Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pandora FMS Ping Authenticated Remote Code Execution', 'Description' = %q This module exploits a vulnerability found in Pandora FMS 7.0NG and...

PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS index.php Unauthenticated Template Injection Code Execution', 'Description' = %q This module exploits a preauth Server-Side Template...

SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting

Title: SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: http://dropouts.in/ Software Link: https://apps.apple.com/us/app/super-backup-export-import/id1052684097 CVE: N/A Document Title: =============== SuperBackup v2.0.5 iOS - V...

AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting

Title: AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: http://www.app2pro.com Software Link: https://apps.apple.com/us/app/airdisk-pro-wireless-flash/id505904421 CVE: N/A Document Title: =============== AirDisk Pro v5.5.3 iOS -...

File Transfer iFamily 2.1 - Directory Traversal

Title: File Transfer iFamily 2.1 - Directory Traversal Author: Vulnerability Laboratory Date: 2020-04-15 Software Link: http://www.dedecms.com/products/dedecms/downloads/ CVE: N/A Document Title: =============== File Transfer iFamily v2.1 - Directory Traversal Vulnerability References Source:...

SeedDMS 5.1.18 - Persistent Cross-Site Scripting

Title: SeedDMS 5.1.18 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.seeddms.org Software Link: https://www.seeddms.org/index.php?id=7 CVE: N/A Document Title: =============== SeedDMS v5.1.18 - Multiple Persistent Web Vulnerabilities...

DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting

Title: DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor Link: http://www.dedecms.com Software Link: http://www.dedecms.com/products/dedecms/downloads/ CVE: N/A Document Title: =============== DedeCMS v7.5 SP2 - Multiple Persistent Web...

Xeroneit Library Management System 3.0 - 'category' SQL Injection

Exploit Title: Xeroneit Library Management System 3.0 - 'category' SQL Injection Google Dork: "LMS v3.0 - Xerone IT " Date: 2020-04-09 Exploit Author: Sohel Yousef jellyfish security team Software Link: https://xeroneit.net/portfolio/library-management-system-lms Software Demo...

BlazeDVD 7.0.2 - Buffer Overflow (SEH)

Exploit Title: BlazeDVD 7.0.2 - Buffer Overflow SEH Date: 2020-04-15 Exploit Author: areyou1or0 Software Link: http://www.blazevideo.com/dvd-player/free-dvd-player.html Version: 7.0.2 Tested on: Windows 7 Pro x86 !/usr/bin/python file = "exploit.plf" offset ="A"612-4 nseh = "\xeb\x1e\x90\x90" seh...

Pinger 1.0 - Remote Code Execution

Title: Pinger 1.0 - Remote Code Execution Date: 2020-04-13 Author: Milad Karimi Vendor Homepage: https://github.com/wcchandler/pinger Software Link: https://github.com/wcchandler/pinger Tested on: windows 10 , firefox Version: 1.0 CVE : N/A...

Macs Framework 1.14f CMS - Persistent Cross-Site Scripting

Title: Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Software Link: https://sourceforge.net/projects/macs-framework/files/latest/download CVE: N/A Document Title: =============== Macs Framework v1.14f CMS - Multiple Web Vulnerabilitie...

Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution

Exploit Title: Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Author: nu11secur1ty Date: 2020-03-31 Vendor: Oracle Software Link: https://download.oracle.com/otn/nt/middleware/12c/122140/fmw12.2.1.4.0wlsDisk11of1.zip Exploit link:...

Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution

Exploit Title: Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution Date: 2020-04-13 Exploit Author: Wadeek Hardware Version: EW-7438RPn-v3 Mini Firmware Version: 1.23 / 1.27 Vendor Homepage:...

