47904 matches found
Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure
Title: Smartwares HOME easy 1.0.9 - Database Backup Information Disclosure Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5541 Advisory URL:...
Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass
Exploit Title: Smartwares HOME easy 1.0.9 - Client-Side Authentication Bypass Author: LiquidWorm Date: 2019-11-05 Vendor: Smartwares Product web page: https://www.smartwares.eu Affected version: =1.0.9 Advisory ID: ZSL-2019-5540 Advisory URL:...
macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()
On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new filesystem has just been mounted. If so, replace them with the new mount point....
SD.NET RIM 4.7.3c - 'idtyp' SQL Injection
Exploit Title: SD.NET RIM 4.7.3c - 'idtyp' SQL Injection Date: 2019-11-05 Exploit Author: Fabian Mosch r-tec IT Security GmbH Vendor Homepage: https://www.sitzungsdienst.net/ Software Link: https://www.sitzungsdienst.net/2018/12/sd-net-rim-4-7-3-veroeffentlicht/ Version: 4.7.3c Tested on: 4.7.3c...
html5_snmp 1.11 - 'Remark' Persistent Cross-Site Scripting
Exploit Title: html5snmp 1.11 - 'Remark' Persistent Cross-Site Scripting Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC POST...
rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection
Exploit Title: rimbalinux AhadPOS 1.11 - 'alamatCustomer' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/rimbalinux/AhadPOS Software Link: https://github.com/rimbalinux/AhadPOS.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC for time-based and boolean...
WebKit - Universal XSS in JSObject::putInlineSlow and JSValue::putToPrimitive
VULNERABILITY DETAILS bool JSObject::putInlineSlowExecState exec, PropertyName propertyName, JSValue value, PutPropertySlot& slot ASSERT!isThisValueAlteredslot, this; VM& vm = exec-vm; auto scope = DECLARETHROWSCOPEvm; JSObject obj = this; for ;; unsigned attributes; PropertyOffset offset =...
Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path
Exploit Title: Blue Stacks App Player 2.4.44.62.57 - "BstHdLogRotatorSvc" Unquote Service Path Date: 2019-11-09 Exploit Author: Diego Armando Buztamante Rico Vendor Homepage: www.bluestacks.com Software Link: www.bluestacks.com Version: 2.4.44.62.57 Tested on: Windows 8.1 Pro CVE: NA Description...
html5_snmp 1.11 - 'Router_ID' SQL Injection
Exploit Title: html5snmp 1.11 - 'RouterID' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/lolypop55/html5snmp Software Link: https://github.com/lolypop55/html5snmp.git Version: 1.11 Tested on: CentOS 7 CVE: N/A PoC for error, time, boolean and Union based...
thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting
Exploit Title: thrsrossi Millhouse-Project 1.414 - 'content' Persistent Cross-Site Scripting Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thrsrossi/Millhouse-Project Software Link: https://github.com/thrsrossi/Millhouse-Project.git Version: 1.414 Tested on: CentOS 7...
thejshen Globitek CMS 1.4 - 'id' SQL Injection
Exploit Title: thejshen Globitek CMS 1.4 - 'id' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Software Link: https://github.com/thejshen/contentManagementSystem.git Version: 1.4 Tested on: CentOS 7 CVE: N/A The GET reques...
Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path
Exploit Title: Network Inventory Advisor 5.0.26.0 - 'niaservice' Unquoted Service Path Date: 2019-11-04 Exploit Author: Samuel DiazL Vendor Homepage: https://www.network-inventory-advisor.com/ Software Link: https://www.network-inventory-advisor.com/download.html Version: 5.0.26.0 Tested on:...
JavaScriptCore - Type Confusion During Bailout when Reconstructing Arguments Objects
The following sample was found by Fuzzilli and then slightly modified. It crashes JSC in debug builds: function main const v2 = 1337,1337; const v3 = 1337,v2,v2,0; Object.proto = v3; for let v10 = 0; v10 inheritscell-JSC::JSCell::vm, std...
FileOptimizer 14.00.2524 - Denial of Service (PoC)
Exploit Title: FileOptimizer 14.00.2524 - Denial of Service PoC Date: 2019-11-04 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: https://sourceforge.net/projects/nikkhokkho/ Software Link:...
Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow
Exploit Title: Ayukov NFTP client 1.71 - 'SYST' Buffer Overflow Date: 2019-11-03 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://ayukov.com/nftp/ Software Link: ftp://ftp.ayukov.com/pub/nftp/nftp-1.71-i386-win32.exe Version: 1.71 Tested on: Windows XP Pro SP0, SP1, SP2, SP3 CVE :...
Micro Focus (HPE) Data Protector - SUID Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Micro Focus HPE Data Protector SUID Privilege Escalation', 'Description' = %q This module exploits the trusted $PATH environment variable of the...
Apple macOS 10.15.1 - Denial of Service (PoC)
Exploit Title: Apple macOS 10.15.1 - Denial of Service PoC Date: 2019-11-02 Exploit Author: 08Tc3wBB Vendor Homepage: Apple Software Link: Version: Apple macOS msghlocalport, msg1.msghsize, msg4.msghreserved, unsigned intmsg4.msghid, QWORD &msg1.msghreserved, // inputmem1 msg2.msghsize 2, //...
OpenVPN Connect 3.0.0.272 - 'agent_ovpnconnect' Unquoted Service Path
Exploit Title: OpenVPN Connect 3.0.0.272 - 'ovpnagent' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-03 Vendor Homepage: https://openvpn.net Software Link : https://openvpn.net/downloads/openvpn-connect-v3-windows.msi Tested Version: 3.0.0.272 Vulnerability Type:...
Launch Manager 6.1.7600.16385 - 'DsiWMIService' Unquoted Service Path
Title: Launch Manager 6.1.7600.16385 'DsiWMIService' Unquoted Service Path Author: Gustavo Briseño Date: 2019-11-03 Vendor Homepage: https://www.acer.com/ Software Link:...
Aida64 6.10.5200 - Buffer Overflow (SEH)
Exploit Title: Aida64 6.10.5200 - Buffer Overflow SEH Date: 2019-10-28 Exploit Author: 8-Team / daejinoh Vendor Homepage: https://www.aida64.com Software Link: https://www.aida64.com/downloads/OTAwMmVmNTE= Version: AIDA64 Enginner 6.10.5200 Tested on: Windows 7 Home Basic SP1 CVE : N/A Step 1 Fil...
DOUBLEPULSAR (x64) - Hooking 'srv!SrvTransactionNotImplemented' in 'srv!SrvTransaction2DispatchTable'
EDB Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47685.zip...
ClamAV < 0.102.0 - 'bytecode_vm' Code Execution
!/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...
Nostromo - Directory Traversal Remote Command Execution (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nostromo Directory Traversal Remote Command Execution', 'Description' = %q This module exploits a remote command execution vulnerability in...
OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path
Title: OpenVPN Private Tunnel 2.8.4 - 'ovpnagent' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-31 Vendor Homepage: https://openvpn.net/ Software Link: https://swupdate.openvpn.org/privatetunnel/client/privatetunnel-win-2.8.exe Version : PrivateTunnel v2.8.4 Tested on: Windows 10...
Apache Solr 8.2.0 - Remote Code Execution
Title: Apache Solr 8.2.0 - Remote Code Execution Date: 2019-11-01 Author: @l3xwong Vendor: https://lucene.apache.org/solr/ Software Link: https://lucene.apache.org/solr/downloads.html CVE: N/A github: https://github.com/AleWong/Apache-Solr-RCE-via-Velocity-template usage: python3 script.py ip por...
TheJshen contentManagementSystem 1.04 - 'id' SQL Injection
Exploit Title: TheJshen contentManagementSystem 1.04 - 'id' SQL Injection Date: 2019-11-01 Exploit Author: Cakes Vendor Homepage: https://github.com/thejshen/contentManagementSystem Version: 1.04 Software Link: https://github.com/thejshen/contentManagementSystem.git Tested on: CentOS7 GET paramet...
ownCloud 10.3.0 stable - Cross-Site Request Forgery
Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Date: 2019-10-31 Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud collaboration platform With over 50 million...
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH)
Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow SEH Google Dork: N/A Date: 2019-10-30 Exploit Author: Doan Nguyen 4ll4u Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Version: v4.6.1217 Tested on: Windows XP SP3 CVE : N/A...
WordPress Plugin Google Review Slider 6.1 - 'tid' SQL Injection
Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Date: 2019-07-02 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage:...
MikroTik RouterOS 6.45.6 - DNS Cache Poisoning
Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and below Tested on: Various x86 and MIPSBE RouterOS...
