47904 matches found
ClonOs WEB UI 19.09 - Improper Access Control
Exploit Title: ClonOs WEB UI 19.09 - Improper Access Control Date: 2019-10-19 Exploit Author: İbrahim Hakan Şeker Vendor Homepage: https://clonos.tekroutine.com/ Software Link: https://github.com/clonos/control-pane Version: 19.09 Tested on: ClonOs CVE : 2019-18418 import requests from bs4 import...
Linux Polkit - pkexec helper PTRACE_TRACEME local root (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Linux Polkit pkexec helper PTRACETRACEME local root exploit', 'Description' = %q This module exploits an issue in ptracelink in kernel/ptrace.c...
AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection
Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: It is a proprietary devices:...
AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control
Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prior to v1.1.9e Tested on: It is a proprietary devices:...
WordPress Plugin Sliced Invoices 3.8.2 - 'post' SQL Injection
Exploit Title: Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection Date: 2019-10-22 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage: https://slicedinvoices.com/ Software Link:...
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A This modul...
Rocket.Chat 2.1.0 - Cross-Site Scripting
Title: Rocket.Chat 2.1.0 - Cross-Site Scripting Author: 3H34N Date: 2019-10-22 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 2. Open a chat session 3. Send payload with your web server url 4. Token will be written in logs.txt when target seen your message...
IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path
Title: IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-22 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version : 9.1.0.8 Tested on: Windows 10 64bitEN CVE : N/A 1. Description: Unquoted...
Total.js CMS 12 - Widget JavaScript Code Injection (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Total.js CMS 12 Widget JavaScript Code Injection', 'Description' = %q This module exploits a vulnerability in Total.js CMS. The issue is that a...
Moxa EDR-810 - Command Injection / Information Disclosure
During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And the other one is an improper access control found on the w...
WinRAR 5.80 (x64) - Denial of Service
Exploit Title: winrar 5.80 64bit - Denial of Service Date: 2019-10-19 Exploit Author: alblalawi Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe Version: 5.80 Tested on: Microsoft Windows Version 10.0.18362.418 64bit 1- open winrar or any file.rar 2- help 3- help...
Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution
Exploit Title: Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Date: 2019-10-19 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: 1.62.0.1218 and below Tested on: Microsoft Windows CVE: N/A + Credits: John Page aka hyp3rlinx + Website:...
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)
We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 7f2c.8be8: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...
Solaris 11.4 - xscreensaver Privilege Escalation
@Mediaservice.net Security Advisory 2019-02 last updated on 2019-10-16 Title: Local privilege escalation on Solaris 11.x via xscreensaver Application: Jamie Zawinski's xscreensaver 5.39 distributed with Solaris 11.4 Jamie Zawinski's xscreensaver 5.15 distributed with Solaris 11.3 Other versions...
Winrar 5.80 - XML External Entity Injection
Exploit Title: winrar 5.80 - XML External Entity Injection Exploit Author: hyp3rlinx Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe Version: 5.80 Tested on: Microsoft Windows Version 10.0.18362.418 64bit POC 1- python -m SimpleHTTPServer listens Port 8000 2- op...
Joomla! 3.4.6 - Remote Code Execution
Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on: Linux CVE : N/A Technical details:...
WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path
Exploit Title : WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path Date : 2019-10-15 Exploit Author : Cakes Vendor: Softalk Version : 7.5.1 Software: http://html.tucows.com/preview/195580/WorkgroupMail-Mail-Server?q=pop3 Tested on Windows 10 CVE : N/A c:\sc qc WorkgroupMail SC...
Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path
Exploit Title: Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path Exploit Author: Debashis Pal Date: 2019-10-17 Vendor Homepage : https://webcompanion.com Source: https://webcompanion.com Version: Web Companion versions 5.1.1035.1047 CVE : N/A Tested on: Windows 7...
Restaurant Management System 1.0 - Remote Code Execution
Exploit Title: Restaurant Management System 1.0 - Remote Code Execution Date: 2019-10-16 Exploit Author: Ibad Shah Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: N/A Tested on: Apache...
WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting
Exploit Title: Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\popupbuilder" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://popup-builder.com/ Software Link: https://wordpress.org/plugins/popup-builder/ Version: 3.49 Tested...
BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path
Exploit Title: BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path Exploit Author: Debashis Pal Date: 2019-10-17 Vendor : Blackmoonftpserver Source: http://www.tucows.com/preview/222822/BlackMoon-FTP-Server?q=FTP+server Version: BlackMoon FTP Server 3.1.2.1731 CVE : N/A Tested...
WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting
Exploit Title: Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\soliloquy-lite" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://soliloquywp.com/ Software Link: https://wordpress.org/plugins/soliloquy-lite/ Version: 2.5.6...
ThinVNC 1.0b1 - Authentication Bypass
Exploit Title: ThinVNC 1.0b1 - Authentication Bypass Date: 2019-10-17 Exploit Author: Nikhith Tumamlapalli Contributor WarMarX Vendor Homepage: https://sourceforge.net/projects/thinvnc/ Software Link: https://sourceforge.net/projects/thinvnc/files/ThinVNC1.0b1/ThinVNC1.0b1.zip/download Version:...
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
Exploit Title: Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\foogallery" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://foo.gallery/ Software Link: https://wordpress.org/plugins/foogallery/ Version: 1.8.12 Tested on: Kali...
CyberArk Password Vault 10.6 - Authentication Bypass
Exploit Title: CyberArk Password Vault 10.6 - Authentication Bypass Date: 2019-10-16 Author: Daniel Martinez Adan adon90 Vendor: https://www.cyberark.com Software: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Collaborator: Luis Buendía...
