47904 matches found
Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path
Exploit Title: Adaware Web Companion 4.9.2159 - 'WCAssistantService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2020-01-05 Vendor Homepage : http://webcompanion.com/ Link Software :...
BlueAuditor 1.7.2.0 - 'Name' Denial of Service (PoC)
Exploit Title: BlueAuditor 1.7.2.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/blueauditorsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept...
Office Product Key Finder 1.5.4 - Denial of Service (PoC)
Exploit Title: Office Product Key Finder 1.5.4 - Denial of Service PoC Date: 2020-01-06 Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nsauditor.com/downloads/officeproductkeyfindersetup.exe Exploit Author: Gokkul Tested Version: v1.5.4 Tested on: Windows 7 x64 Software...
SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service (PoC)
Exploit Title: SpotFTP FTP Password Recovery 3.0.0.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotftpsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof...
TextCrawler Pro3.1.1 - Denial of Service (PoC)
Exploit Title: TextCrawler Pro3.1.1 - Denial of Service PoC Date: 2020-05-01 Vendor Homepage:https://www.digitalvolcano.co.uk/index.html Software Link: https://www.digitalvolcano.co.uk/download/TextCrawlerPro=setup.exe Exploit Author: Achilles Tested Version: 3.1.1 Tested on: Windows 7 x64 1.- Ru...
NetShareWatcher 1.5.8.0 - 'Key' Denial of Service (PoC)
Exploit Title: NetShareWatcher 1.5.8.0 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Tested on OS: Windows 10 CVE : N/A '''...
FTPGetter Professional 5.97.0.223 - Denial of Service (PoC)
Exploit Title: FTPGetter Professional 5.97.0.223 - Denial of Service PoC Google Dork: N/A Date: 2020-01-03 Exploit Author: FULLSHADE Vendor Homepage: https://www.ftpgetter.com/ Software Link: https://www.ftpgetter.com/ftpgetterprosetup.exe Version: v.5.97.0.223 Tested on: Windows 7 CVE : N/A...
SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service (PoC)
Exploit Title: SpotFTP FTP Password Recovery 3.0.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotftpsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proo...
elaniin CMS 1.0 - Authentication Bypass
Exploit Title: elaniin CMS 1.0 - Authentication Bypass Author: riamloo Date: 2020-01-02 Vendor Homepage: https://elaniin.com/ github == https://github.com/elaniin/ Software Link: https://github.com/elaniin/CMS/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: Open-source Conte...
ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service (PoC)
Exploit Title: ShareAlarmPro Advanced Network Access Control - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/networksleuthsetup.exe Tested on OS: Windows 10 CVE :...
SpotDialup 1.6.7 - 'Key' Denial of Service (PoC)
Exploit Title: SpotDialup 1.6.7 - 'Key' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotdialupsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept PoC:...
Microsoft Outlook VCF cards - Denial of Service (PoC)
Exploit Title: Microsoft Outlook VCF cards - Denial of Service PoC Date: 2020-01-04 Exploit Author: hyp3rlinx Vendor Homepage: www.microsoft.com + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Codoforum 4.8.3 - Persistent Cross-Site Scripting
Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-03 Exploit Author: Prasanth c41m, Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link: https://codoforum.com/buy Version: Codoforum 4.8.3 Tested on:...
RemShutdown 2.9.0.0 - 'Name' Denial of Service (PoC)
Exploit Title: RemShutdown 2.9.0.0 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/remshutdownsetup.exe Tested on OS: Windows 10 CVE : N/A ''' Proof of Concept...
Plantronics Hub 3.13.2 - Local Privilege Escalation
Exploit Title: Plantronics Hub 3.13.2 - Local Privilege Escalation Date: 2020-01-2 Exploit Author: Markus Krell - @MarkusKrell Vendor Homepage: https://support.polycom.com/content/dam/polycom-support/global/documentation/plantronics-hub-local-privilege-escalation-vulnerability.pdf Software Link:...
Karakuzu ERP Management Web 5.7.0 - 'k_adi_duz' SQL Injection
Exploit Title: Karakuzu ERP Management Web 5.7.0 - 'kadiduz' SQL Injection Discovery Date: 2019-09-20 Exploit Author: Hakan TAŞKÖPRÜ Vendor Homepage: http://karakuzu.info/ Effected Version = 5.7.0 Vulnerability 1: Unauthenticated SQL Injection ==================================================...
Online Course Registration 2.0 - Remote Code Execution
Exploit Title: Online Course Registration 2.0 - Remote Code Execution Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/online-course-registration-free-download/ Version: v2.0 Category: Webapps Tested on: Xampp for Windows...
Hospital Management System 4.0 - 'searchdata' SQL Injection
Exploit Title: Hospital Management System 4.0 - 'searchdata' SQL Injection Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4.0 Tested on: Windows CVE :...
