47904 matches found
Sony Playstation 4 (PS4) < 7.02 - 'ValidationMessage::buildBubbleTree()' Use-After-Free WebKit Code Execution (PoC)
const OFFSETELEMENTREFCOUNT = 0x10; const OFFSETJSABVIEWVECTOR = 0x10; const OFFSETJSABVIEWLENGTH = 0x18; const OFFSETLENGTHSTRINGIMPL = 0x04; const OFFSETHTMLELEMENTREFCOUNT = 0x14; const LENGTHARRAYBUFFER = 0x8; const LENGTHSTRINGIMPL = 0x14; const LENGTHJSVIEW = 0x20; const...
Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting
Exploit Title: Grav CMS 1.6.30 Admin Plugin 1.9.18 - 'Page Title' Persistent Cross-Site Scripting Date: 13-12-2020 Exploit Author: Sagar Banwa Vendor Homepage: https://getgrav.org/ Software Link: https://getgrav.org/downloads Version: Grav v1.6.30 - Admin v1.9.18 Tested on: Windows 10/Kali Linux...
GitLab 11.4.7 - Remote Code Execution (Authenticated)
Exploit Title: GitLab 11.4.7 Authenticated Remote Code Execution No Interaction Required Date: 15th December 2020 Exploit Author: Mohin Paramasivam Shad0wQu35t Software Link: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested on...
Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal (2)
Exploit Title: Cisco ASA 9.14.1.10 and FTD 6.6.0.1 - Path Traversal 2 Date: 12 Dec 2020 Exploit Author: [email protected] Vendor Homepage: cisco.com Software Link: It’s against Hardware, specifically ASA’s and FTD’s Version: ASAs from version 9.6 to 9.14.1.10 and FTD’s versions 6.2.3 to...
libbabl 0.1.62 - Broken Double Free Detection (PoC)
Exploit Title: libbabl 0.1.62 - Broken Double Free Detection PoC Date: December 14, 2020 Exploit Author: Carter Yagemann Vendor Homepage: https://www.gegl.org Software Link: https://www.gegl.org/babl/ Version: libbabl 0.1.62 and newer Tested on: Debian Buster Linux 4.19.0-9-amd64 Compile: gcc...
Online Marriage Registration System (OMRS) 1.0 - Remote Code Execution (2)
Exploit Title: Online Marriage Registration System OMRS 1.0 - Remote Code Execution Authenticated Google Dork: N/A Date: 2020-14-12 Exploit Author: Andrea Bruschi - www.andreabruschi.net Vendor Homepage: https://phpgurukul.com/ Software Link:...
Solaris SunSSH 11.0 x86 - libpam Remote Root
Exploit Title: Solaris SunSSH 11.0 x86 - libpam Remote Root Exploit Author: Hacker Fantastic Vendor Homepage: https://www.oracle.com/solaris/technologies/solaris11-overview.html Version: 11 Tested on: SunOS solaris 5.11 11.0 / SunSSH Solaris 10-11.0 x86 libpam remote root exploit CVE-2020-14871...
Task Management System 1.0 - 'page' Local File Inclusion
Exploit Title: Task Management System 1.0 - 'page' Local File Inclusion Exploit Author: İsmail BOZKURT Date: 2020-12-15 Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection
Exploit Title: LibreNMS 1.46 - MAC Accounting Graph Authenticated SQL Injection Google Dork: Unknown Date: 13-12-2020 Exploit Author: Hodorsec Vendor Homepage: https://www.librenms.org Software Link: https://github.com/librenms/librenms Update notice:...
Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS
Exploit Title: Jenkins 2.235.3 - 'X-Forwarded-For' Stored XSS Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: '. To understand how remote build trigger works, have a look at this post:...
Seacms 11.1 - 'checkuser' Stored XSS
Exploit Title: Seacms 11.1 - 'checkuser' Stored XSS Date: 20201212 Exploit Author: j5s Vendor Homepage: https://www.seacms.net/ Software Link: https://www.seacms.net/ Version: 11.1 POST /SEACMS111/5f9js3/adminsafe.php?action=setting HTTP/1.1 Host: 192.168.137.139 User-Agent: Mozilla/5.0 Windows N...
