47884 matches found
Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery
Exploit Title: Intelbras Router RF1200 1.1.3 - Cross-Site Request Forgery Date: 2019-11-06 Exploit Author: Joas Antonio Vendor Homepage: intelbras.com.br Software Link: https://www.intelbras.com/pt-br/roteador-wireless-smart-dual-band-action-rf-1200 Version: 1.1.3 REQUIRED Tested on: Windows CVE ...
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
Exploit Title: Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass Discovery by: hyp3rlinx Date: 2019-12-03 Vendor Homepage: www.microsoft.com CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery
Exploit Title: SmartHouse Webapp 6.5.33 - Cross-Site Request Forgery Discovery by: LiquidWorm Date: 2019-12-02 Vendor Homepage: Tested Version: 6.5.33.17072501 CVE: N/A Advisory ID: ZSL-2019-5543 Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5543.php Carlo Gavazzi SmartHous...
Nsauditor 3.1.8.0 - 'Key' Denial of Service (PoC)
Exploit Title: Nsauditor 3.1.8.0 - 'Key' Denial of Service PoC Discovery by: SajjadBnd Date: 2019-11-30 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.8.0 Vulnerability Type: Denial of Service DoS Local Tested on...
Nsauditor 3.1.8.0 - 'Name' Denial of Service (PoC)
Exploit Title: Nsauditor 3.1.8.0 - 'Name' Denial of Service PoC Discovery by: SajjadBnd Date: 2019-11-30 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.8.0 Vulnerability Type: Denial of Service DoS Local Tested on...
Microsoft Excel 2016 1901 - XML External Entity Injection
Exploit Title: Microsoft Excel 2016 1901 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Tested Version: 2016 v1901 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions
Exploit Title: Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.maxpcsecure.com Tested Version: 19.0.4.020 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Visual Studio 2008 - XML External Entity Injection
Exploit Title: Visual Studio 2008 - XML External Entity Injection Discovery by: hyp3rlinx Date: 2019-12-02 Vendor Homepage: www.microsoft.com Software Link: Visual Studio 2008 Express IDE Tested Version: 2008 CVE: N/A + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source...
Dokuwiki 2018-04-22b - Username Enumeration
Exploit Title: Dokuwiki 2018-04-22b - Username Enumeration Date: 2019-12-01 Exploit Author: Talha ŞEN Vendor Homepage: https://www.dokuwiki.org/dokuwiki Software Link: https://download.dokuwiki.org/ Version: 2018-04-22b "Greebo" Tested on: Alpine Linux 3.5 docker image PHP 5.6.30 Apache/2.4.25 Un...
Anviz CrossChex 4.3.12 - Local Buffer Overflow
Exploit Title: Anviz CrossChex 4.3.12 - Local Buffer Overflow Date: 2019-11-30 Exploit Author: Luis Catarino & Pedro Rodrigues Vendor Homepage: https://www.anviz.com/ Software Link: https://www.anviz.com/download.html Version: Crosschex Standard x86 = V4.3.12 Tested on: 4.3.8.0, 4.3.12 CVE : N/A...
TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path
Exploit Title: TexasSoft CyberPlanet 6.4.131 - 'CCSrvProxy' Unquoted Service Path Date: 2019-11-28 Exploit Author: Cristian Ayala G Vendor Homepage: https://tenaxsoft.com/index.html Software Link: https://tenaxsoft.com/descargas.html Version: 6.4.131 Tested on: Windows 10 Pro x64 Step to discover...
SpotAuditor 5.3.2 - 'Key' Denial of Service
Exploit Title: SpotAuditor 5.3.2 - 'Key' Denial of Service Exploit Author : ZwX Exploit Date: 2019-11-28 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on OS: Windows 7 Social: twitter.com/ZwX2a ''' Proof of Conce...
