47885 matches found
EyesOfNetwork (EON) 5.0 - SQL Injection
CVE-2017-6088 EON 5.0 Multiple SQL Injection Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. SQL injection authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to inject arbitrary SQL requests. CVE ID: CVE-2017-6088 Access...
EyesOfNetwork (EON) 5.0 - Remote Code Execution
CVE-2017-6087 EON 5.0 Remote Code Execution Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. Remote Code Execution authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to execute arbitrary code. CVE ID: CVE-2017-6087 Access...
Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is allowed to follow symlinks. The default since CVE-2010-0926 is that wide links are...
CouponPHP CMS 3.1 - 'code' SQL Injection
Exploit Title: CouponPHP Script v3.1 - SQL Injection Google Dork: N/A Date: 27.03.2017 Vendor Homepage: http://couponphp.com/ Software: http://couponphp.com/demos Demo: http://newdemo2.couponphp.com Demo: http://newdemo3.couponphp.com Version: 3.1 Tested on: Win7 x64, Kali Linux x64 Exploit Autho...
Tour Package Booking 1.0 - SQL Injection
Exploit Title: Tour Package Booking v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: www.eaglescripts.com/tour-package-booking-script Demo: http://tourbooking.phpscriptsdemo.com/ Version: 1.0 Tested on: Win7 x64, Kali Linux x64 Exploit...
D-Link DCS-936L Network Camera - Cross-Site Request Forgery
Exploit Title: D-Link DCS-936L network camera incomplete/weak CSRF protection vulnerability Date: 26/03/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on DCS-936L with firmware...
Parcel Delivery Booking Script 1.0 - SQL Injection
Exploit Title: Parcel Delivery Booking Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/parcel-delivery-booking-script Demo: http://parceldelivery.phpscriptsdemo.com/ Version: 1.0 Tested on: Win7 x64,...
Microsoft Visual Studio 2015 update 3 - Denial of Service
/ Exploit Title: Microsoft Visual Studio 2015 update 3 – Stack overflow Date: 2017-03-26 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link: https://www.visualstudio.com/thank-you-downloading-visual-studio/?sku=Community&rel=15 Version: Visual Studio 2015...
Delux Same Day Delivery Script 1.0 - SQL Injection
Exploit Title: Delux Same Day Delivery Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/delux-same-day-delivery Demo: http://deluxesameday.logistic-softwares.com/ Version: 1.0 Tested on: Win7 x64, Kali...
Just Another Video Script 1.4.3 - SQL Injection
Exploit Title: Just Another Video Script 1.4.3 - SQL Injection Google Dork: N/A Date: 25.03.2017 Vendor Homepage: http://justanothervideoscript.com/ Software: http://justanothervideoscript.com/demo Demo: http://javsdemo.com/ Version: 1.4.3 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
B2B Marketplace Script 2.0 - SQL Injection
Exploit Title: B2B Marketplace Script v2.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://eaglescripts.com/php-b2b-marketplace-script-v2 Demo: http://demob2b.xyz/ Version: 2.0 Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
Hotel Booking Script 1.0 - SQL Injection
Exploit Title: Hotel & Tour Package Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/hotel-booking-script Demo: http://hotelbooking.phpscriptsdemo.com/ Version: 1.0 Tested on: Win7 x64, Kali Linux x64...
Alibaba Clone Script - SQL Injection
Exploit Title: Alibaba Clone Script - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://b2bbusinessdirectoryscript.com/alibaba-clone-script.html Demo: http://thealidemox.com Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author:...
Courier Tracking Software 6.0 - SQL Injection
Exploit Title: Courier Tracking Software v6.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/courier-tracking-software-ver-6 Demo: http://courierv6.couriersoftwares.com/ Version: 6.0 Tested on: Win7 x64, Kali Lin...
Php Real Estate Property Script - SQL Injection
Exploit Title: Real Estate Property Pro Script - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/php-property-portal-script Demo: http://realpro.phpscriptsdemo.com/ Version: Pro Tested on: Win7 x64, Kali Linux x64...
