Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path

Exploit Title: Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.disksorter.com Software Link: http://www.disksorter.com/setups/disksorterentsetupv12.4.16.exe Version: 12.4.16 Tested On: Windows 10...

Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path

Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.syncbreeze.com Software Link: http://www.syncbreeze.com/setups/syncbreezeentsetupv12.4.18.exe Version: 12.4.18 Tested On: Windows 10...

WordPress Plugin InfiniteWP - Client Authentication Bypass (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress InfiniteWP Client Authentication Bypass', 'Description' = %q This module exploits an authentication bypass in the WordPress InfiniteWP...

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting

Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-02-10 Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A Stored xss was found in Vanillaforum 2.6.3...

CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting

Exploit Title: CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Google Dork: In Shodan search engine, the filter is "CHIYU" Date: 2020-02-11 Exploit Author: Luca.Chiou Vendor Homepage: https://www.chiyu-t.com.tw/en/ Version: BF430 232/485 TCP/IP Converter all versions prior to 1.16.00...

WordPress Plugin LearnDash LMS 3.1.2 - Reflective Cross-Site Scripting

Exploit Title: LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Date: 2020-01-14 Vendor Homepage: https://www.learndash.com Vendor Changelog: https://learndash.releasenotes.io/release/uCskc-version-312 Exploit Author: Jinson Varghese Behanan Author Advisory:...

OpenSMTPD - MAIL FROM Remote Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenSMTPD MAIL FROM Remote Code Execution', 'Description' = %q This module exploits a command injection in the MAIL FROM field during SMTP...

Ricoh Driver - Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' class MetasploitModule 'Ricoh Driver Privilege Escalation', 'Description' = %q Various Ricoh printer drivers allow escalation of privilege...

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting

Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security Version: Forcepoint Web Security 8.5 Tested on: Windows 7,10...

usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init

''' usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctploadaddressesfrominit function of usersctp that can lead to a number of out-of-bound reads. The input to sctploadaddressesfrominit is verified by calling...

Dota 2 7.23f - Denial of Service (PoC)

Exploit Title: Dota 2 7.23f - Denial of Service PoC Google Dork: N/A Date: 2020-02-05 Exploit Author: Bogdan Kurinnoy [email protected] bi7s Vendor Homepage: https://www.valvesoftware.com/en/ Software Link: N/A Version: 7.23f Tested on: Windows 10 x64 CVE : CVE-2020-7949 Valve Dota 2...

iOS/macOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()

While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand, I noticed that the size checks used to parse the IOAccelKernelCommand in IOAccelCommandQueue2::processSegmentKernelCommand are incorrect. The IOAccelKernelCommand contains an 8-byte header consistin...

Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow

Exploit Title: Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-09 Vendor Homepage : http://www.wedding-slideshow-studio.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to Reproduce: 1. Run the python exploit script, it will crea...

D-Link Devices - Unauthenticated Remote Command Execution in ssdpcgi (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'D-Link Devices Unauthenticated Remote Command Execution in ssdpcgi', 'Description' = %q D-Link Devices Unauthenticated Remote Command Execution i...

EyesOfNetwork 5.3 - Remote Code Execution

Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Date: 2020-02-01 Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE : CVE-2020-8654, CVE-2020-8655, CVE-2020-8656...

QuickDate 1.3.2 - SQL Injection

Exploit Title: QuickDate 1.3.2 - SQL Injection Dork: N/A Date: 2020-02-07 Exploit Author: Ihsan Sencan Vendor Homepage: https://quickdatescript.com/ Version: 1.3.2 Tested on: Linux CVE: N/A POC: 1 POST /findmatches HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 X11; Linux x8664; rv:55.0...

VehicleWorkshop 1.0 - 'bookingid' SQL Injection

Exploit Title: VehicleWorkshop 1.0 - 'bookingid' SQL Injection Data: 2020-02-06 Exploit Author: Mehran Feizi Vendor HomagePage: https://github.com/spiritson/VehicleWorkshop Tested on: Windows Google Dork: N/A ========= Vulnerable Page: ========= /viewtestdrive.php ========== Vulnerable Source:...

