - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/marketplace/productsview.php?editid1=2 Demo: https://xlinesoft.com/livedemo/quiz/ Version: 1.0 Tested on: Win7 x6...
My Gaming Ladder Combo System 7.5 - SQL Injection
Exploit Title: My Gaming Ladder Combo System 7.5 - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: http://www.mygamingladder.com/ Software: http://www.mygamingladder.com/demos.shtml Demo: http://www.mygamingladder.com/upgrade/combo/ Version: 7.5 Tested on: Win7 x64, Kali Linux x6...
Survey Template 1.1 - 'masterkey1' SQL Injection
Exploit Title: Survey Template v1.1 for ASPRunnerPro,PHPRunner. - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/marketplace/productsview.php?editid1=3 Demo: https://xlinesoft.com/livedemo/survey/ Version: 1.1 Tested on: Win...
Shopping Cart Template - 'item' SQL Injection
Exploit Title: Shopping Cart Template v1.0 for ASPRunnerPro/PHPRunner. - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/templates/shoppingcart/index.htm Demo: https://xlinesoft.com/livedemo/shopcart/ Version: 1.0 Tested on:...
Forum Template 1.0 - SQL Injection
Exploit Title: Forum Template v1.0 for ASPRunnerPro/PHPRunner/ASPRunner.NET. - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/marketplace/productsview.php?editid1=9 Demo: https://xlinesoft.com/livedemo/forum/ Version: 1.0...
Invoice Template - 'hash' SQL Injection
Exploit Title: Invoice Template v1.0 for PHPRunner/ASPRunnerPro/ASPRunner.NET. - SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/invoice Demo: https://xlinesoft.com/livedemo/invoice/livedemo1/ Version: 1.0 Tested on: Win7 x64...
Intellinet NFC-30IR Camera - Multiple Vulnerabilities
Bitcrack Cyber Security - BitLabs Advisory http://www.bitcrack.net Multiple Vulnerabilities in Intellinet NFC-30IR Network Cameras ADVISORY -------- Title: Local File Inclusion in CGI-SCRIPT & Hard-Coded Manufacturer Backdoor Advisory ID: BITL-17-001 Date published: 2017-04-05 Date of last update...
Document Management Template - 'hash' SQL Injection
Exploit Title: Document Management Template v1.0 for PHPRunner 8.x,ASPRunnerPro 9.x,ASPRunner.NET 8.x or better.- SQL Injection Google Dork: N/A Date: 07.04.2017 Vendor Homepage: https://xlinesoft.com/ Software: https://xlinesoft.com/docmanager Demo: https://xlinesoft.com/livedemo/docmanager/...
D-Link DWR-116 / DWR-116A1 - Arbitrary File Download
Title: D-Link DWR-116 Arbitrary File Download Vendor: D-Link www.dlink.com Affected models: DWR-116 / DWR-116A1 Tested on: V1.01EU, V1.00CPb10, V1.05AU CVE: CVE-2017-6190 Date: 04.07.2016 Author: Patryk Bogdan @patrykbogdan Description: D-Link DWR-116 with firmware before V1.05b09 suffers from...
Windows 10 x64 - Egghunter Shellcode (45 bytes)
Windows 10 x64 - Egghunter Shellcode 45 bytes. Shellcode exploit for Winx86-64 platform PUBLIC Win10egghunterx64 .code Win10egghunterx64 PROC start: push 7fh pop rdi ; RDI is nonvolatile, so it will be preserved after syscalls setup: inc rdi ; parameter 1 - lpAddress - counter mov r9b,40h ;...
Moodle 2.x/3.x - SQL Injection
Exploit: Moodle SQL Injection via Object Injection Through User Preferences Date: April 6th, 2017 Exploit Author: Marko Belzetski Contact: [email protected] Vendor Homepage: https://moodle.org/ Version: 3.2 to 3.2.1, 3.1 to 3.1.4, 3.0 to 3.0.8, 2.7.0 to 2.7.18 and other unsupported versio...
Cesanta Mongoose OS - Use-After-Free
COMPASS SECURITY ADVISORY https://www.compass-security.com/en/research/advisories/ Product: Mongoose OS Vendor: Cesanta CVE ID: CVE-2017-7185 CSNC ID: CSNC-2017-003 Subject: Use-after-free / Denial of Service Risk: Medium Effect: Remotely exploitable Authors: Philipp Promeuschel Carel van Rooyen...
Faveo Helpdesk Community 1.9.3 - Cross-Site Request Forgery
Exploit Title: CSRF / Privilege Escalation Manipulation of Role Agent to Admin on Faveo version Community 1.9.3 Google Dork: no Date: 05-April-2017 Exploit Author: @runggareksya, @yokoacc, @AdyWikradinata, @dickysofficial, @dvnrcy Vendor Homepage: http://www.faveohelpdesk.com/ Software Link:...
SpiceWorks 7.5 TFTP - Remote File Overwrite / Upload
Credits: John Page AKA HYP3RLINX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPICEWORKS-IMPROPER-ACCESS-CONTROL-FILE-OVERWRITE.txt + ISR: APPARITIONSEC Vendor: ================== www.spiceworks.com Product: ================= Spiceworks - 7.5 Provides...
Appointment Script - SQL Injection
Exploit Title: Doctors Appointment Script - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://appointment-script.com/ Software: http://appointment-script.com/demo Demo: http://appointment-script.com/demo Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
Airbnb Crashpadder Clone Script - SQL Injection
Exploit Title: Airbnb Crashpadder Clone Script - SQL Injection Google Dork: N/A Date: 05.04.2017 Vendor Homepage: http://bimedia.info/ Software: http://bimedia.info/airbnb-premium-clone-script/ Demo: http://airbnb.clonedemo.com/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihs...