scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service (PoC)

Exploit Title: scadaApp for iOS 1.1.4.0 - 'Servername' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-11-18 Vendor Homepage: https://apps.apple.com/ca/app/scadaapp/id1206266634 Software Link: App Store for iOS devices Tested Version: 1.1.4.0 Vulnerability Type: Denial of...

ipPulse 1.92 - 'Enter Key' Denial of Service (PoC)

Exploit Title: ipPulse 1.92 - 'Enter Key' Denial of Service PoC Discovery by: Diego Buztamante Discovery Date: 2019-11-18 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link : http://download.netscantools.com/ipls192.zip Tested Version: 1.92 Vulnerability Type: Denial of...

MobileGo 8.5.0 - Insecure File Permissions

Exploit Title: MobileGo 8.5.0 - Insecure File Permissions Exploit Author: ZwX Exploit Date: 2019-11-15 Vendor Homepage : https://www.wondershare.net/ Software Link: https://www.wondershare.net/mobilego/ Tested on OS: Windows 7 Proof of Concept PoC: ========================== C:\Program...

Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal

Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Google Dork: N/A​ Date: 2019​-11-15 Exploit Author: Kevin Randall​ Vendor Homepage: https://www.lexmark.com/enus.html​ Software Link: https://www.lexmark.com/enus.html​ Version: 2.27.4.0.39 Latest Version​ Tested on: Window...

Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service (PoC)

Exploit Title: Open Proficy HMI-SCADA 5.0.0.25920 - 'Password' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-11-16 Vendor Homepage: https://apps.apple.com/us/app/proficyscada/id525792142 Software Link: App Store for iOS devices GE Intelligent Platforms, Inc. Tested Versio...

NCP_Secure_Entry_Client 9.2 - Unquoted Service Paths

Exploit Title: NCPSecureEntryClient 9.2 - Unquoted Service Paths Date: 2019-11-17 Exploit Author: Akif Mohamed Ik Vendor Homepage: http://software.ncp-e.com/ Software Link: http://software.ncp-e.com/NCPSecureEntryClient/Windows/9.2x/ Version: 9.2x Tested on: Windows 7 SP1 CVE : NA C:\Users\userwm...

TemaTres 3.0 - 'value' Persistent Cross-site Scripting

Exploit Title: TemaTres 3.0 - 'value' Persistent Cross-site Scripting Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download Version: 3.0 CVE : 2019–14343 Reference:...

TemaTres 3.0 - Cross-Site Request Forgery (Add Admin)

Exploit Title: TemaTres 3.0 — Cross-Site Request Forgery Add Admin Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source: https://sourceforge.net/projects/tematres/files/TemaTres%203.0/tematres3.0.zip/download Version: 3.0 CVE : 2019–14345...

Crystal Live HTTP Server 6.01 - Directory Traversal

Title: Crystal Live HTTP Server 6.01 - Directory Traversal Date of found: 2019-11-17 Author: Numan Türle Vendor Homepage: https://www.genivia.com/ Version : Crystal Quality 6.01.x.x Software Link : https://www.crystalrs.com/crystal-quality-introduction/ POC --------- GET...

iSmartViewPro 1.3.34 - Denial of Service (PoC)

Exploit Title: iSmartViewPro 1.3.34 - Denial of Service PoC Discovery by: Ivan Marmolejo Discovery Date: 2019 -11-16 Vendor Homepage: http://www.smarteyegroup.com/ Software Link: https://apps.apple.com/mx/app/ismartviewpro/id834791071 Tested Version: 1.3.34 Vulnerability Type: Denial of Service D...

Centova Cast 3.2.11 - Arbitrary File Download

Exploit Title: Centova Cast 3.2.11 - Arbitrary File Download Date: 2019-11-17 Exploit Author: DroidU Vendor Homepage: https://centova.com Affected Version: =v3.2.11 Tested on: Debian 9, CentOS 7 !/bin/bash if "$4" = "" then echo "Usage: $0 centovacasturl user password ftpaddress" exit fi url=$1...

ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path

Exploit Title: ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path Date: 2019-11-16 Exploit Author : Olimpia Saucedo Vendor Homepage: www.asus.com Version: 1.00.31 Tested on: Windows 10 Pro x64 but it should works on all windows version The application suffers from an unquoted servic...

Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path

Exploit Title: Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-17 Vendor Homepage: https://www.emerson.com/en-us Software Link : https://www.opertek.com/descargar-software/?prc=326 Tested Version: 9.70 Buil...

nipper-ng 0.11.10 - Remote Buffer Overflow (PoC)

Exploit Title: nipper-ng 0.11.10 - Remote Buffer Overflow PoC Date: 2019-10-20 Exploit Author: Guy Levin https://blog.vastart.dev Vendor Homepage: https://tools.kali.org/reporting-tools/nipper-ng Software Link: https://code.google.com/archive/p/nipper-ng/source/default/source Version: 0.11.10...

Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service (PoC)

Exploit Title: Foscam Video Management System 1.1.4.9 - 'Username' Denial of Service PoC Author: chuyreds Discovery Date: 2019-11-16 Vendor Homepage: https://www.foscam.es/ Software Link : https://www.foscam.es/descarga/FoscamVMS1.1.4.9.zip Tested Version: 1.1.4.9 Vulnerability Type: Denial of...

Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path

Exploit Title: Shrew Soft VPN Client 2.2.2 - 'iked' Unquoted Service Path Date: 2019-11-14 Exploit Author: D.Goedecke Vendor Homepage: www.shrew.net Software Link: https://www.shrew.net/download/vpn/vpn-client-2.2.2-release.exe Version: 2.2.2 Tested on: Windows 10 64bit C:\Users\userwmic service...

Xfilesharing 2.5.1 - Arbitrary File Upload

Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Date: 2019-11-4 Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php Local File Inclusion...

Microsoft Windows 10 Build 1803 < 1903 - 'COMahawk' Local Privilege Escalation

EDB Note Download: - https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47684-1.exe - https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47684-2.zip COMahawk Privilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322 Video Demo...

oXygen XML Editor 21.1.1 - XML External Entity Injection

Exploit Title: oXygen XML Editor 21.1.1 - XML External Entity Injection Author: Pablo Santiago Date: 2019-11-13 Vendor Homepage: https://www.oxygenxml.com/ Source:https://www.oxygenxml.com/xmleditor/downloadoxygenxmleditor.html Version: 21.1.1 CVE : N/A Tested on: Windows 7 PoC 1- python -m...

Siemens Desigo PX 6.00 - Denial of Service (PoC)

Title: Siemens Desigo PX 6.00 - Denial of Service PoC Author: LiquidWorm Date: 2019-11-14 Vendor web page: https://www.siemens.com Product web page: https://new.siemens.com/global/en/products/buildings/automation/desigo.html Affected version:6.00 Affected version: Model: PXC00-E.D, PXC50-E.D,...

ScanGuard Antivirus 2020 - Insecure Folder Permissions

Exploit Title: ScanGuard Antivirus 2020 - Insecure Folder Permissions Date: 2019-10-10 Exploit Author: hyp3rlinx Vendor Homepage: https://www.scanguard.com/ Software Link: https://support.scanguard.com/en/kb/22/upgrades-available Version: 2020 Tested on: Windows CVE : N/A Category: exploit...

FUDForum 3.0.9 - Remote Code Execution

Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...

Technicolor TD5130.2 - Remote Command Execution

Exploit Title: Technicolor TD5130.2 - Remote Command Execution Date: 2019-11-12 Exploit Author: João Teles Vendor Homepage: https://www.technicolor.com/ Version: TD5130v2 Firmware Version: OIFwV20 CVE : CVE-2019-18396 --------------------------- POST /mntping.cgi HTTP/1.1 Host: HOST User-Agent:...

gSOAP 2.8 - Directory Traversal

Title: gSOAP 2.8 - Directory Traversal Author: Numan Türle Date: 2019-11-13 Vendor Homepage: https://www.genivia.com/ Version : gSOAP 2.8 Software Link : https://www.genivia.com/products.htmlgsoap POC --------- GET /../../../../../../../../../etc/passwd HTTP/1.1 Host: 10.200.106.101 Accept:...

Fastweb Fastgate 0.00.81 - Remote Code Execution

Exploit Title: Fastweb Fastgate 0.00.81 - Remote Code Execution Date: 2019-11-13 Exploit Author: Riccardo Gasparini Vendor Homepage: https://www.fastweb.it/ Software Link: http://59.0.121.191:8080/ACS-server/file/0.00.81FW200Askey only from Fastweb ISP network Version: 0.00.81 Tested on: Linux CV...

Linear eMerge E3 1.00-06 - Remote Code Execution

Title: Linear eMerge E3 1.00-06 - Remote Code Execution Author: LiquidWorm Date: 2019-11-13 Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Affected version: =2.3.0a Advisory:...

Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting

Exploit Title: Technicolor TC7300.B0 - 'hostname' Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-11-11 Exploit Author: Luis Stefan Vendor Homepage: https://www.technicolor.com/ Software Link: N/A Version: TC7300.B0 - STFA.51.20 Tested on: macOS Mojave and Catalina CVE : !/usr/bin/env...

Joomla 3.9.13 - 'Host' Header Injection

Exploit Title: Joomla 3.9.13 - 'Host' Header Injection Author: Pablo Santiago Date: 2019-11-12 Vendor Homepage: https://www.joomla.org/ Source: https://downloads.joomla.org/cms/joomla3/3-9-13/Joomla3-9-13-Stable-FullPackage.zip?format=zip Version: 3.9.13 CVE : N/A Tested on: Windows 10 PoC curl...

Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path

Exploit Title: Alps Pointing-device Controller 8.1202.1711.04 - 'ApHidMonitorService' Unquoted Service Path Date: 2019-11-12 Exploit Author: Mario Rodriguez Vendor Homepage: https://www.alps.com/e/ Software Link: https://www.alps.com/e/ Version: 8.1202.1711.04 Tested on: Windows 10 Home x64 Spani...

eMerge E3 Access Controller 4.6.07 - Remote Code Execution

Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested on: NA CVE...

eMerge E3 1.00-06 - Privilege Escalation

Exploit Title: eMerge E3 1.00-06 - Privilege Escalation Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested on: NA CVE : CVE-2019-7254,...