Google Invisible RECAPTCHA 3 - Spoof Bypass

Exploit Title: Google Invisible RECAPTCHA 3 - Spoof Bypass Date: 2020-02-07 Vendor Homepage: https://developers.google.com/recaptcha/docs/invisible Exploit Git Repo: https://github.com/matamorphosis/Browser-Exploits/tree/master/RECAPTCHABypass Exploit Author: Matamorphosis Tested on: Windows and...

ExpertGPS 6.38 - XML External Entity Injection

Exploit Title: ExpertGPS 6.38 - XML External Entity Injection + Date: 2019-12-07 + Exploit Author: Trent Gordon + Vendor Homepage: https://www.topografix.com/ + Software Link: http://download.expertgps.com/SetupExpertGPS.exe + Disclosed at: 7FEB2020 + Version: 6.38 + Tested on: Windows 10 + CVE:...

PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection

Exploit Title: PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection Google Dork: intitle: "PackWeb Formap E-learning" Date: 2020-02-07 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.ediser.com/ Software Link: https://www.ediser.com/98517-formation-en-ligne Version: v1.0...

Windscribe - WindscribeService Named Pipe Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windscribe WindscribeService Named Pipe Privilege Escalation', 'Description' = %q The Windscribe VPN client application for Windows makes use of ...

Ecommerce Systempay 1.0 - Production KEY Brute Force

Exploit Title: Ecommerce Systempay 1.0 - Production KEY Brute Force Author: live3 Date: 2020-02-05 Vendor Homepage: https://paiement.systempay.fr/doc/fr-FR/ Software Link: https://paiement.systempay.fr/doc/fr-FR/module-de-paiement-gratuit/ Tested on: MacOs Version: ALL ?php / INFORMATION Exploit...

Online Job Portal 1.0 - Cross Site Request Forgery (Add User)

Exploit Title: Online Job Portal 1.0 - Cross Site Request Forgery Add User Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

VIM 8.2 - Denial of Service (PoC)

Exploit Title: VIM 8.2 - Denial of Service PoC Date: 2019-12-17 Vulnerability: DoS Vulnerability Discovery: Dhiraj Mishra Vulnerable Version: VIM - Vi IMproved 8.2 Included patches: 1-131 Vendor Homepage: https://www.vim.org/ References:...

ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path

Exploit Title: ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2020-02-05 Vendor : ELAN Microelectronics Vendor Homepage : http://www.emc.com.tw/ Tested on OS: Windows 10 v1803 Analyze PoC : ============== C:\Users\ZwXsc qc ETDService SC...

Cisco Data Center Network Manager 11.2 - Remote Code Execution

!/usr/bin/python """ Cisco Data Center Network Manager SanWS importTS Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 - FileName: dcnm-installer-x64-windows.11.2.1.exe.zip - Size: 1619.36 ...

RarmaRadio 2.72.4 - 'username' Denial of Service (PoC)

Exploit Title: RarmaRadio 2.72.4 - 'username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.4 Vulnerability Type: Denia...

AbsoluteTelnet 11.12 - "license name" Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability Typ...

RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)

Exploit Title: RarmaRadio 2.72.4 - 'server' Denial of Service PoC Discovery by: chuyreds Discovery Date: 05-02-2020 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.4 Vulnerability Type: Denial ...

TapinRadio 2.12.3 - 'address' Denial of Service (PoC)

Exploit Title: TapinRadio 2.12.3 - 'address' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.12.3 Vulnerability Type:...

AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability...

AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC)

Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability Typ...

Sudo 1.8.25p - 'pwfeedback' Buffer Overflow

!/bin/bash We will need socat to run this. if ! -f socat ; then wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x8664/socat chmod +x socat fi cat xpl.pl $bufsz = 256; $askpasssz = 32; $signosz = 465; $tgetpassflag = "\x04\x00\x00\x00" . "\x00"x24;...