Adult Tube Video Script - SQL Injection
Exploit Title: Adult Tube Video Script - SQL Injection Google Dork: N/A Date: 25.03.2017 Vendor Homepage: http://www.boysofts.com/ Software: http://www3.boysofts.com/xxx/freeadultvideotubescript.zip Demo: http://www.boysofts.com/2013/12/free-adult-tube-video-script.html Version: N/A Tested on: Wi...
Fortinet FortiClient 5.2.3 (Windows 10 x64 Post-Anniversary) - Local Privilege Escalation
/ Check these out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf - https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/ Tested on: - Windows 10 Pro x64 Post-Anniversary - ntoskrnl.exe: 10.0.14393.953 - FortiShield.sys: 5.2.3.633 Thanks to...
Fortinet FortiClient 5.2.3 (Windows 10 x64 Pre-Anniversary) - Local Privilege Escalation
/ Check this out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf Tested on: - Windows 10 Pro x64 Pre-Anniversary - hal.dll: 10.0.10240.16384 - FortiShield.sys: 5.2.3.633 Thanks to master @ryujin and @ronin for helping out. / include include...
Linux/x86 - Reverse /bin/bash Shellcode (110 bytes)
Linux/x86 - Reverse /bin/bash Shellcode 110 bytes. Shellcode exploit for Linx86 platform / ; File name: reversebash.nasm ; Author: Jasmin Landry @JR0ch17 ; Purpose: Shellcode that creates a reverse /bin/bash shell on port 54321 to IP address 192.168.3.119 ; To change ; Shellcode length: 110 bytes...
Miele Professional PG 8528 - Directory Traversal
Title: ====== Miele Professional PG 8528 - Web Server Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-7240 Risk Information: ================= Risk Factor: Medium CVSS Base Score: 5.0 CVSS Vector: CVSS2AV:N/AC:L/Au:N/C:P/I:N/A:N...
Netgear WNR2000v5 - 'hidden_lang_avi' Remote Stack Overflow (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlangavi Stack Overflow', 'Description' = %q The NETGEAR WNR2000 router h...
Logsign 4.4.2/4.4.137 - Remote Command Injection (Metasploit)
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Logsign Remote Command Injection', 'Description' = %q This module exploits an command injection vulnerability in Logsign. By exploiting this...
Gr8 Tutorial Script - SQL Injection
Exploit Title: Gr8 Tutorial Script - SQL Injection Google Dork: N/A Date: 24.03.2017 Vendor Homepage: http://gr8script.com/ Software: http://gr8script.com/gr8tutorialscript.php Demo: http://www.gr8script.com/gr8tutorial/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Senca...
Gr8 Gallery Script - SQL Injection
Exploit Title: Gr8 Gallery Script - SQL Injection Google Dork: N/A Date: 24.03.2017 Vendor Homepage: http://gr8script.com/ Software: http://gr8script.com/gr8gallery.php Demo: http://www.gr8script.com/gr8gallery/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan Sencan Author...
A Red Teamer’s guide to pivoting
A Red Teamer’s guide to pivoting A Red Teamer's guide to pivoting Penetration testers often traverse logical network boundaries in order to gain access to client’s critical infrastracture. Common scenarios include developing the attack into the internal network after successful perimeter breach o...
Flippa Clone - SQL Injection
Exploit Title: Flippa Clone - SQL Injection Google Dork: N/A Date: 23.03.2017 Vendor Homepage: http://www.snobscript.com/ Software: http://www.snobscript.com/downloads/flippa-clone/ Demo: http://flippaportal.scriptfirm.com/ Version: N/A Tested on: Win7 x64, Kali Linux x64 Exploit Author: Ihsan...
EMC Replication Manager < 5.3 - Command Execution (Metasploit)
EMC Replication Manager 5.3 - Command Execution Metasploit. CVE-2011-0647. Local exploit for Windows platform...
wifirxpower - Local Buffer Overflow (PoC)
Title: wifirxpower - Local Stack Based Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A Vendor: =============== https://github.com/cnlohr/wifirxpower Download:...