JavaScriptCore - GetterSetter Type Confusion During DFG Compilation
The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let notAGetterSetter = whatever: 42; function v2v5 const v10 = Object; if v5 const v1...
WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service
Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service Date: 2019-10-30 Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Exploit Author: Nithoshitha S Tested Version: v4.6.1217 Tested on: Windows 7 x64 Windows XP SP3 1.- Run python...
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires Metasploit: https://metasploit.com/download...
iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure
Title: iSeeQ Hybrid DVR WH-H4 2.0.0.P - getjpeg Stream Disclosure Date: 2019-10-29 Author: LiquidWorm Vendor:iSeeQ Link: http://www.iseeq.co.kr CVE: N/A !/bin/bash iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P getjpeg Stream Disclosure Vendor: iSeeQ Product web page: http://www.iseeq.co.kr Affected...
Citrix StoreFront Server 7.15 - XML External Entity Injection
Exploit Title: Citrix StoreFront Server 7.15 - XML External Entity Injection Date: 2019-08-28 Exploit Author: Vahagn Vardanya Vendor Homepage:https://www.citrix.com/downloads/storefront/ Software Link: https://support.citrix.com/article/CTX251988 Version: Citrix StoreFront Server earlier than 190...
Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path
Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Discovery Date: 2019-10-28 Exploit Author: Alberto Vargas Vendor Homepage: https://www.issivs.com/product-detail/secure-os-enterprise/ Software Link:...
WordPress Core 5.2.4 - Cross-Origin Resource Sharing
Exploit Title: Wordpress 5.2.4 - Cross-Origin Resource Sharing Date: 2019-10-28 Exploit Author: Milad Khoshdel Software Link: https://wordpress.org/download/ Version: Wordpress 5.2.4 Tested on: Linux Apache/2 PHP/7.2 Vulnerable Page: https://Your-Domain/wp-json POC: The web application fails to...
Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution (MS15-011)
Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows...
rConfig 3.9.2 - Remote Code Execution
Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662 !/usr/bin/python import requests import sys from...
Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow
Exploit Title: Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow Date: 2019-10-01 Author: Lance Biggerstaff Original Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Tested on: Windows 10 Note: Every version of Windows 10 has a...
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows...
JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path
Exploit Title: JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path Google Dork: N/A Date: 2019-09-09 Exploit Author: Roberto Escamilla Vendor Homepage:https://www.inforprograma.net/ Software Link: https://www.inforprograma.net/ Version: = 0.6.0.0 wpspin.exe Tested on: Windows 10 Home CVE : N/A...
ChaosPro 2.0 - Buffer Overflow (SEH)
Exploit Title: ChaosPro 2.0 - Buffer Overflow SEH Date: 2019-10-27 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://www.chaospro.de/ Software link: http://www.chaospro.de/cpro20.zip Version: 2.0 Tested on: Windows XP Pro OEM !/usr/bin/env python2 import os, sys sploit = "A" 5000 Crash!...
Part-DB 0.4 - Authentication Bypass
Exploit Title: Part-DB 0.4 - Authentication Bypass Date: 2019-10-26 Author: Marvoloo Vendor Homepage: https://github.com/Part-DB/Part-DB/ Software Link: https://github.com/Part-DB/Part-DB/archive/master.zip Version: 0.4 Tested on: Linux CVE : N/A Discription: Easy authentication bypass...
WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed
VULNERABILITY DETAILS HTMLFrameElementBase.cpp: bool HTMLFrameElementBase::isURLAllowed const if mURL.isEmpty // 4 return true; return isURLAlloweddocument.completeURLmURL; bool HTMLFrameElementBase::isURLAllowedconst URL& completeURL const if document.page && document.page-subframeCount =...
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection
Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link: https://github.com/waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON.git Version: 1.21 Tested on:...
delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection
Exploit Title: delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: https://github.com/delpino73/Blue-Smiley-Organizer Software Link: https://github.com/delpino73/Blue-Smiley-Organizer.git Version: 1.32 Tested on: CentOS7 CVE : N/...
PHP-FPM + Nginx - Remote Code Execution
PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config see below. What's vulnerable If a webserver...
waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting
Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link: https://github.com/waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON.git Version: 1.21...
Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery
Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Date: 2019-10-25 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on: Windows CVE : N/A PoC1:...