SpotAuditor 5.3.2 - 'Name' Denial of Service
Exploit Title: SpotAuditor 5.3.2 - 'Name' Denial Of Service Exploit Author : ZwX Exploit Date: 2019-11-28 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact:...
Online Inventory Manager 3.2 - Persistent Cross-Site Scripting
Exploit Title: Online Inventory Manager 3.2 - Persistent Cross-Site Scripting Date: 2019-11-29 Exploit Author: Cemal Cihad ÇİFTÇİ Vendor Homepage: https://bigprof.com Software Link : https://bigprof.com/appgini/applications/online-inventory-manager Software : Online Inventory Manager Version : 3....
Bash 5.0 Patch 11 - SUID Priv Drop Exploit
Exploit Title : Bash 5.0 Patch 11 - SUID Priv Drop Exploit Date : 2019-11-29 Original Author: Ian Pudney , Chet Ramey Exploit Author : Mohin Paramasivam Shad0wQu35t Version : pwn.c cat pwn.c include include...
GHIA CamIP 1.2 for iOS - 'Password' Denial of Service (PoC)
Exploit Title: GHIA CamIP 1.2 for iOS - 'Password' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2019-11-27 Vendor Homepage: https://apps.apple.com/mx/app/ghia-camip/id1342090963 Software Link: App Store for iOS devices Tested Version: 1.2 Vulnerability Type: Denial of Servic...
Mersive Solstice 2.8.0 - Remote Code Execution
Exploit Title: Mersive Solstice 2.8.0 - Remote Code Execution Google Dork: N/A Date: 2016-12-23 Exploit Author: Alexandre Teyar Vendor Homepage: https://www2.mersive.com/ Firmware Link: http://www.mersive.com/Support/Releases/SolsticeServer/SGE/Android/2.8.0/Solstice.apk Versions: 2.8.0 Tested On...
WordPress Core 5.3 - User Disclosure
Exploit Title : Wordpress 5.3 - User Disclosure Author: SajjadBnd Date: 2019-11-17 Software Link: https://wordpress.org/download/ version : wp ' vuln = url + "/wp-json/wp/v2/users/" while True: try: r = requests.getvuln,verify=False content = json.loadsr.text datacontent except...
Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service (PoC)
Exploit Title: Microsoft DirectX SDK 2010 - '.PIXrun' Denial Of Service PoC Exploit Author : ZwX Exploit Date: 2019-11-26 Vendor Homepage : https://www.microsoft.com/ Link Software : https://www.microsoft.com/en-us/download/details.aspx?id=681 Tested on OS: Windows 7 Proof of Concept PoC:...
SpotAuditor 5.3.2 - 'Base64' Denial Of Service (PoC)
Exploit Title: SpotAuditor 5.3.2 - 'Base64' Denial Of Service PoC Exploit Author : ZwX Exploit Date: 2019-11-26 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested on OS: Windows 7 ''' Proof of Concept PoC:...
iNetTools for iOS 8.20 - 'Whois' Denial of Service (PoC)
Exploit Title: iNetTools for iOS 8.20 - 'Whois' Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2019-11-25 Vendor Homepage: https://apps.apple.com/mx/app/inettools-ping-dns-port-scan/id561659975 Software Link: App Store for iOS devices Tested Version: 8.20 Vulnerability Type:...
InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service (PoC)
Exploit Title: InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2019-11-23 Vendor Homepage: http://www.indusoft.com/ Software Link : http://www.indusoft.com/Products-Downloads Tested Version: 8.1 SP1 Vulnerability Type: Denial of Service DoS...
InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service (PoC)
Exploit Title: InTouch Machine Edition 8.1 SP1 - 'Atributos' Denial of Service PoC Discovery by: chuyreds Discovery Date: 12019-11-16 Vendor Homepage: https://on.wonderware.com/ Software Link : https://on.wonderware.com/intouch-machine-edition Tested Version: 8.1 SP1 Vulnerability Type: Denial of...