Prima FlexAir Access Control 2.3.38 - Remote Code Execution

Exploit Title: Prima FlexAir Access Control 2.3.38 - Remote Code Execution Google Dork: NA Date: 2018-09-06 Exploit Author: LiquidWorm Vendor Homepage: https://www.primasystems.eu/ Software Link: https://primasystems.eu/flexair-access-control/ Version: 2.3.38 Tested on: NA CVE : CVE-2019-7670...

Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting

Exploit Title: Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Cy83rl0gger Vendor Homepage: https://www.myadrenalin.com/ Software Link: https://www.myadrenalin.com/core-hcm/ Version: 5.4.0 REQUIRED Tested on: NA C...

RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path

Exploit Title: RTK IIS Codec Service 6.4.10041.133 - 'RtkI2SCodec' Unquote Service Path Google Dork: N/A Date: 2019-11-11 Exploit Author: chuyreds Vendor Homepage:https://www.realtek.com/en/ Software Link:...

Optergy 2.3.0a - Remote Code Execution (Backdoor)

Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: \n' sys.exit while True: challengeurl = 'http://'+sys.argv1+'/tools/ajax/ConsoleResult.html?get' try: req1 =...

Optergy 2.3.0a - Username Disclosure

Title: Optergy 2.3.0a - Username Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: djuro teppi view alerton stef humba drmio de3 andri myko dzonka kosto beebee Administrator...

FlexAir Access Control 2.4.9api3 - Remote Code Execution

Exploit Title: FlexAir Access Control 2.4.9api3 - Remote Code Execution Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 2.4.9api3 Tested...

CBAS-Web 19.0.0 - Username Enumeration

Exploit Title: CBAS-Web 19.0.0 - Username Enumeration Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0 Tested on: NA CVE :...

eMerge E3 Access Controller 4.6.07 - Remote Code Execution (Metasploit)

Exploit Title: eMerge E3 Access Controller 4.6.07 - Remote Code Execution Metasploit Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07 Tested...

eMerge E3 1.00-06 - Arbitrary File Upload

Exploit Title: eMerge E3 1.00-06 - Arbitrary File Upload Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested on: NA CVE : CVE-2019-7257...

eMerge E3 1.00-06 - Cross-Site Request Forgery

Exploit Title: eMerge E3 1.00-06 - Cross-Site Request Forgery Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested on: NA CVE :...

Bematech Printer MP-4200 - Denial of Service

Exploit Title: Bematech Printer MP-4200 - Denial of Service Date: 2019-11-11 Exploit Author: Jonatas Fil Vendor Homepage: https://www.bematech.com.br/ Software Link: https://www.bematech.com.br/produto/mp-4200-th/ Version: MP-4200 TH Tested on: Windows and Linux CVE : N/A DoS Poc:...

Control Center PRO 6.2.9 - Local Stack Based Buffer Overflow (SEH)

Exploit Title: Control Center PRO 6.2.9 - Local Stack Based BufferOverflow SEH Date: 2019-11-09 Exploit Author: Samir sanchez garnica @sasaga92 Vendor Homepage: http://www.webgateinc.com/wgi/eng/products/list.php?ecidx1=P610 Software Link:...

Optergy 2.3.0a - Remote Code Execution

Title: Optergy 2.3.0a - Remote Code Execution Author: LiquidWorm Date: 2019-11-05 Vendor: https://optergy.com/ Product web page: https://optergy.com/products/ Affected version: =2.3.0a Advisory: https://applied-risk.com/resources/ar-2019-008 Paper:...

CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection

Exploit Title: CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0 Tested on:...

Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path

Exploit Title: Wondershare Application Framework Service 2.4.3.231 - 'WsAppService' Unquote Service Path Google Dork: N/A Date: 2019-11-11 Exploit Author: chuyreds Vendor Homepage: https://www.wondershare.com/ Software Link: https://www.wondershare.com/drfone/ Version: 2.4.3.231 Tested on: Window...

FlexAir Access Control 2.3.35 - Authentication Bypass

Exploit Title: FlexAir Access Control 2.3.35 - Authentication Bypass Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 2.3.35 Tested on: NA...

Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting

Exploit Title: Adrenalin Core HCM 5.4.0 - 'ReportID' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Vendor Homepage: https://www.myadrenalin.com/ Software Link: https://www.myadrenalin.com/core-hcm/ Version: 5.4.0 REQUIRED Tested on: NA CVE :...

CBAS-Web 19.0.0 - Information Disclosure

Exploit Title: CBAS-Web 19.0.0 - Information Disclosure Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/ Version: 19.0.0 Tested on: NA CVE :...

eMerge E3 1.00-06 - Remote Code Execution

Exploit Title: eMerge E3 1.00-06 - Remote Code Execution Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 1.00-06 Tested on: NA CVE : CVE-2019-7256...