Cisco DCNM JBoss 10.4 - Credential Leakage

Exploit Title: Cisco DCNM JBoss 10.4 - Credential Leakage Date: 2020-01-06 Exploit Author: Harrison Neal Vendor Homepage: https://www.cisco.com/ Software Link: https://software.cisco.com/download/home/281722751/type/282088134/release/10.42 Version: 10.42 CVE: CVE-2019-15999 You'll need a few .jar...

Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape

Exploit Title: Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Date: 2020-01-07 Exploit Author: Harrison Neal, PatchAdvisor Vendor Homepage: https://tomcat.apache.org/ Software Link: https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.36/bin/apache-tomcat-8.0.36.exe Version: 8.0.36...

JetBrains TeamCity 2018.2.4 - Remote Code Execution

Exploit Title: JetBrains TeamCity 2018.2.4 - Remote Code Execution Date: 2020-01-07 Exploit Author: Harrison Neal Vendor Homepage: https://www.jetbrains.com/ Software Link: https://confluence.jetbrains.com/display/TW/Previous+Releases+Downloads Version: 2018.2.4 for Windows CVE: CVE-2019-15039...

Online Book Store 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-01-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...

EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow

Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Date: 2018-09-19 Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000, 7200-01-01-1642 Tested on: IBM AIX PPC CVE: CVE-2017-3623 EBBISLAND /...

ASTPP VoIP 4.0.1 - Remote Code Execution

Exploit Title: ASTPP VoIP 4.0.1 - Remote Code Execution Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script Tested on: Debian 9 - CentOS 7 CVE : - ASTPP...

Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting

Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on: Linux CVE : N/A...

Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)

/ The exploit works on 19H1. It was tested with ntoskrnl version 10.0.18362.295 EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47935.zip / include include include include include include include pragma commentlib, "ntdll.lib" // run cmd.exe...

AnyDesk 5.4.0 - Unquoted Service Path

Exploit Title: AnyDesk 5.4.0 - Unquoted Service Path Exploit Author: SajjadBnd Date: 2019-12-23 Vendor Homepage: http://anydesk.com Software Link: https://download.anydesk.com/AnyDesk.exe Version: Software Version 5.4.0 Tested on: Win10 x64 SERVICENAME: AnyDesk TYPE : 10 WIN32OWNPROCESS STARTTYPE...

piSignage 2.6.4 - Directory Traversal

Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application component of piSignage before 2.6.4 allows ...

Job Portal 1.0 - Remote Code Execution

Exploit Title: Job Portal 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-01-03 Exploit Author: Tib3rius Vendor Homepage: https://phpgurukul.com/job-portal-project/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7855 Version: 1.0 Tested on: Ubuntu 16.04 CVE: N/A...

Complaint Management System 4.0 - Remote Code Execution

Exploit Title: Complaint Management System 4.0 - Remote Code Execution Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Category: Webapps Tested on: Xampp for Windows Description: There...

Codoforum 4.8.3 - Persistent Cross-Site Scripting

Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-03 Exploit Author: Prasanth c41m, Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on:...

Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)

Exploit Title: Subrion CMS 4.0.5 - Cross-Site Request Forgery Add Admin Date: 2020-01-05 Exploit Author: Ismail Tasdelen Vendor Homepage: https://intelliants.com/ Software Link : https://github.com/intelliants/subrion/releases/tag/v4.0.5 Software : Subrion CMS Product Version: v 4.0.5.10...

Complaint Management System 4.0 - 'cid' SQL injection

Exploit Title: Complaint Management System 4.0 - 'cid' SQL injection Google Dork: N/A Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Tested on: Windows 7 CVE : N/A Description: The...

Office Product Key Finder 1.5.4 - Denial of Service (PoC)

Exploit Title: Office Product Key Finder 1.5.4 - Denial of Service PoC Date: 2020-01-06 Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nsauditor.com/downloads/officeproductkeyfindersetup.exe Exploit Author: Gokkul Tested Version: v1.5.4 Tested on: Windows 7 x64 Software...

RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC)

Exploit Title: RemShutdown 2.9.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept...

BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC)

Exploit Title: BlueAuditor 1.7.2.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/blueauditorsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept...

Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)

Exploit Title: Dnss Domain Name Search Software - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Pro...

RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC)

Exploit Title: RemShutdown 2.9.0.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept Po...

Hostel Management System 2.0 - 'id' SQL Injection

Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection Google Dork: intitle: "Hostel management system" Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-system/ Version: v2.0 Tested on: Windows CVE...

Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path

Exploit Title: Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2020-01-05 Vendor Homepage : http://webcompanion.com/ Link Software :...

Duplicate Cleaner Pro 4 - Denial of Service (PoC)

Exploit Title: Duplicate Cleaner Pro 4 - Denial of Service PoC Date: 2020-01-05 Vendor Homepage:https://www.digitalvolcano.co.uk/index.html Software Link: https://www.digitalvolcano.co.uk/download/DuplicateCleanerPro4setup.exe Exploit Author: Achilles Tested Version: 4.1.3 Tested on: Windows 7 x6...

ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC)

Exploit Title: ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested on OS: Windows 10 CVE :...

IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting

Exploit Title: IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting Date: 2020-01-02 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ibm.com/il-en Hardware Link: https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=AN&subtype=CA&htmlfid=897/ENUS105-476&appname=US...