B64dec 1.1.2 - Buffer Overflow (SEH Overflow + EggHunter)

Exploit Title: B64dec 1.1.2 - Buffer Overflow SEH Overflow + Egg Hunter Date: 2020-04-13 Exploit Author: Andy Bowden Vendor Homepage: http://4mhz.de/b64dec.html Software Link: http://4mhz.de/download.php?file=b64dec-1-1-2.zip Version: Base64 Decoder 1.1.2 Tested on: Windows 10 x86 Instructions: R...

WSO2 3.1.0 - Persistent Cross-Site Scripting

Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Date: 2020-04-13 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0700 Technical Details &...

Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)

Exploit Title: Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow SEH Exploit Author: Bobby Cooke Date: 2020-04-11 Vendor: Drive Software Company Vendor Site: http://www.drive-software.com Software Download: http://www.drive-software.com/download/freeclock.exe Tested On:...

Huawei HG630 2 Router - Authentication Bypass

Title: Huawei HG630 2 Router - Authentication Bypass Date: 2020-04-13 Author: Eslam Medhat Vendor Homepage: www.huawei.com Version: HG630 V2 HardwareVersion: VER.B CVE: N/A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of t...

Webtateas 2.0 - Arbitrary File Read

Exploit Title: Webtateas 2.0 - Arbitrary File Read Date: 2020-04-12 Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: http://webtareas.sourceforge.net/general/home.php Software Link: http://webtareas.sourceforge.net/general/home.php Version:...

MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection

Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...

WSO2 3.1.0 - Arbitrary File Delete

Title: WSO2 3.1.0 - Arbitrary File Delete Date: 2020-04-12 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary File DeletePath traversal CVE not assign...

WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion

Exploit Title: Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion Google Dork: N/A Date: 2020-04-13 Exploit Author: Daniel Monzón stark0de Vendor Homepage: http://davidlingren.com/ Software Link: https://wordpress.org/plugins/media-library-assistant/ Version: 2.81 Tested on:...

TVT NVMS 1000 - Directory Traversal

Exploit Title: TVT NVMS 1000 - Directory Traversal Date: 2020-04-13 Exploit Author: Mohin Paramasivam Shad0wQu35t Vendor Homepage: http://en.tvt.net.cn/ Version : N/A Software Link : http://en.tvt.net.cn/products/188.html Original Author : Numan Türle CVE : CVE-2019-20085 import sys import reques...

Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal

Exploit Title: Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal Date: 2020-04-10 Exploit Author: Basim Alabdullah Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro3.10.1.iso/download Version: 3.10.1 Tested on: Debian8u2 Technical Details...

Windscribe 1.83 - 'WindscribeService' Unquoted Service Path

Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Date: 2020-04-10 Exploit Author: MgThuraMoeMyint Vendor Homepage: https://windscribe.com Version: v1.83 Build 20 Tested on: Windows 10, version 1909 In windscribe v1.83 , there is a service via windscribe that every...

WordPress Plugin Helpful 2.4.11 - SQL Injection

Title: Helpful 2.4.11 Sql Injection - Wordpress Plugin Version : 2.4.11 Software Link : https://wordpress.org/plugins/helpful/ Date of found: 10.04.2019 Author: Numan Türle core/Core.class.php // Ajax requests: pro addaction 'wpajaxhelpfulajaxpro', array $this, 'helpfulajaxpro' ; // set args for...

AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-05-02 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability...

Django 3.0 - Cross-Site Request Forgery Token Bypass

Exploit Title: Django 3.0 - Cross-Site Request Forgery Token Bypass Date: 2020-04-08 Exploit Author: Spad Security Group Vendor Homepage: https://www.djangoproject.com/ Software Link: https://pypi.org/project/Django/ Version: 3.0 = Tested on: windows 10 Language: python3.8 t.me/SpadSec Spad...

Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)

Exploit Title: Amcrest Dahua NVR Camera IP2M-841 - Denial of Service PoC Date: 2020-04-07 Exploit Author: Jacob Baines Vendor Homepage: https://amcrest.com/ Software Link: https://amcrest.com/firmwaredownloads Version: Many different versions due to number of Dahua/Amcrest/etc devices affected...

dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC)

Exploit Title: dnsmasq-utils 2.79-1 - 'dhcprelease' Denial of Service PoC Date: 2020-04-06 Exploit Author: Josue Encinar Software Link: https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1 Version: 2.79 Tested on: Ubuntu 18.04 from subprocess import Popen, PIPE data = "" bof = False for i in range...

