47904 matches found
Chevereto 3.13.4 Core - Remote Code Execution
Exploit Title: Chevereto 3.13.4 Core - Remote Code Execution Date: 2020-01-11 Exploit Author: Jinny Ramsmark Vendor Homepage: https://chevereto.com/ Software Link: https://github.com/Chevereto/Chevereto-Free/releases Version: 1.0.0 Free - 1.1.4 Free, = 3.13.4 Core Tested on: Ubuntu 19.10, PHP 7.3...
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions
Exploit Title: Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions Exploit Author: ZwX Exploit Date: 2020-01-12 Vendor Homepage : https://advancedsystemrepair.com/ Software Link: http://advancedsystemrepair.com/ASRProInstaller.exe Tested on OS: Windows 10 Proof of Concept PoC:...
SpotDialup 1.6.7 - 'Name' Denial of Service (PoC)
Exploit Title: SpotDialup 1.6.7 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotdialupsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
Allok Video Converter 4.6.1217 - Stack Overflow (SEH)
Exploit Title: Allok Video Converter 4.6.1217 - Stack Overflow SEH Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.alloksoft.com Software Link: https://www.alloksoft.com/allokvconverter.exe Version: 4.6.1217 Tested on: Windows 7 SP1 32-bit Copy paste the content...
SpotOutlook 1.2.6 - 'Name' Denial of Service (PoC)
Exploit Title: SpotOutlook 1.2.6 - 'Name' Denial of Service PoC Exploit Author: Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotoutlooksetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
TaskCanvas 1.4.0 - 'Registration' Denial Of Service
Exploit Title: TaskCanvas 1.4.0 - 'Registration' Denial Of Service Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : https://www.digitalvolcano.co.uk/ Link Software : https://www.digitalvolcano.co.uk/taskcanvasdownload.html Tested on OS: Windows 10 CVE : N/A ''' Proof of...
Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)
Exploit Title: Microsoft Windows 10 - Local Privilege Escalation UAC Bypass Author: Nassim Asrir Date: 2019-01-10 Exploit Author: Nassim Asrir CVE: N/A Tested On: Windows 10Pro 1809 Vendor : https://www.microsoft.com Technical Details I discovered a Local Privilege Escalation in Windows 10 UAC...
Backup Key Recovery 2.2.5 - 'Name' Denial of Service (PoC)
Exploit Title: Backup Key Recovery 2.2.5 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of...
Top Password Firefox Password Recovery 2.8 - Denial of Service (PoC)
Exploit Title: Top Password Firefox Password Recovery 2.8 - Denial of Service PoC Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.top-password.com/ Software Link: https://www.top-password.com/download/FirefoxPRSetup.exe Version: 2.8 Tested on: Windows 7 SP1 32-b...
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)
Exploit Title: Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow SEH Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.alloksoft.com Software Link: https://www.alloksoft.com/allokrmconverter.exe Version: 3.6.1217 Tested on: Windows 7 SP1 32-bit Cop...
Top Password Software Dialup Password Recovery 1.30 - Denial of Service (PoC)
Exploit Title: Top Password Software Dialup Password Recovery 1.30 - Denial of Service PoC Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.top-password.com/ Software Link: https://www.top-password.com/download/DialupPRSetup.exe Version: 1.30 Tested on: Windows 7...
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
!/bin/bash Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway - CVE-2019-19781 Usage : bash CVE-2019-19781.sh IPOFVULNURABLEHOST COMMANDTOEXECUTE e.g : bash CVE-2019-19781.sh XX.XX.XX.XX 'uname -a' Release Date : 11/01/2020 Follow Us :...
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
!/usr/bin/python3 Exploits the Citrix Directory Traversal Bug: CVE-2019-19781 You only need a listener like netcat to catch the shell. Shout out to the team: Rob Simon, Justin Elze, Logan Sampson, Geoff Walton, Christopher Paschen, Kevin Haubris, Scott White Tool Written by: Rob Simon and David...
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution
Exploit Title: PixelStor 5000 - Remote Code Execution Product: PixelStor 5000 Vendor: Rasilient Date: 2020-01-08 Exploit Author: .:UND3R:. Vendor Homepage: http://rasilient.com Version: K:4.0.1580-20150629 KDI Version Tested on: K:4.0.1580-20150629 KDI Version CVE: CVE-2020-6756 URL Author:...
ASTPP 4.0.1 VoIP Billing - Database Backup Download
Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script Tested on: Debian 9 - CentOS 7 CV...
Pandora 7.0NG - Remote Code Execution
Exploit Title: Pandora 7.0NG - Remote Code Execution Date: 2019-11-14 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2019-20224 Vendor Homepage: https://pandorafms.org/ Software link: https://pandorafms.org/features/free-download-monitoring-software/ Version: v7.0NG Tested on: CentOS 7.3 / PHP...