Dnss Domain Name Search Software - 'Key' Denial of Service (PoC)

Exploit Title: Dnss Domain Name Search Software - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proo...

NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service

Exploit Title: NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Tested on OS: Windows 10 CVE : N/A '''...

FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)

Exploit Title: FTPGetter Professional 5.97.0.223 - Denial of Service PoC Google Dork: N/A Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://www.ftpgetter.com/ Software Link: https://www.ftpgetter.com/ftpgetterprosetup.exe Version: v.5.97.0.223 Tested on: Windows 7 CVE : N/A...

SpotIM 2.2 - 'Name' Denial Of Service

Exploit Title: SpotIM 2.2 - 'Name' Denial Of Service Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotimsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...

SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC)

Exploit Title: SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotftpsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proo...

elaniin CMS 1.0 - Authentication Bypass

Exploit Title: elaniin CMS 1.0 - Authentication Bypass Author: riamloo Date: 2020-01-02 Vendor Homepage: https://elaniin.com/ github == https://github.com/elaniin/ Software Link: https://github.com/elaniin/CMS/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: Open-source Conte...

NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)

Exploit Title: NetworkSleuth 3.0.0.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concep...

SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)

Exploit Title: SpotDialup 1.6.7 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotdialupsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...

NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC)

Exploit Title: NBMonitor 1.6.6.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...

NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC)

Exploit Title: NetShareWatcher 1.5.8.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Tested on OS: Windows 10 CVE : N/A '''...

TextCrawler Pro3.1.1 - Denial of Service (PoC)

Exploit Title: TextCrawler Pro3.1.1 - Denial of Service PoC Date: 2020-05-01 Vendor Homepage:https://www.digitalvolcano.co.uk/index.html Software Link: https://www.digitalvolcano.co.uk/download/TextCrawlerPro=setup.exe Exploit Author: Achilles Tested Version: 3.1.1 Tested on: Windows 7 x64 1.- Ru...

SpotIE 2.9.5 - 'Key' Denial of Service (PoC)

Exploit Title: SpotIE 2.9.5 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotiesetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...

Voyager 1.3.0 - Directory Traversal

Exploit Title: Voyager 1.3.0 - Directory Traversal Google Dork: N/A Date: January 2020-01-06 Exploit Author: NgoAnhDuc Vendor Homepage: https://voyager.devdojo.com/ Software...

Microsoft Outlook VCF cards - Denial of Service (PoC)

Exploit Title: Microsoft Outlook VCF cards - Denial of Service PoC Date: 2020-01-04 Exploit Author: hyp3rlinx Vendor Homepage: www.microsoft.com + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...

SpotMSN 2.4.6 - 'Name' Denial of Service (PoC)

Exploit Title: SpotMSN 2.4.6 - 'Name' Denial of Service PoC Exploit Author: Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotmsnsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...

Small CRM 2.0 - Authentication Bypass

Exploit Title: Small CRM 2.0 - Authentication Bypass Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: V2.0 Tested on: Windows CVE : N/A Description: There is a SQL injection...

Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC)

Exploit Title: Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Tested on OS...

SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)

Exploit Title: SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotftpsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof...

Dairy Farm Shop Management System 1.0 - 'username' SQL Injection

Exploit Title: Dairy Farm Shop Management System 1.0 - 'username' SQL Injection Google Dork: N/A Date: 2020-01-03 Exploit Author: Chris Inzinga Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ Version: v1.0 Teste...

Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL Injection

Exploit Title: Karakuzu ERP Management Web 5.7.0 - 'kadiduz' SQL Injection Discovery Date: 2019-09-20 Exploit Author: Hakan TAŞKÖPRÜ Vendor Homepage: http://karakuzu.info/ Effected Version = 5.7.0 Vulnerability 1: Unauthenticated SQL Injection ==================================================...

Plantronics Hub 3.13.2 - Local Privilege Escalation

Exploit Title: Plantronics Hub 3.13.2 - Local Privilege Escalation Date: 2020-01-2 Exploit Author: Markus Krell - @MarkusKrell Vendor Homepage: https://support.polycom.com/content/dam/polycom-support/global/documentation/plantronics-hub-local-privilege-escalation-vulnerability.pdf Software Link:...

Online Course Registration 2.0 - Remote Code Execution

Exploit Title: Online Course Registration 2.0 - Remote Code Execution Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: v2.0 Category: Webapps Tested on: Xampp for Windows...

MSN Password Recovery 1.30 - Denial of Service (PoC)

Exploit Title: MSN Password Recovery 1.30 - Denial of Service PoC Date: 2020-01-02 Vendor Homepage: https://www.top-password.com/ Software Link: https://www.top-password.com/download/MSNPRSetup.exe Exploit Author: Gokkulraj Tested Version: v1.30 Tested on: Windows 7 x64 1.- Download and install M...

Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation

// Axel '0vercl0k' Souchet - December 28 2019 // References: // - Found by an anonymous researcher, written up by Simon '@HexKitchen' Zuckerbraun // - https://www.zerodayinitiative.com/blog/2019/12/19/privilege-escalation-via-the-core-shell-com-registrar-object // -...

Hospital Management System 4.0 - 'searchdata' SQL Injection

Exploit Title: Hospital Management System 4.0 - 'searchdata' SQL Injection Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4.0 Tested on: Windows CVE :...