Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)

Exploit Title: Xerox AltaLink C8035 Printer - Cross-Site Request Forgery Add Admin Date: 2018-12-17 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.xerox.com/ Hardware Link : https://www.office.xerox.com/en-us/multifunction-printers/altalink-c8000-series Software : Xerox Printer...

macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()

The XNU function waitfornamespaceevent in bsd/vfs/vfssyscalls.c releases a file descriptor for use by userspace but may then subsequently destroy that file descriptor using fpfree, which unconditionally frees the fileproc and fileglob. This opens up a race window during which the process could...

XnView 2.49.1 - 'Research' Denial of Service (PoC)

Exploit Title: XnView 2.49.1 - 'Research' Denial of Service PoC Exploit Author : ZwX Exploit Date: 2019-12-17 Vendor Homepage : http://www.xnview.com Link Software : https://www.xnview.com/fr/xnview/downloads Tested on OS: Windows 7 ''' Proof of Concept PoC: ======================= 1.Download and...

Telerik UI - Remote Code Execution via Insecure Deserialization

See the full write-up at Bishop Fox, CVE-2019-18935: https://know.bishopfox.com/research/cve-2019-18935-remote-code-execution-in-telerik-ui, for a complete walkthrough of vulnerability and exploit details for this issue along with patching instructions. Install git clone...

Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)

Exploit Title: Tautulli 2.1.9 - Cross-Site Request Forgery ShutDown Date: 2018-12-17 Exploit Author: Ismail Tasdelen Vendor Homepage: https://tautulli.com/ Software : https://github.com/Tautulli/Tautulli Product Version: v2.1.9 Platform: Windows 10 10.0.18362 Python Version: 2.7.11...

NopCommerce 4.2.0 - Privilege Escalation

Vulnerability Title: NopCommerce 4.2.0 - Privilege Escalation Author: Alessandro Magnosi d3adc0de Date: 2019-07-07 Vendor Homepage: https://www.nopcommerce.com/ Software Link : https://www.nopcommerce.com/ Tested Version: 4.2.0 Vulnerability Type: Privilege Escalation Tested on OS: Windows 10,...

WordPress Core < 5.3.x - 'xmlrpc.php' Denial of Service

!/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries: prefix = "system.multicall" suffix = "" request = prefix...

Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting

Exploit Title: Zendesk App SweetHawk Survey 1.6 - Persistent Cross-Site Scripting Date: 2019-12-17 Exploit Author: MTK Vendor Homepage: https://sweethawk.co/zendesk/survey-app Software Link: https://www.zendesk.com/apps/support/survey/ Version: Up to v1.6 Tested on: Zendesk - Firefox/Windows...

Netgear R6400 - Remote Code Execution

Exploit Title: Netgear R6400 - Remote Code Execution Date: 2019-12-14 Exploit Author: Kevin Randall CVE: CVE-2016-6277 Vendor Homepage: https://www.netgear.com/ Category: Hardware Version: V1.0.7.21.1.93 PoC !/usr/bin/python import urllib2 IPADDR = "192.168.1.1" PROTOCOL = "http://" DIRECTORY =...

D-Link DIR-615 - Privilege Escalation

Exploit Title: D-Link DIR-615 - Privilege Escalation Date: 2019-12-10 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmware Version: 20.07 Tested on: Windows 10 an...

Linux 5.3 - Privilege Escalation via io_uring Offload of sendmsg() onto Kernel Thread with Kernel Creds

Since commit 0fa03c624d8f "iouring: add support for sendmsg", first in v5.3, iouring has support for asynchronously calling sendmsg. Unprivileged userspace tasks can submit IORINGOPSENDMSG submission queue entries, which cause sendmsg to be called either in syscall context in the original task, o...

D-Link DIR-615 Wireless Router  -  Persistent Cross-Site Scripting

Exploit Title: D-Link DIR-615 Wireless Router - Persistent Cross-Site Scripting Date: 2019-12-13 Exploit Author: Sanyam Chawla Vendor Homepage: http://www.dlink.co.in Category: Hardware Wi-fi Router Hardware Link: http://www.dlink.co.in/products/?pid=678 Hardware Version: T1 Firmware Version:...