Seacms 11.1 - 'ip and weburl' Remote Command Execution
Exploit Title: Seacms 11.1 - 'ip and weburl' Remote Command Execution Date: 20201212 Exploit Author: j5s Vendor Homepage: https://www.seacms.net/ Software Link: https://www.seacms.net/ Version: 11.1 POST /SeaCMS111/5f9js3/adminip.php?action=set HTTP/1.1 Host: 192.168.137.139 User-Agent: Mozilla/5...
MiniWeb HTTP Server 0.8.19 - Buffer Overflow (PoC)
Exploit Title: MiniWeb HTTP Server 0.8.19 - Buffer Overflow PoC Date: 13.12.2020 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://sourceforge.net/projects/miniweb/ Software Link:...
Rukovoditel 2.6.1 - Cross-Site Request Forgery (Change password)
Exploit Title: Rukovoditel 2.6.1 - Cross-Site Request Forgery Change password Date: 2020-12-14 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 Tested on: Kali Linux...
Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation
Exploit Title: Macally WIFISD2-2A82 2.000.010 - Guest to Root Privilege Escalation Date: 03.12.2020 Exploit Author: Maximilian Barz and Daniel Schwendner Vendor Homepage: https://us.macally.com/products/wifisd2 Version: 2.000.010 Tested on: Kali Linux 5.7.0-kali1-amd64 CVE : CVE-2020-29669...
Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS
Exploit Title: Rumble Mail Server 0.51.3135 - 'domain and path' Stored XSS Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version 0.51.3135...
GitLab 11.4.7 - Remote Code Execution (Authenticated) (1)
Exploit Title: Gitlab 11.4.7 - Remote Code Execution Date: 14-12-2020 Exploit Author: Fortunato Lodari fox at thebrain dot net, foxlox Vendor Homepage: https://about.gitlab.com/ POC: https://liveoverflow.com/gitlab-11-4-7-remote-code-execution-real-world-ctf-2018/ Tested On: Debian 10 +...
Rumble Mail Server 0.51.3135 - 'servername' Stored XSS
Exploit Title: Rumble Mail Server 0.51.3135 - 'servername' Stored XSS Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version 0.51.3135 Tested...
Rumble Mail Server 0.51.3135 - 'username' Stored XSS
Exploit Title: Rumble Mail Server 0.51.3135 - 'username' Stored XSS Date: 2020-9-3 Exploit Author: Mohammed Alshehri Vendor Homepage: http://rumble.sf.net/ Software Link: https://sourceforge.net/projects/rumble/files/Windows%20binaries/rumble0.51.3135-setup.exe Version: Version 0.51.3135 Tested o...
Seacms 11.1 - 'file' Local File Inclusion
Exploit Title: Seacms 11.1 - 'file' Local File Inclusion Date: 20201212 Exploit Author: j5s Vendor Homepage: https://www.seacms.net/ Software Link: https://www.seacms.net/ Version: 11.1 GET /SEACMS111/5f9js3/adminsafe.php?action=download&file=C:/windows/system.ini HTTP/1.1 Host: 192.168.137.139...
System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path
Exploit Title: System Explorer 7.0.0 - 'SystemExplorerHelpService' Unquoted Service Path Date: 2020-10-14 Exploit Author: Mohammed Alshehri Vendor Homepage: http://systemexplorer.net/ Software Link: http://systemexplorer.net/download/SystemExplorerSetup.exe Version: Version 7.0.0 Tested on:...
WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download
Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...
Supply Chain Management System - Auth Bypass SQL Injection
Exploit Title: Supply Chain Management System - Auth Bypass SQL Injection Date: 2020-12-11 Exploit Author: Piyush Malviya Vendor Homepage: https://www.sourcecodester.com/php/14619/supply-chain-management-system-phpmysqli-full-source-code.html Software Link:...
Rukovoditel 2.6.1 - RCE (1)
Exploit Title: Rukovoditel 2.6.1 - RCE Date: 2020-06-11 Exploit Author: coiffeur Write Up: https://therealcoiffeur.github.io/c1010 Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php Version: v2.6.1 CVE: CVE-2020-11819 set -e function usage echo...