TotalAV 2020 4.14.31 - Privilege Escalation
Exploit Title: TotalAV 2020 4.14.31 - Privilege Escalation Date: 2020-01-09 Exploit Author: Kusol Watchara-Apanukorn Vendor Homepage: https://www.totalav.com/ Version: 4.14.31 Fixed on: 5.3.35 Tested on: Windows 10 x64 CVE : CVE-2019-18194 Vulnerability Description: TotalAV 2020 4.14.31 has...
MSN Password Recovery 1.30 - XML External Entity Injection
Exploit Title: MSN Password Recovery 1.30 - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2020-01-08 Vendor Homepage : https://www.top-password.com/ Software Link: https://www.top-password.com/download/MSNPRSetup.exe Tested on OS: Windows 10 + Exploit : PoC =================== 1...
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution
Exploit Title: Oracle Weblogic 10.3.6.0.0 - Remote Command Execution Date: 2020-01-08 Exploit Author: Waffles & Paveway3 Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 Tested on: Windows CVE : CVE-2019-2729 SerialLogic.py...
ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service (PoC)
Exploit Title: ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service PoC Exploit Author : ZwX Exploit Date: 2020-01-08 Vendor Homepage : https://www.top-password.com/purchase.html Link Software : https://www.top-password.com/download/ZIPPRSetup.exe Tested on OS: Windows 10 Proof of Concept Po...
Codoforum 4.8.3 - 'input_txt' Persistent Cross-Site Scripting
Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on: Linux CVE : N/A...
Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape
Exploit Title: Tomcat proprietaryEvaluate 9.0.0.M1 - Sandbox Escape Date: 2020-01-07 Exploit Author: Harrison Neal, PatchAdvisor Vendor Homepage: https://tomcat.apache.org/ Software Link: https://archive.apache.org/dist/tomcat/tomcat-8/v8.0.36/bin/apache-tomcat-8.0.36.exe Version: 8.0.36...
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Date: 2018-09-19 Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000, 7200-01-01-1642 Tested on: IBM AIX PPC CVE: CVE-2017-3623 EBBISLAND /...
ASTPP VoIP 4.0.1 - Remote Code Execution
Exploit Title: ASTPP VoIP 4.0.1 - Remote Code Execution Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor default setup script Tested on: Debian 9 - CentOS 7 CVE : - ASTPP...
Online Book Store 1.0 - Unauthenticated Remote Code Execution
Exploit Title: Online Book Store 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2020-01-07 Exploit Author: Tib3rius Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...
Cisco DCNM JBoss 10.4 - Credential Leakage
Exploit Title: Cisco DCNM JBoss 10.4 - Credential Leakage Date: 2020-01-06 Exploit Author: Harrison Neal Vendor Homepage: https://www.cisco.com/ Software Link: https://software.cisco.com/download/home/281722751/type/282088134/release/10.42 Version: 10.42 CVE: CVE-2019-15999 You'll need a few .jar...
JetBrains TeamCity 2018.2.4 - Remote Code Execution
Exploit Title: JetBrains TeamCity 2018.2.4 - Remote Code Execution Date: 2020-01-07 Exploit Author: Harrison Neal Vendor Homepage: https://www.jetbrains.com/ Software Link: https://confluence.jetbrains.com/display/TW/Previous+Releases+Downloads Version: 2018.2.4 for Windows CVE: CVE-2019-15039...
Microsoft Windows 10 (19H1 1901 x64) - 'ws2ifsl.sys' Use After Free Local Privilege Escalation (kASLR kCFG SMEP)
/ The exploit works on 19H1. It was tested with ntoskrnl version 10.0.18362.295 EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47935.zip / include include include include include include include pragma commentlib, "ntdll.lib" // run cmd.exe...
Complaint Management System 4.0 - Remote Code Execution
Exploit Title: Complaint Management System 4.0 - Remote Code Execution Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Category: Webapps Tested on: Xampp for Windows Description: There...
piSignage 2.6.4 - Directory Traversal
Exploit Title: piSignage 2.6.4 - Directory Traversal Date: 2019-11-13 Exploit Author: JunYeong Ko Vendor Homepage: https://pisignage.com/ Version: piSignage before 2.6.4 Tested on: piSignage before 2.6.4 CVE : CVE-2019-20354 Summary: The web application component of piSignage before 2.6.4 allows ...
Job Portal 1.0 - Remote Code Execution
Exploit Title: Job Portal 1.0 - Remote Code Execution Google Dork: N/A Date: 2020-01-03 Exploit Author: Tib3rius Vendor Homepage: https://phpgurukul.com/job-portal-project/ Software Link: https://phpgurukul.com/?smdprocessdownload=1&downloadid=7855 Version: 1.0 Tested on: Ubuntu 16.04 CVE: N/A...