Roxy Fileman 1.4.5 - Directory Traversal

Exploit Title: Roxy Fileman 1.4.5 - Directory Traversal Author: Patrik Lantz Date: 2019-12-06 Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-net CVE: CVE-2019-19731 Tested on: ASP.NET 4.0.30319 and...

OpenBSD 6.x - Dynamic Loader Privilege Escalation

Qualys Security Advisory Local Privilege Escalation in OpenBSD's dynamic loader CVE-2019-19726 ============================================================================== Contents ============================================================================== Summary Analysis Demonstration...

NVMS 1000 - Directory Traversal

Title: NVMS-1000 - Directory Traversal Date: 2019-12-12 Author: Numan Türle Vendor Homepage: http://en.tvt.net.cn/ Version : N/A Software Link : http://en.tvt.net.cn/products/188.html POC --------- GET /../../../../../../../../../../../../windows/win.ini HTTP/1.1 Host: 12.0.0.1 Accept:...

FTP Commander Pro 8.03 - Local Stack Overflow

Exploit Title: FTP Commander Pro 8.03 - Local Stack Overflow Date: 2019-12-12 Exploit Author: boku Discovered by: UNNON Original DoS: FTP Commander 8.02 - Overwrite SEH Original DoS Link: https://www.exploit-db.com/exploits/37810 Software Vendor: http://www.internet-soft.com/ Software Link:...

ManageEngine Desktop Central - 'FileStorage getChartImage' Deserialization / Unauthenticated Remote Code Execution

!/usr/bin/python3 """ ManageEngine Desktop Central FileStorage getChartImage Deserialization of Untrusted Data Remote Code Execution Vulnerability Download: https://www.manageengine.com/products/desktop-central/download-free.html File ...: ManageEngineDesktopCentral64bit.exe SHA1 ...:...

OpenNetAdmin 18.1.1 - Command Injection Exploit (Metasploit)

class MetasploitModule 'OpenNetAdmin Ping Command Injection', 'Description' = %q This module exploits a command injection in OpenNetAdmin between 8.5.14 and 18.1.1. , 'Author' = 'mattpascoe', Vulnerability discovery 'Onur ER ' Metasploit module , 'References' = 'EDB', '47691' , 'DisclosureDate' =...

Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service (PoC)

Exploit Title: Lenovo Power Management Driver 1.67.17.48 - 'pmdrvs.sys' Denial of Service PoC Date: 2019-12-11 Exploit Author: Nassim Asrir CVE: CVE-2019-6192 Tested On: Windows 1064bit | ThinkPad T470p Vendor : https://www.lenovo.com/us/en/ Ref :...

Bullwark Momentum Series JAWS 1.0 - Directory Traversal

Title: Bullwark Momentum Series JAWS 1.0 - Directory Traversal Date: 2019-12-11 Author: Numan Türle Vendor Homepage: http://www.bullwark.net/ Version : Bullwark Momentum Series Web Server JAWS/1.0 Software Link : http://www.bullwark.net/Kategoriler.aspx?KategoriID=24 POC --------- GET...

Product Key Explorer 4.2.0.0 - 'Key' Denial of Service (PoC)

Exploit Title: Product Key Explorer 4.2.0.0 - 'Key' Denial of Service POC Discovery by: SajjadBnd Date: 2019-12-10 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Tested Version: 4.2.0.0 Vulnerability Type: Denial of Service...

AppXSvc 17763 - Arbitrary File Overwrite (DoS)

Exploit Title: AppXSvc 17763 - Arbitrary File Overwrite DoS Date: 2019-10-28 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested on: Windows 10 Version 1809 for x64-based Systems CVE: CVE-2019-1476 Summary: AppXSvc...

Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font

We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=707779e0...

Product Key Explorer 4.2.0.0 - 'Name' Denial of Service (POC)

Exploit Title: Product Key Explorer 4.2.0.0 - 'Name' Denial of Service POC Discovery by: SajjadBnd Date: 2019-12-10 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Tested Version: 4.2.0.0 Vulnerability Type: Denial of Service...