Disk Sorter Enterprise 9.5.12 - 'GET' Remote Buffer Overflow (SEH)
!/usr/bin/env python Exploit Title: DiskSorter Enterprise 9.5.12 - 'GET' Remote buffer overflow SEH Date: 2017-03-22 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.disksorter.com Software Link:...
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Solare Datensysteme GmbH Solar-Log 250/300/500/800e/1000/1000 PM+/1200/2000 vulnerable version: Firmware 2.8.4-56 / 3.5.2-85 fixed...
SpyCamLizard 1.230 - Denial of Service
import socket import sys author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: SpyCamLizard SC liz v1.230 Remote Buffer Overflow ZeroDay Date: 2017.03.22 Exploit Author: Greg Priest Version: SpyCamLizard v1.230 Tested on: Windows7 x64 HUN/ENG...
GLink Word Link Script 1.2.3 - SQL Injection
Exploit Title: GLink Word Link Script v1.2.3 - SQL Injection Google Dork: N/A Date: 22.03.2017 Vendor Homepage: http://www.tufat.com/ Software: http://www.tufat.com/wp-content/uploads/sites/4/2015/zips/script131.zip Demo: http://www.tufat.com/glink-word-link-script/ Version: 1.2.3 Tested on: Win7...
Joomla! Component Modern Booking 1.0 - 'coupon' SQL Injection
Exploit Title: Joomla Modern Booking - SQL Injection Author: Hamed Izadi IRAN Vendor Homepage : https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/modern-booking/ Vendor Homepage : https://www.unikalus.com/ Category: Webapps Tested on: Ubuntu Versions: 1.0...
Linux Kernel 3.11 < 4.8 0 - 'SO_SNDBUFFORCE' / 'SO_RCVBUFFORCE' Local Privilege Escalation
// CAPNETADMIN - root LPE exploit for CVE-2016-9793 // No KASLR, SMEP or SMAP bypass included // Affected kernels: 3.11 - 4.8 // Tested in QEMU only // https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793 // // Usage: // gcc -pthread exploit.c -o exploit // chown guest:guest exploit...
Joomla! Component Extra Search 2.2.8 - 'establename' SQL Injection
Exploit Title: Joomla! Component Extra Search v2.2.8 - SQL Injection Google Dork: N/A Date: 21.03.2017 Vendor Homepage: http://www.joomlaboat.com/ Software: http://www.joomlaboat.com/extra-search Demo: http://www.joomlaboat.com/ Version: 2.2.8 Tested on: Win7 x64, Kali Linux x64 Exploit Author:...
Microsoft Windows - Uniscribe Font Processing Out-of-Bounds Read in usp10!otlChainRuleSetTable::rule (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1019 We have encountered a crash in the Windows Uniscribe user-mode library, in the usp10!otlChainRuleSetTable::rule function, while trying to display text using a corrupted TTF font file: --- 4464.11b4: Access violation - code...
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Read/Write in 'USP10!AssignGlyphTypes' (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1023 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!AssignGlyphTypes function, while trying to display text using a corrupted font file: --- 58d0.5ae4: Access violation - code c0000005 first...
Microsoft Windows - Uniscribe Font Processing Heap Out-of-Bounds Write in 'USP10!UpdateGlyphFlags' (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1028 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!UpdateGlyphFlags function, while trying to display text using a corrupted font file: --- 5268.3b50: Access violation - code c0000005 first...
Microsoft Color Management Module 'icm32.dll' - 'icm32!Fill_ushort_ELUTs_from_lut16Tag' Out-of-Bounds Read (MS17-013)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1052 We have encountered a crash in the Windows Color Management library icm32.dll, in the icm32!FillushortELUTsfromlut16Tag function, while trying to display a TIFF image with a malformed embedded color profile: --- 7c1c.93b0:...