Cisco Data Center Network Manager 11.2.1 - 'LanFabricImpl' Command Injection

!/usr/bin/python """ Cisco Data Center Network Manager LanFabricImpl createLanFabric Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 ISO Virtual Appliance for VMWare, KVM and Bare-metal servers - Release: 11.21 - Release Date: 05-Jun-2019 - FileName:...

Online Job Portal 1.0 - Remote Code Execution

Exploit Title: Online Job Portal 1.0 - Remote Code Execution Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

TapinRadio 2.12.3 - 'username' Denial of Service (PoC)

Exploit Title: TapinRadio 2.12.3 - 'username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.12.3 Vulnerability Type:...

Cisco Data Center Network Manager 11.2.1 - 'getVmHostData' SQL Injection

!/usr/bin/python """ Cisco Data Center Network Manager HostEnclHandler getVmHostData SQL Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 - FileName: dcnm-installer-x64-windows.11.2.1.exe.zip - Siz...

Online Job Portal 1.0 - 'user_email' SQL Injection

Exploit Title: Online Job Portal 1.0 - 'useremail' SQL Injection Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)

Exploit Title: AVideo Platform 8.1 - Cross Site Request Forgery Password Reset Dork: N/A Date: 2020-02-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...

Socat 1.7.3.4 - Heap-Based Overflow (PoC)

Exploit Title: Socat 1.7.3.4 - Heap Based Overflow PoC Date: 2020-02-03 Exploit Author: hieubl from HPT Cyber Security Vendor Homepage: http://www.dest-unreach.org/ Software Link: http://www.dest-unreach.org/socat/ Version: 1.7.3.4 Tested on: Ubuntu 16.04.6 LTS CVE : Heap-Based Overflow due to...

AVideo Platform 8.1 - Information Disclosure (User Enumeration)

Exploit Title: AVideo Platform 8.1 - Information Disclosure User Enumeration Dork: N/A Date: 2020-02-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...

HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account

Exploit Title: HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Dork: N/A Date: 2020-02-03 Exploit Author: Snawoot Vendor Homepage: http://www.hisilicon.com Product Link: http://www.hisilicon.com/en/Products Version: hi3520d Tested on: Linux CVE: N/A References:...

xglance-bin 11.00 - Privilege Escalation

Exploit Title: xglance-bin 11.00 - Privilege Escalation Exploit Author: Robert Jaroszuk and Marco Ortisi RedTimmy Security Date: 2020-02-01 Tested on: RHEL 5.x/6.x/7.x/8.x CVE: CVE-2014-2630 Disclamer: This exploit is for educational purpose only More details on...

Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation

Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage: https://www.kronos.com/products/kronos-webta Version: 3.8.x - 4.0...

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)

Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/ Software Link : https://www.verodin.com/demo-request/demo-request-form Tested Versions...

Wago PFC200 - Authenticated Remote Code Execution (Metasploit)

Exploit Title: Wago PFC200 - Authenticated Remote Code Execution Metasploit Date: 2020-02-05 Exploit Author: Nico Jansen 0x483d Vendor Homepage: https://www.wago.com/ Version: 'Wago PFC200 authenticated remote code execution', 'Description' = %q The Wago PFC200 up to incl. Firmware 11 020835 is...

Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO , 'Author' = 'Omri Baso', discovery 'Fabien Aunay', discovery...

Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)

Title: Sudo 1.8.25p - Buffer Overflow Date: 2020-01-30 Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting the...

F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)

Title: F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Date: 2020-01-30 Author: Kevin Joensen Vendor: F-Secure Software: https://www.f-secure.com/en/business/downloads/internet-gatekeeper CVE: N/A Reference: https://blog.doyensec.com/2020/02/03/heap-exploit.html from pwn import import time...

Jira 8.3.4 - Information Disclosure (Username Enumeration)

Exploit Title: Jira 8.3.4 - Information Disclosure Username Enumeration Date: 2019-09-11 Exploit Author: Mufeed VH Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Version: 8.3.4 Tested on: Pop!OS 19.10 CVE : CVE-2019-8449 CVE-2019-8449 Exploit fo...