SMPlayer 19.5.0 - Denial of Service (PoC)
Title : SMPlayer 19.5.0 - Denial of Service PoC Tested on : Windows 7 64 bit Vulnerable Software: SMPlayer v 19.5.0 Exploit Author: Malav Vyas Vendor Homepage: https://smplayer.info Version : 19.5.0 Software Link : https://smplayer.info/en/downloads POC run this python file, which will generate...
Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path
Exploit Title: Easy-Hide-IP 5.0.0.3 - 'EasyRedirect' Unquoted Service Path Date: 2019-11-22 Exploit Author: Rene Cortes S Vendor Homepage: https://easy-hide-ip.com Software Link: https://easy-hide-ip.com Version: 5.0.0.3 Tested on: Windows 7 Professional Service Pack 1 Step to discover the unquot...
Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path
Exploit Title: Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-24 Vendor Homepage: https://www.dell.com/ Software Link : https://www.dell.com/support/home/mx/es/mxbsdt1/drivers/driversdetails?driverid=vwpkk Tested Version...
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
Exploit Title: Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation Date: 2019-11-22 Exploit Author: Abdelhamid Naceri Vendor Homepage: www.microsoft.com Tested on: Windows 10 1903 CVE : CVE-2019-1385 Windows: "AppX Deployment Service" AppXSVC elevation of privilege vulnerability...
Internet Explorer - Use-After-Free in JScript Arguments During toJSON Callback
There is a use-after-free issue in JSCript triggerable via Internet Explorer where the members of the 'arguments' object aren't tracked by the garbage collector during the 'toJSON' callback. Thus, during the 'toJSON' callback, it is possible to assign a variable to the 'arguments' object, have it...
LiteManager 4.5.0 - Insecure File Permissions
Exploit Title: LiteManager 4.5.0 - Insecure File Permissions Exploit Author: ZwX Exploit Date: 2019-11-21 Vendor Homepage : LiteManager Team Software Link: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+support Tested on OS: Windows 7 Proof of Concept PoC:...
ProShow Producer 9.0.3797 - ('ScsiAccess') Unquoted Service Path
Exploit Title: ProShow Producer 9.0.3797 - 'ScsiAccess' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-11-21 Vendor Homepage : http://www.photodex.com/ Link Software : http://files.photodex.com/release/pspro903797.exe Tested on OS: Windows 7 Analyze PoC : ==============...
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache
Tested on macOS Mojave 10.14.6, 18G87 and Catalina Beta 10.15 Beta 19A536g. On macOS, the dyld shared cache in /private/var/db/dyld/ is generated locally on the system and therefore doesn't have a real code signature; instead, SIP seems to be the only mechanism that prevents modifications of the...
Network Management Card 6.2.0 - Host Header Injection
Exploit Title: Network Management Card 6.2.0 - Host Header Injection Google Dork: Date: 2019-11-21 Exploit Author: Amal E Thamban,Kamal Paul Vendor Homepage: https://www.apc.com/in/en/ Software Link: https://www.apc.com/shop/in/en/products/Network-Management-Card Version: v6.2.0 Tested on: Kali...
GNU Mailutils 3.7 - Privilege Escalation
Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo CVE : CVE-2019-18862 Title : GNU Mailuti...
TestLink 1.9.19 - Persistent Cross-Site Scripting
Exploit Title: TestLink 1.9.19 - Persistent Cross-Site Scripting Date: 2019-11-20 Exploit Author: Milad Khoshdel Software Link: http://testlink.org/ Version: TestLink 1.9.19 Tested on: Linux Apache/2 PHP/7.3.11 ========= Vulnerable Pages: ========= Persistent --...
Ubuntu 19.10 - Refcount Underflow and Type Confusion in shiftfs
Tested on Ubuntu 19.10, kernel "5.3.0-19-generic 20-Ubuntu". Ubuntu ships a filesystem "shiftfs" in fs/shiftfs.c in the kernel tree that doesn't exist upstream. This filesystem can be mounted from user namespaces, meaning that this is attack surface from unprivileged userspace in the default...
Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfs/shiftfs Error Path
Tested on 19.10. Ubuntu's aufs kernel patch includes the following change which I interestingly can't see in the AUFS code at https://github.com/sfjro/aufs5-linux/blob/master/mm/mmap.c: ================================================================== +define vmafputvma vmadofputvma, func, LINE...
OpenNetAdmin 18.1.1 - Remote Code Execution
Exploit Title: OpenNetAdmin 18.1.1 - Remote Code Execution Date: 2019-11-19 Exploit Author: mattpascoe Vendor Homepage: http://opennetadmin.com/ Software Link: https://github.com/opennetadmin/ona Version: v18.1.1 Tested on: Linux Exploit Title: OpenNetAdmin v18.1.1 RCE Date: 2019-11-19 Exploit...
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd
mediaserverd has various media parsing responsibilities; its reachable from various sandboxes and is able to talk to interesting kernel drivers so is a valid target in an exploit chain. One of the services it vends is com.apple.audio.AudioFileServer, a fairly simple XPC service which will parse...
Xorg X11 Server - Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Xorg X11 Server Local Privilege Escalation', 'Description' = %q WARNING: Successful execution of this module results in /etc/passwd being...
Pulse Secure VPN - Arbitrary Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Pulse Secure VPN Arbitrary Command Execution', 'Description' = %q This module exploits a post-auth command injection in the Pulse Secure VPN serv...
Bludit - Directory Traversal Image File Upload (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Bludit Directory Traversal Image File Upload Vulnerability", 'Description' = %q This module exploits a vulnerability in Bludit. A remote user cou...
Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/exe' require 'msf/core/exploit/powershell' class MetasploitModule 'Windows Escalate UAC Protection Bypass Via Shell Open Registry Key',...
FreeSWITCH - Event Socket Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FreeSWITCH Event Socket Command Execution', 'Description' = %q This module uses the FreeSWITCH event socket interface to execute system commands...
Microsoft Windows - Escalate UAC Protection Bypass (Via dot net profiler) (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Escalate UAC Protection Bypass Via dot net profiler', 'Description' = %q Microsoft Windows allows for the automatic loading of a profilin...
FusionPBX - Operator Panel exec.php Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FusionPBX Operator Panel exec.php Command Execution', 'Description' = %q This module exploits an authenticated command injection vulnerability in...
XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service
Exploit Title: XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service Exploit Author : ZwX Exploit Date: 2019-11-18 Vendor Homepage : https://www.xmedia-recode.de/ Link Software : https://www.xmedia-recode.de/download.php Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact: [email protected] ''' Proof...
Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path
Exploit Title: Studio 5000 Logix Designer 30.01.00 - 'FactoryTalk Activation Service' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-18 Vendor Homepage: https://www.rockwellautomation.com/enNA/overview.page Software Link :...
BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path
Exploit Title: BartVPN 1.2.2 - 'BartVPNService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2019-11-18 Vendor Homepage : https://www.filehorse.com/ Link Software : https://www.filehorse.com/download-bartvpn/ Tested on OS: Windows 7 Analyze PoC : ============== C:\Users\ZwXsc qc...
Microsoft Windows 7 (x86) - 'BlueKeep' Remote Desktop Protocol (RDP) Remote Windows Kernel Use After Free
EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47683.zip import rdp import socket import binascii import time def poolsprays, crypter, payload: times = 10000 count = 0 while count times: count += 1 print'time through %d' % count try:...
Centova Cast 3.2.12 - Denial of Service (PoC)
Exploit Title: Centova Cast 3.2.12 - Denial of Service PoC Date: 2019-11-18 Exploit Author: DroidU Vendor Homepage: https://centova.com Affected Version: =v3.2.12 Tested on: Debian 9, CentOS 7 =============================================== The Centova Cast becomes out of control and causes 100%...