Microsoft Windows Kernel - Registry Hive Loading Crashes in nt!nt!HvpGetBinMemAlloc / nt!ExpFindAndRemoveTagBigPages (MS17-017)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=993 We have encountered Windows kernel crashes in the internal nt!nt!HvpGetBinMemAlloc and nt!ExpFindAndRemoveTagBigPages functions while loading corrupted registry hive files. We believe both crashes to be caused by the same bug...
phplist 3.2.6 - SQL Injection
Introduction Affected Product: phplist 3.2.6 Fixed in: 3.3.1 Fixed Version Link: https://sourceforge.net/projects/phplist/files/phplist/3.3.1/phplist-3.3.1.zip/download Vendor Website: https://www.phplist.org/ Vulnerability Type: SQL Injection Remote Exploitable: Yes Reported to vendor:...
D-Link DGS-1510 - Multiple Vulnerabilities
================ get-user-info.py ================ import re import os.path import urllib2 import base64 import gzip import zlib from StringIO import StringIO from io import BytesIO def makerequests: """Calls request functions sequentially.""" response = None responseText = None...
Microsoft Windows - Uniscribe Heap Out-of-Bounds Read in 'USP10!ScriptApplyLogicalWidth' Triggered via EMF (MS17-013)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1053 We have encountered a crash in the Windows Uniscribe user-mode library, in the USP10!ScriptApplyLogicalWidth function, while trying to display a malformed EMF file: --- 920c.9190: Access violation - code c0000005 first chance...
Joomla! Component JooCart 2.x - 'product_id' SQL Injection
Exploit Title: Joomla! Component JooCart Joomla OpenCart Integration v2.x - SQL Injection Google Dork: N/A Date: 20.03.2017 Vendor Homepage: http://soft-php.com Software: https://www.opencart.com/index.php?route=marketplace/extension/info&extensionid=4478 Demo: http://demo.soft-php.com Version: 2...
Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE
Exploit Title: Google Nest Cam - Multiple Buffer Overflow Conditions Over Bluetooth LE Reported to Google: October 26, 2016 Public Disclosure: March 17, 2017 Exploit Author: Jason Doyle @jasondoyle Vendor Homepage: https://nest.com/ Affected: Dropcam, Dropcam Pro, Nest Cam Indoor/Outdoor models ...
Microsoft Internet Explorer 11 - 'textarea.defaultValue' Memory Disclosure (MS17-006)
function run var textarea = document.getElementById"textarea"; var frame = document.createElement"iframe"; textarea.appendChildframe; frame.contentDocument.onreadystatechange = eventhandler; form.reset; function eventhandler document.getElementById"textarea".defaultValue = "foo"; alert"Text value...
Mozilla Firefox - 'table' Use-After-Free
body display: table function freememory try fuzzPriv.forceGC; catcherr alert'Please install domFuzzLite3'; function go var s = document.getSelection; window.find"1",true,false,true,false; s.modify"extend","forward","line"; document.body.appenddocument.createElement"table"; freememory uZ1CqnaASOkr...
Microsoft Windows - Uniscribe Font Processing Heap Memory Corruption in 'USP10!MergeLigRecords' (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1026&desc=2 We have encountered a crash in the Windows Uniscribe user-mode library, in the memcpy function called by USP10!MergeLigRecords, while trying to display text using a corrupted font file: --- 2bd0.637c: Access violation -...
ExtraPuTTY 0.29-RC2 - Denial of Service
Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EXTRAPUTTY-TFTP-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ================== www.extraputty.com Product: ====================== ExtraPuTTY - v029RC2 hash:...
Microsoft Windows - Uniscribe Font Processing Heap Buffer Overflow in 'USP10!ttoGetTableData' (MS17-011)
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1027 We have encountered a crash in the Windows Uniscribe user-mode library, in an unnamed function called by USP10!ttoGetTableData, while trying to display text using a corrupted font file: --- 46ac.5f40: Access violation - code...