Jenkins 2.235.3 - 'Description' Stored XSS
Exploit Title: Jenkins 2.235.3 - 'Description' Stored XSS Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: = 2.251 and = LTS 2.235.3 Tested on: any CVE : CVE-2020-2230 References:...
Openfire 4.6.0 - 'groupchatJID' Stored XSS
Exploit Title: Openfire 4.6.0 - 'groupchatJID' Stored XSS Date: 2020/12/11 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/bookmarks/create-bookmark.jsp HTTP/1.1 Host:...
Openfire 4.6.0 - 'sql' Stored XSS
Exploit Title: Openfire 4.6.0 - 'sql' Stored XSS Date: 20201211 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/dbaccess/db-access.jsp HTTP/1.1 Host: 192.168.137.137:9090...
Openfire 4.6.0 - 'users' Stored XSS
Exploit Title: Openfire 4.6.0 - 'users' Stored XSS Date: 2020/12/11 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/bookmarks/create-bookmark.jsp HTTP/1.1 Host: 192.168.137.137:90...
Courier Management System 1.0 - 'ref_no' SQL Injection
Exploit Title: Courier Management System 1.0 - 'refno' SQL Injection Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
Courier Management System 1.0 - 'MULTIPART street ((custom) ' SQL Injection
Exploit Title: Courier Management System 1.0 - 'MULTIPART street ' SQL Injection Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
Courier Management System 1.0 - 'First Name' Stored XSS
Exploit Title: Courier Management System 1.0 - 'First Name' Stored XSS Exploit Author: Zhaiyi Zeo Date: 2020-12-11 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
Dolibarr 12.0.3 - SQLi to RCE
Exploit Title: Dolibarr 12.0.3 - SQLi to RCE Date: 2/12/2020 Exploit Author: coiffeur Write Up: https://therealcoiffeur.github.io/c10010, https://therealcoiffeur.github.io/c10011 Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads.php,...
Medical Center Portal Management System 1.0 - Multiple Stored XSS
Exploit Title: Medical Center Portal Management System 1.0 - Multiple Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-10 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14594/medical-center-portal-management-system.html Software Link:...
Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting
Exploit Title: Jenkins 2.235.3 - 'tooltip' Stored Cross-Site Scripting Date: 11/12/2020 Exploit Author: gx1 Vendor Homepage: https://www.jenkins.io/ Software Link: https://updates.jenkins-ci.org/download/war/ Version: = 2.251 and = LTS 2.235.3 Tested on: any CVE : CVE-2020-2229 References:...
WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting
Exploit Title: WordPress Plugin Popup Builder 3.69.6 - Multiple Stored Cross Site Scripting Date: 11/27/2020 Exploit Author: Ilca Lucian Florin Vendor Homepage: https://sygnoos.com Software Link: https://wordpress.org/plugins/popup-builder/ / https://popup-builder.com/ Version: = 3.69.6 Tested on...
Library Management System 2.0 - Auth Bypass SQL Injection
Exploit Title: Library Management System 2.0 - Auth Bypass SQL Injection Date: 2020-12-09 Exploit Author: Manish Solanki Vendor Homepage: https://www.sourcecodester.com/php/6849/library-management-system.html Software Link:...
OpenCart 3.0.3.6 - Cross Site Request Forgery
Exploit Title: OpenCart 3.0.3.6 - Cross Site Request Forgery Date: 12-11-2020 Exploit Author: Mahendra Purbia Mah3Sec Vendor Homepage: https://www.opencart.com Software Link: https://www.opencart.com/index.php?route=cms/download Version: OpenCart CMS - 3.0.3.6 Tested on: Kali Linux Description:...
Openfire 4.6.0 - 'path' Stored XSS
Exploit Title: Openfire 4.6.0 - 'path' Stored XSS Date: 20201209 Exploit Author: j5s Vendor Homepage: https://github.com/igniterealtime/Openfire Software Link: https://www.igniterealtime.org/downloads/ Version: 4.6.0 POST /plugins/nodejs/nodejs.jsp HTTP/1.1 Host: 192.168.137.137:9090 User-Agent:...