Apache Olingo OData 4.0 - XML External Entity Injection

COMPASS SECURITY ADVISORY https://www.compass-security.com/research/advisories/ Product: Apache Olingo OData 4.0 Vendor: Apache Foundation CSNC ID: CSNC-2009-025 CVE ID: CVE-2019-17554 Subject: XML External Entity Resolution XXE Risk: High Effect: Remotely exploitable Author: Archibald Haddock...

Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution

Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Remote Command Execution Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Version: 6.x Advisory ID: ZSL-2019-55...

Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery

Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Unauthenticated Server-Side Request Forgery Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Version: 6.x...

Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials

Exploit Title: Inim Electronics Smartliving SmartLAN 6.x - Hard-coded Credentials Exploit Author: LiquidWorm Date: 2019-12-09 Product web page: https://www.inim.biz Link: https://www.inim.biz/en/antintrusion-control-panels/home-automation/control-panel-smartliving? Advisory ID: ZSL-2019-5546...

Omron PLC 1.0.0 - Denial of Service (PoC)

Exploit Title: Omron PLC 1.0.0 - Denial of Service PoC Google Dork: n/a Date: 2019-12-06 Exploit Author: n0b0dy Vendor Homepage: https://automation.omron.com, ia.omron.com Software Link: n/a Version: 1.0.0 Tested on: PLC f/w rev.: CJ2M v2.01 CWE-412 : Unrestricted Externally Accessible Lock CVE :...

Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting

Exploit Title: Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://snipeitapp.com/ Software Link: https://github.com/snipe/snipe-it/releases/tag/v4.7.5 Version: 4.7.5 Category: Webapps Tested on: Xamp...

Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution

Exploit Title: Yachtcontrol Webapplication 1.0 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2019-12-06 Exploit Author: Hodorsec Vendor Homepage: http://www.yachtcontrol.nl/en/ Version: 1.0 Software Link: http://download.yachtcontrol.nl/klant/Software/ &...

Alcatel-Lucent Omnivista 8770 - Remote Code Execution

Exploit Title: Alcatel-Lucent Omnivista 8770 - Remote Code Execution Google Dork: inurl:php-bin/webclient.php Date: 2019-12-01 Author: 0x1911 Vendor Homepage: https://www.al-enterprise.com/ Software Link:...

SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow (SEH)

Exploit Title: SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow SEH Exploit Author: Kirill Nikolaev Date: 2019-12-06 Vulnerable Software: SpotAuditor Vendor Homepage: http://www.nsauditor.com/ Version: 5.3.2 Software Link: http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested...

PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass

Exploit Title: PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass Date: 2019-12-08 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.websitem.biz/hazir-site/pro-7070-hazir-mobil-tablet-uyumlu-web-sitesi Tested on: Kali Linux Version: 1.0 CVE: N/A ----- PoC:...

Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting

Exploit Title : Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting Exploit Author : omurugur Software link: https://www.oracle.com/tr/applications/siebel/ Effective version : Oracle Siebel Sales 8.1 CVE: N/A Examples Request; POST /salesADMINtrk/start.swe HTTP/1.1 Content-Type:...

Microsoft Windows - Multiple UAC Protection Bypasses

Windows 10 UAC bypass for all executable files which are autoelevate true. https://heynowyouseeme.blogspot.com/2019/08/windows-10-lpe-uac-bypass-in-windows.html Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47753.zip...

Mozilla FireFox (Windows 10 x64) - Full Chain Client Side Attack

// Axel '0vercl0k' Souchet - November 19 2019 // EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47752.zip // 0:000 ? xul!sAutomationPrefIsSet - xul // Evaluate expression: 85724947 = 00000000051c0f13 const XulsAutomationPrefIsSet = 0x051c0f13n;...

Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow

Exploit Title: Integard Pro NoJs 2.2.0.9026 - Remote Buffer Overflow Date: 2019-09-22 Exploit Author: purpl3f0xsecur1ty Vendor Homepage: https://www.tucows.com/ Software Link: http://www.tucows.com/preview/519612/Integard-Home Version: Pro 2.2.0.9026 / Home 2.0.0.9021 Tested on: Windows XP / Win7...

Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite

Exploit Title: Trend Micro Deep Security Agent 11 - Arbitrary File Overwrite Exploit Author : Peter Lapp Exploit Date: 2019-12-05 Vendor Homepage : https://www.trendmicro.com/enus/business.html Link Software : https://help.deepsecurity.trendmicro.com/software.html?regs=NABU&prodid=1716 Tested on...

Verot 2.0.3 - Remote Code Execution

Exploit Title: Verot 2.0.3 - Remote Code Execution Date: 2019-12-05 Exploit Author: Jinny Ramsmark Vendor Homepage: https://www.verot.net/phpclassupload.htm Software Link: https://github.com/verot/class.upload.php Version: '; $quality = "85"; $baseurl = "http://lorempixel.com"; echo "-=Imagejpeg...

NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path

Exploit Title: NETGATE Data Backup 3.0.620 - 'NGDatBckpSrv' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-12-04 Vendor Homepage : http://www.netgate.sk/ Link Software : http://www.netgate.sk/download/download.php?id=5 Tested on OS: Windows 7 Analyze PoC : ==============...

Amiti Antivirus 25.0.640 - Unquoted Service Path

Exploit Title: Amiti Antivirus 25.0.640 - Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-12-04 Vendor Homepage : http://www.netgate.sk/ Link Software : https://www.netgate.sk/download/download.php?id=11 Tested on OS: Windows 7 Analyze PoC : ============== C:\Users\ZwXsc qc...

Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution

Title: Broadcom CA Privilged Access Manager 2.8.2 - Remote Command Execution Author: Peter Lapp Date: 2019-12-05 Vendor: https://techdocs.broadcom.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html CVE: CVE-2018-9021 an...

OwnCloud 8.1.8 - Username Disclosure

Exploit Title: OwnCloud 8.1.8 - Username Disclosure Exploit Author : Daniel Moreno Exploit Date: 2019-11-29 Vendor Homepage : https://owncloud.org/ Link Software : https://ftp.icm.edu.pl/packages/owncloud/ old version. Download at your own risk Tested on OS: CentOS PoC: 1. Create an account in...

Microsoft Visual Basic 2010 Express - XML External Entity Injection

Exploit Title: Microsoft Visual Basic 2010 Express - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2019-12-03 Version Software : 10.0.30319.1 RTMRel Vendor Homepage : https://www.microsoft.com/ Software Link:...

SSDWLAB 6.1 - Authentication Bypass

Exploit Title: SSDWLAB 6.1 - Authentication Bypass Date: 2019-10-01 Exploit Author: Luis Buendía exoticpayloads Vendor Homepage: http://www.sbpsoftware.com/ Version: 6.1 Tested on: IIS 7.5 CVE : Pending Description: By injection on the SOAP function in the EditUserPassword function, it is possibl...

Online Clinic Management System 2.2 - HTML Injection

Exploit Title: Online Clinic Management System 2.2 - HTML Injection Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link : https://bigprof.com/appgini/applications/online-clinic-management-system Software : Online Clinic Management System...

Cisco WLC 2504 8.9 - Denial of Service (PoC)

Exploit Title: Cisco WLC 2504 8.9 - Denial of Service PoC Google Dork: N/A Date: 2019-11-25 Exploit Author: SecuNinja Vendor Homepage: cisco.com Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-dos Version: 8.4 to 8.9 Tested on: not...

Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting

Exploit Title: Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Download Link : https://github.com/bigprof-software/online-invoicing-system Software : Online Invoicing Syst...

Revive Adserver 4.2 - Remote Code Execution

Exploit Title: Revive Adserver 4.2 - Remote Code Execution Google Dork: "inurl:www/delivery filetype:php" Exploit Author: crlf Vendor Homepage: https://www.revive-adserver.com/ Software Link: https://www.revive-adserver.com/download/archive/ Version: 4.1.x '' : @list$x, $url, $code = $argv;...