AnyDesk 5.4.0 - Unquoted Service Path
Exploit Title: AnyDesk 5.4.0 - Unquoted Service Path Exploit Author: SajjadBnd Date: 2019-12-23 Vendor Homepage: http://anydesk.com Software Link: https://download.anydesk.com/AnyDesk.exe Version: Software Version 5.4.0 Tested on: Win10 x64 SERVICENAME: AnyDesk TYPE : 10 WIN32OWNPROCESS STARTTYPE...
Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service (PoC)
Exploit Title: Backup Key Recovery Recover Keys Crashed Hard Disk Drive 2.2.5 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Tested on OS...
NetworkSleuth 3.0.0.0 - 'Key' Denial of Service (PoC)
Exploit Title: NetworkSleuth 3.0.0.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concep...
IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting
Exploit Title: IBM RICOH Infoprint 1532 Printer - Persistent Cross-Site Scripting Date: 2020-01-02 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ibm.com/il-en Hardware Link: https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=AN&subtype=CA&htmlfid=897/ENUS105-476&appname=US...
Complaint Management System 4.0 - 'cid' SQL injection
Exploit Title: Complaint Management System 4.0 - 'cid' SQL injection Google Dork: N/A Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/complaint-management-sytem/ Version: v4.0 Tested on: Windows 7 CVE : N/A Description: The...
Dnss Domain Name Search Software - 'Key' Denial of Service (PoC)
Exploit Title: Dnss Domain Name Search Software - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proo...
Dairy Farm Shop Management System 1.0 - 'username' SQL Injection
Exploit Title: Dairy Farm Shop Management System 1.0 - 'username' SQL Injection Google Dork: N/A Date: 2020-01-03 Exploit Author: Chris Inzinga Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/ Version: v1.0 Teste...
NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service
Exploit Title: NetShareWatcher 1.5.8.0 - 'Name' Denial Of Service Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Tested on OS: Windows 10 CVE : N/A '''...
RemShutdown 2.9.0.0 - 'Key' Denial of Service (PoC)
Exploit Title: RemShutdown 2.9.0.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept Po...
Dnss Domain Name Search Software - 'Name' Denial of Service (PoC)
Exploit Title: Dnss Domain Name Search Software - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Pro...
SpotMSN 2.4.6 - 'Name' Denial of Service (PoC)
Exploit Title: SpotMSN 2.4.6 - 'Name' Denial of Service PoC Exploit Author: Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotmsnsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
SpotIM 2.2 - 'Name' Denial Of Service
Exploit Title: SpotIM 2.2 - 'Name' Denial Of Service Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotimsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
Voyager 1.3.0 - Directory Traversal
Exploit Title: Voyager 1.3.0 - Directory Traversal Google Dork: N/A Date: January 2020-01-06 Exploit Author: NgoAnhDuc Vendor Homepage: https://voyager.devdojo.com/ Software...
Small CRM 2.0 - Authentication Bypass
Exploit Title: Small CRM 2.0 - Authentication Bypass Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/small-crm-php/ Version: V2.0 Tested on: Windows CVE : N/A Description: There is a SQL injection...
Duplicate Cleaner Pro 4 - Denial of Service (PoC)
Exploit Title: Duplicate Cleaner Pro 4 - Denial of Service PoC Date: 2020-01-05 Vendor Homepage:https://www.digitalvolcano.co.uk/index.html Software Link: https://www.digitalvolcano.co.uk/download/DuplicateCleanerPro4setup.exe Exploit Author: Achilles Tested Version: 4.1.3 Tested on: Windows 7 x6...
Subrion CMS 4.0.5 - Cross-Site Request Forgery (Add Admin)
Exploit Title: Subrion CMS 4.0.5 - Cross-Site Request Forgery Add Admin Date: 2020-01-05 Exploit Author: Ismail Tasdelen Vendor Homepage: https://intelliants.com/ Software Link : https://github.com/intelliants/subrion/releases/tag/v4.0.5 Software : Subrion CMS Product Version: v 4.0.5.10...
NBMonitor 1.6.6.0 - 'Key' Denial of Service (PoC)
Exploit Title: NBMonitor 1.6.6.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
SpotIE 2.9.5 - 'Key' Denial of Service (PoC)
Exploit Title: SpotIE 2.9.5 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotiesetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
Hostel Management System 2.0 - 'id' SQL Injection
Exploit Title: Hostel Management System 2.0 - 'id' SQL Injection Google Dork: intitle: "Hostel management system" Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com Software Link: https://phpgurukul.com/hostel-management-system/ Version: v2.0 Tested on: Windows CVE...