Barcodes generator 1.0 - 'name' Stored Cross Site Scripting
Exploit Title: Barcodes generator 1.0 - 'name' Stored Cross Site Scripting Date: 10/12/2020 Exploit Author: Nikhil Kumar Vendor Homepage: http://egavilanmedia.com/ Software Link: http://egavilanmedia.com/barcodes-generator-using-php-mysql-and-jsbarcode-library/ Version: 1.0 Tested On: Ubuntu 1...
PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path
Exploit Title: PDF Complete 3.5.310.2002 - 'pdfsvc.exe' Unquoted Service Path Discovery by: Zaira Alquicira Discovery Date: 2020-12-10 Vendor Homepage: https://pdf-complete.informer.com/3.5/ Tested Version: 3.5.310.2002 Vulnerability Type: Unquoted Service Path Tested on OS: Windows 10 Pro x64 es...
Task Management System 1.0 - 'id' SQL Injection
Exploit Title: Task Management System 1.0 - 'id' SQL Injection Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution
Exploit Title: Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Lin...
Task Management System 1.0 - 'First Name and Last Name' Stored XSS
Exploit Title: Task Management System 1.0 - 'First Name and Last Name' Stored XSS Exploit Author: Saeed Bala Ahmed r0b0tG4nG Date: 2020-12-08 Google Dork: N/A Vendor Homepage: https://www.sourcecodester.com/php/14615/task-management-system-using-phpmysqli-source-code.html Software Link:...
VestaCP 0.9.8-26 - 'backup' Information Disclosure
Exploit Title: VestaCP 0.9.8-26 - 'backup' Information Disclosure Date: 2020-11-25 Exploit Author: Vulnerability-Lab Vendor Homepage: https://vestacp.com/ Software Link: https://vestacp.com/install/ Version: 0.9.8-26 Document Title: =============== VestaCP v0.9.8-26 - Insufficient Session...
Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption
Exploit Title: Tibco ObfuscationEngine 5.11 - Fixed Key Password Decryption Date: December 8th 2020 Exploit Author: Tess Sluijter Vendor Homepage: https://www.tibco.com Version: 5.11x and before Tested on: MacOS, Linux, Windows Tibco password decryption exploit Background Tibco's documentation...
VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation
Exploit Title: VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation Date: 2020-11-26 Exploit Author: Vulnerability-Lab Vendor Homepage: https://vestacp.com/ Software Link: https://vestacp.com/install/ Version: 0.9.8-26 Document Title: =============== VestaCP v0.9.8-26 - LoginAs Token...
Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow (SEH)
Exploit Title: Dup Scout Enterprise 10.0.18 - 'sid' Remote Buffer Overflow SEH Date: 2020-12-08 Exploit Author: Andrés Roldán Vendor Homepage: http://www.dupscout.com Software Link: http://www.dupscout.com/downloads.html Version: 10.0.18 Tested on: Windows 10 Pro x64 !/usr/bin/env python3 import...
Huawei HedEx Lite 200R006C00SPC005 - Path Traversal
Exploit Title: Huawei HedEx Lite 200R006C00SPC005 - Path Traversal Date: 2020-11-24 Exploit Author: Vulnerability-Lab Vendor Homepage: https://www.huawei.com/ Software Link: https://support.huawei.com/carrier/docview!docview?nid=SCL1000005027&path=PAN-ET/PAN-T/PAN-T-HedEx Version: 200R006C00SPC00...
SmarterMail Build 6985 - Remote Code Execution
Exploit Title: SmarterMail Build 6985 - Remote Code Execution Exploit Author: 1F98D Original Author: Soroush Dalili Date: 10 May 2020 Vendor Hompage: re CVE: CVE-2019-7214 Tested on: Windows 10 x64 References:...
Online Bus Ticket Reservation 1.0 - SQL Injection
Exploit Title: Online Bus Ticket Reservation 1.0 - SQL Injection Date: 2020-12-07 Exploit Author: Sakshi Sharma Vendor Homepage: https://www.sourcecodester.com/php/5012/online-bus-ticket-reservation-using-phpmysql.html Software Link:...