MSN Password Recovery 1.30 - Denial of Service (PoC)
Exploit Title: MSN Password Recovery 1.30 - Denial of Service PoC Date: 2020-01-02 Vendor Homepage: https://www.top-password.com/ Software Link: https://www.top-password.com/download/MSNPRSetup.exe Exploit Author: Gokkulraj Tested Version: v1.30 Tested on: Windows 7 x64 1.- Download and install M...
Hospital Management System 4.0 - Persistent Cross-Site Scripting
Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4.0 Tested on: Windows CVE :...
BloodX 1.0 - Authentication Bypass
Exploit Title: BloodX 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-31 Vendor Homepage: https://github.com/diveshlunker/BloodX Software Link: https://github.com/diveshlunker/BloodX/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: An standalone platform which lets...
Microsoft Windows - Shell COM Server Registrar Local Privilege Escalation
// Axel '0vercl0k' Souchet - December 28 2019 // References: // - Found by an anonymous researcher, written up by Simon '@HexKitchen' Zuckerbraun // - https://www.zerodayinitiative.com/blog/2019/12/19/privilege-escalation-via-the-core-shell-com-registrar-object // -...
Hospital Management System 4.0 - Authentication Bypass
Exploit Title: Hospital Management System 4.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/hospital-management-system-in-php/ Version: v4.0 Category: Webapps Tested on: Xampp for Windows...
IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
Exploit Title: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal Date: 2020-01-01 Exploit Author: Raif Berkay Dincel Vendor Homepage: ibm.com Software https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ca&infotype=an&appname=iSource&supplier=897&letternum=ENUS107-295...
Shopping Portal ProVersion 3.0 - Authentication Bypass
Exploit Title: Shopping Portal ProVersion 3.0 - Authentication Bypass Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://phpgurukul.com/ Software Link: https://phpgurukul.com/shopping-portal-free-download/ Version: v4.0 Category: Webapps Tested on: Xampp for Windows Descriptio...
Microsoft Windows .Group File - Code Execution
Exploit Title: Microsoft Windows .Group File - Code Execution Date: 2020-01-01 Exploit Author: hyp3rlinx Vendor Homepage: www.microsoft.com Version: 1.9.6 Tested on: Windows CVE : N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
nostromo 1.9.6 - Remote Code Execution
Exploit Title: nostromo 1.9.6 - Remote Code Execution Date: 2019-12-31 Exploit Author: Kr0ff Vendor Homepage: Software Link: http://www.nazgul.ch/dev/nostromo-1.9.6.tar.gz Version: 1.9.6 Tested on: Debian CVE : CVE-2019-16278 cve201916278.py !/usr/bin/env python import sys import socket art = """...
WordPress Plugin Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass
Exploit Title: Wordpress Ultimate Addons for Beaver Builder 1.2.4.1 - Authentication Bypass Date: 2019-12-21 Exploit Authors: Raphael Karger & Nathan Hrncirik Vendor Homepage: https://www.ultimatebeaver.com/ Version: Ultimate Addons for Beaver Builder | || | |/| / /| / //\ | /|//|||| / / / /...
NextVPN v4.10 - Insecure File Permissions
Exploit Title: NextVPN v4.10 - Insecure File Permissions Date: 2019-12-23 Exploit Author: SajjadBnd Contact: [email protected] Vendor Homepage: https://vm3max.site Software Link:http://dl.spacevm.com/NextVPNSetup-v4.10.exe Version: 4.10 Tested on: Win10 Professional x64 Description The NextVPN...
Sony Playstation 4 (PS4) < 6.72 - WebKit Code Execution (PoC)
/ badhoist ============ Exploit implementation of CVE-2018-4386. Obtains addrof/fakeobj and arbitrary read/write primitives. Supports PS4 consoles on 6.XX. May also work on older firmware versions, but I am not sure. Bug was fixed in firmware 7.00. EDB Note Download:...
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure
Exploit: MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure Date: 2019-12-30 Author: LiquidWorm Vendor: Emmanuel Product web page: https://github.com/empierre/MyDomoAtHome https://www.domoticz.com/wiki/ImperiHome https://docs.imperihome.com/app/iss Affected version: 0.2.40...
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)
Exploit Title: XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-19 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link : https://www.office.xerox.com/en-us/multifunction-printers/workcentre-7800-series Software : Xerox Printer...
Heatmiser Netmonitor 3.03 - Hardcoded Credentials
Exploit Title: Heatmiser Netmonitor 3.03 - Hardcoded Credentials Date: 2019-12-22 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf Software: Netmonitor v3.03 Product Version: Netmonitor...
AVE DOMINAplus 1.10.x - Authentication Bypass
Exploit: AVE DOMINAplus 1.10.x - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID: ZSL-2019-5549 Advisory URL:...
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting
Exploit: HomeAutomation 3.3.2 - Persistent Cross-Site Scripting Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID: ZSL-2019-5556 Advisor...
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)
Exploit Title: XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-19 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link : https://www.office.xerox.com/en-us/multifunction-printers/workcentre-7800-series/ Software : Xerox Printer...