ZOC Terminal 7.25.5 - 'Script' Denial of Service (PoC)

Exploit Title: ZOC Terminal 7.25.5 - 'Script' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-04-05 Vendor Homepage: https://www.emtec.com Software Link : http://www.emtec.com/downloads/zoc/zoc7255x64.exe Tested Version: 7.25.5 Vulnerability Type: Local Tested on OS: Windows 10...

UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service (PoC)

Exploit Title: UltraVNC Viewer 1.2.4.0 - 'VNCServer' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-04-05 Vendor Homepage: https://www.uvnc.com/ Software Link : https://www.uvnc.com/component/jdownloads/send/0-/394-ultravnc-1240-x86-setup.html?Itemid=0 Tested Version: 1.2.4.0...

Microsoft NET USE win10 - Insufficient Authentication Logic

Title: Microsoft NET USE win10 - Insufficient Authentication Logic Date: 2020-04-04 Author: hyp3rlinx Vendor: www.microsoft.com CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting

Title: WhatsApp Desktop 0.3.9308 - Persistent Cross-Site Scripting Date: 2020-01-21 Exploit Author: Gal Weizman Vendor Homepage: https://www.whatsapp.com Software Link: https://web.whatsapp.com/desktop/windows/release/x64/WhatsAppSetup.exe Software Link:...

Nsauditor 3.2.0.0 - 'Name' Denial of Service (PoC)

Exploit Title: Nsauditor 3.2.0.0 - 'Name' Denial of Service PoC Discovery by: 0xMoHassan Date: 2020-04-04 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.2.0.0 Vulnerability Type: Denial of Service DoS Local Tested o...

Memu Play 7.1.3 - Insecure Folder Permissions

Exploit Title: Memu Play 7.1.3 - Insecure Folder Permissions Discovery by: chuyreds Discovery Date: 2020-03-08 Vendor Homepage: https://www.memuplay.com/ Software Link : https://www.memuplay.com/download-en.php?filename=Memu-Setup&from=officialrelease Tested Version: 7.1.3 Vulnerability Type: Loc...

Product Key Explorer 4.2.2.0 - 'Key' Denial of Service (PoC)

Exploit Title: Product Key Explorer 4.2.2.0 - 'Key' Denial of Service PoC Discovery by: 0xMoHassan Date: 2020-04-04 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Tested Version: 4.2.2.0 Vulnerability Type: Denial of Service...

pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting

Exploit Title: pfSense 2.4.4-P3 - 'User Manager' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg Vendor Homepage: https://www.pfsense.org Version: PfSense 2.4.4-P3 Tested on: FreeBSD 11.2-RELEASE-p10 CVE : CVE-2020-11457 Vulnerability Details Description : A...

LimeSurvey 4.1.11 - 'File Manager' Path Traversal

Exploit Title: LimeSurvey 4.1.11 - 'File Manager' Path Traversal Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11455 Vulnerability Details Description : A path...

UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service (PoC)

Exploit Title: UltraVNC Launcher 1.2.4.0 - 'Password' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-04-05 Vendor Homepage: https://www.uvnc.com/ Software Link : https://www.uvnc.com/component/jdownloads/send/0-/394-ultravnc-1240-x86-setup.html?Itemid=0 Tested Version: 1.2.4.0...

SpotAuditor 5.3.4 - 'Name' Denial of Service (PoC)

Exploit Title: SpotAuditor 5.3.4 - 'Name' Denial of Service PoC Exploit Author: 0xMoHassan Date: 2020-04-04 Vendor Homepage: https://www.spotauditor.com/ Software Link: http://www.nsauditor.com/downloads/spotauditorsetup.exe Tested Version: 5.3.4 Vulnerability Type: Denial of Service DoS Local...

Vesta Control Panel 0.9.8-26 - Authenticated Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Vesta Control Panel Authenticated Remote Code Execution", 'Description' = %q This module exploits command injection vulnerability in...

ZOC Terminal v7.25.5 - 'Private key file' Denial of Service (PoC)

Exploit Title: ZOC Terminal v7.25.5 - 'Private key file' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-04-05 Vendor Homepage: https://www.emtec.com Software Link : http://www.emtec.com/downloads/zoc/zoc7255x64.exe Tested Version: 7.25.5 Vulnerability Type: Local Tested on OS:...

Bolt CMS 3.7.0 - Authenticated Remote Code Execution

Exploit Title: Bolt CMS 3.7.0 - Authenticated Remote Code Execution Date: 2020-04-05 Exploit Author: r3m0t3nu11 Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.x Tested on: Linux CVE : not-yet-0day !/usr/bin/python import requests import sys import...

LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting

Exploit Title: LimeSurvey 4.1.11 - 'Survey Groups' Persistent Cross-Site Scripting Date: 2020-04-02 Exploit Author: Matthew Aberegg, Michael Burkey Vendor Homepage: https://www.limesurvey.org Version: LimeSurvey 4.1.11+200316 Tested on: Ubuntu 18.04.4 CVE : CVE-2020-11456 Vulnerability Details...

Frigate 3.36 - Denial of Service (PoC)

Exploit Title: Frigate 3.36 - Denial of Service PoC Date: 2020-04-05 Exploit Author: inter Vendor Homepage: http://www.Frigate3.com/ Software Link Download: http://www.Frigate3.com/download/Frigate3Stdv36.exe Vulnerable Software: Firgate Version: 3.36 Vulnerability Type: Denial of Service DoS Loc...

Triologic Media Player 8 - '.m3l' Buffer Overflow (Unicode) (SEH)

Exploit Title: Triologic Media Player 8 - '.m3l' Buffer Overflow Unicode SEH Date: 2020-04-04 Author: Felipe Winsnes Software Link: http://download.cnet.com/Triologic-Media-Player/3000-21394-10691520.html Version: 8 Tested on: Windows 7 x86 Proof of Concept: 1.- Run the python script, it will...

UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service (PoC)

Exploit Title: UltraVNC Launcher 1.2.4.0 - 'RepeaterHost' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-04-05 Vendor Homepage: https://www.uvnc.com/ Software Link : https://www.uvnc.com/component/jdownloads/send/0-/394-ultravnc-1240-x86-setup.html?Itemid=0 Tested Version:...

Pandora FMS 7.0NG - 'net_tools.php' Remote Code Execution

Exploit Title: Pandora FMS 7.0NG - 'nettools.php' Remote Code Execution Build: PC170324 - MR 0 Date: 2020-03-30 Exploit Author: Basim Alabdullah Vendor homepage: http://pandorafms.org/ Version: 7.0 Software link: https://pandorafms.org/features/free-download-monitoring-software/ Tested on: CentOS...

AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow (SEH)

Exploit Title: AIDA64 Engineer 6.20.5300 - 'Report File' filename Buffer Overflow SEH Date: 2020-04-02 Exploit Author: Hodorsec Version: v6.20.5300 Software Link: http://download.aida64.com/aida64engineer620.exe Vendor Homepage: https://www.aida64.com/products/aida64-engineer Tested on: Win7 x86...

DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow (PoC)

Exploit Title: DiskBoss 7.7.14 - 'Input Directory' Local Buffer Overflow PoC Vendor Homepage: https://www.diskboss.com/ Software Link Download: https://github.com/x00x00x00x00/diskboss7.7.14/raw/master/diskbosssetupv7.7.14.exe Exploit Author: Paras Bhatia Discovery Date: 2020-04-01 Vulnerable...