Thrive Smart Home 1.1 - Authentication Bypass
Exploit: Thrive Smart Home 1.1 - Authentication Bypass Date: 2019-12-30 Author: LiquidWorm Vendor: Thrive Product web page: http://www.thrivesmarthomes.com Affected version: 1.1 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID: ZSL-2019-5554 Advisory URL:...
FTP Navigator 8.03 - Stack Overflow (SEH)
Exploit Title: FTP Navigator 8.03 - Stack Overflow SEH Date: December 28th, 2019 Exploit Author: boku Discovered by: Chris Inzinga Original DoS: FTP Navigator 8.03 - 'Custom Command' Denial of Service SEH Original DoS Link: https://www.exploit-db.com/exploits/47794 Software Vendor:...
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
Exploit: WEMS BEMS 21.3.1 - Undocumented Backdoor Account Date: 2019-12-30 Author: LiquidWorm Vendor: WEMS Limited Product web page: https://www.wems.co.uk Advisory ID: ZSL-2019-5552 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5552.php WEMS BEMS 21.3.1 Undocumented Backdo...
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm)
Exploit: AVE DOMINAplus 1.10.x - Cross-Site Request Forgery enable/disable alarm Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID: ZSL-2019-5547 Advisory URL:...
AVE DOMINAplus 1.10.x - Credential Disclosure
Exploit: AVE DOMINAplus 1.10.x - Credential Disclosure Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID: ZSL-2019-5550 Advisory URL:...
AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot
Exploit: AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot Date: 2019-12-30 Author: LiquidWorm Vendor: AVE S.p.A. Product web page: https://www.ave.it | https://www.domoticaplus.it Affected version: Web Server Code 53AB-WBS - 1.10.62 Advisory ID: ZSL-2019-5548 Advisory URL:...
Heatmiser Netmonitor 3.03 - HTML Injection
Exploit Title: Heatmiser Netmonitor 3.03 - HTML Injection Date: 2019-12-22 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.heatmiser.com/en/ Hardware Link: https://www.zoneregeling.nl/heatmiser/netmonitor-handleiding.pdf Software: Netmonitor v3.03 Product Version: Netmonitor v3.03...
Domain Quester Pro 6.02 - Stack Overflow (SEH)
Exploit Title: Domain Quester Pro 6.02 - Stack Overflow SEH Date: 2019-12-26 Exploit Author: boku Software Vendor: http://www.internet-soft.com/ Software Link: http://www.internet-soft.com/DEMO/questerprosetup.exe Version: Version 6.02 Tested on: Microsoft Windows 7 Enterprise - 6.1.7601 Service...
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation
Exploit: FreeBSD-SA-19:15.mqueuefs - Privilege Escalation Author: Karsten König of Secfault Security Date: 2019-12-30 Change line 719 to choose which vulnerability is targeted libmap.conf primitive inspired by kcope's 2005 exploit for Qpopper Exploit for FreeBSD-SA-19:15.mqueuefs and...
FreeBSD-SA-19:02.fd - Privilege Escalation
Exploit: FreeBSD-SA-19:02.fd - Privilege Escalation Date: 2019-12-30 Author: Karsten König of Secfault Security Twitter: @gr4yf0x Kudos: Maik, greg and Dirk for discussion and inspiration CVE: CVE-2019-5596 libmap.conf primitive inspired by kcope's 2005 exploit for Qpopper !/bin/sh echo "+ Root...
RICOH Web Image Monitor 1.09 - HTML Injection
Exploit Title: RICOH Web Image Monitor 1.09 - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/ptop010.html Software: RICOH Web Image Monitor Product Version:...
AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC)
Exploit Title: AVS Audio Converter 9.1.2.600 - Stack Overflow PoC Date: December 2019-12-28 Exploit Author: boku Original DoS: https://www.exploit-db.com/exploits/47788 Original DoS Author: ZwX Software Vendor: http://www.avs4you.com/ Software Link: http://www.avs4you.com/avs-audio-converter.aspx...
HomeAutomation 3.3.2 - Remote Code Execution
Exploit: HomeAutomation 3.3.2 - Remote Code Execution Date: 2019-12-30 Author: LiquidWorm Vendor: Tom Rosenback and Daniel Malmgren Product web page: http://karpero.mine.nu/ha/ Affected version: 3.3.2 Tested on: Apache/2.4.41 centos OpenSSL/1.0.2k-fips Advisory ID: ZSL-2019-5560 Advisory URL:...
Wing FTP Server 6.0.7 - Unquoted Service Path
Exploit Title: Wing FTP Server 6.0.7 - Unquoted Service Path Date: 2019-12-30 Exploit Author: Nawaf Alkeraithe Vendor Homepage: https://www.wftpserver.com/ Version: 6.0.7 Tested on: Windows 10 CVE : N/A PoC: C:\Users\usersc qc "Wing FTP Server" SC QueryServiceConfig SUCCESS SERVICENAME: Wing FTP...