X.Org X Server 1.20.4 - Local Stack Overflow
Exploit Title: X.Org X Server 1.20.4 - Local Stack Overflow Date: 2019-10-16 Exploit Author: Marcelo Vázquez aka s4vitar Vendor Homepage: https://www.x.org/ Version: = 1.20.4 Tested on: Linux CVE: CVE-2019-17624 !/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar X.Org X Server...
Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path
Exploit Title : Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path Date : 2019-10-15 Exploit Author : Cakes Vendor: LiteManager Team Version : LiteManager 4.5.0 Software: http://html.tucows.com/preview/518015/Mikogo?q=remote+support Tested on Windows 10 CVE : N/A c:\sc qc Mikogo-Service ...
Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path
Exploit Title : Zilab Remote Console Server 3.2.9 - 'zrcs' Unquoted Service Path Date : 2019-10-15 Exploit Author : Cakes Vendor: Zilab Software Inc Version : Zilab Remote Console Server 3.2.9 Software: http://html.tucows.com/preview/340137/Zilab-Remote-Console-Server?q=remote+support Tested on...
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
Exploit Title : LiteManager 4.5.0 - 'romservice' Unquoted Serive Path Date : 2019-10-15 Exploit Author : Cakes Vendor: LiteManager Team Version : LiteManager 4.5.0 Software: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+support Tested on Windows 10 CVE : N/A c:\sc qc romservice...
Accounts Accounting 7.02 - Persistent Cross-Site Scripting
Exploit Title: Express Accounts Accounting 7.02 - Persistent Cross-Site Scripting Exploit Author: Debashis Pal Date: 2019-10-16 Vendor Homepage: https://www.nchsoftware.com Source: https://www.nchsoftware.com/accounting/index.html Version: Express Accounts Accounting v7.02 CVE : N/A Tested on:...
Whatsapp 2.19.216 - Remote Code Execution
Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls iteration for rop int dlcallbackstruct dlphdrinf...
Solaris xscreensaver 11.4 - Privilege Escalation
Exploit Title: Solaris xscreensaver 11.4 - Privilege Escalation Date: 2019-10-16 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/technetwork/server-storage/solaris11/ Version: Solaris 11.x Tested on: Solaris 11.4 and 11.3 X86 CVE: N/A !/bin/sh raptorxscreensaver - Solaris 11....
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path Author: Luis MedinaL Date: 2019-10-15 Vendor Homepage: https://www.adaware.com/ Software Link : https://www.adaware.com/antivirus Version : 2.3.4.7 Tested on: Microsoft Windows 10 Pro x64 ESP Description: Lavasoft 2.3.4.7 installs...
ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path
Exploit Title : ActiveFax Server 6.92 Build 0316 - 'ActiveFaxServiceNT' Unquoted Service Path Date : 2019-10-15 Exploit Author : Cakes Vendor Homepage: https://www.actfax.com/ Software Link : https://www.actfax.com/download/actfaxsetupx64ge.exe Version : ActiveFax Server 6.92 Build 0316 Tested on...
sudo 1.8.27 - Security Bypass
Exploit Title : sudo 1.8.27 - Security Bypass Date : 2019-10-15 Original Author: Joe Vennix Exploit Author : Mohin Paramasivam Shad0wQu35t Version : Sudo priv" os.system"cat priv | grep 'ALL' | cut -d '' -f 2...
Podman & Varlink 1.5.1 - Remote Code Execution
Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on: Fedora Server 30 !/usr/bin/python -- coding:...
Bolt CMS 3.6.10 - Cross-Site Request Forgery
Exploit Title: Bolt CMS 3.6.10 - Cross-Site Request Forgery Date: 2019-10-15 Exploit Author: r3m0t3nu11Zero-Way Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.5 Tested on: Linux CVE : CVE-2019-17591 last version Csrf p0c Bolt v 3.x exploit 0day Bolt v...
SpotAuditor 5.3.1.0 - Denial of Service
Exploit Title: SpotAuditor 5.3.1.0 - Denial of Service Author: Sanjana Shetty Date: 2019-10-13 Version: SpotAuditor 5.3.1.0 Vendor Homepage: http://www.nsauditor.com Software link: http://spotauditor.nsauditor.com/ Steps 1 Install the SpotAuditor software 2 Access the register functionality 3 In...
Kirona-DRS 5.5.3.5 - Information Disclosure
Exploit Title: Kirona-DRS 5.5.3.5 - Information Disclosure Discovered Date: 2019-10-03 Shodan Search: /opt-portal/pages/login.xhtml Exploit Author: Ramikan Vendor Homepage: https://www.kirona.com/products/dynamic-resource-scheduler/ Affected Version: DRS 5.5.3.5 may be other versions. Tested On...
Apache Httpd mod_rewrite - Open Redirects
Normal URLs like http://redirect.local/test will be forwared to https://redirect.local/test. But by using newlines CVE 2019-10098, we can redirect somewhere else i.e. to https://redirect.local.evilwebsite.com: curl -Ik 'https://redirect.local/%0a.evilwebsite.com' --path-as-is HTTP/2 302 date: Mon...
Apache Httpd mod_proxy - Error Page Cross-Site Scripting
The trick is to use a vertical tab %09 and then place another URL in the tag. So once a victim clicks the link on the error page, she will go somewhere else. As you can see, the browser changes the destination from relative / to an absolute url https://enoflag.de. The exploit is...
WordPress Core < 5.2.3 - Viewing Unauthenticated/Password/Private Posts
So far we know that adding ?static=1 to a wordpress URL should leak its secret content Here are a few ways to manipulate the returned entries: - order with asc or desc - orderby - m with m=YYYY, m=YYYYMM or m=YYYYMMDD date format In this case, simply reversing the order of the returned elements...
ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service
Exploit Title: ActiveFax Server 6.92 Build 0316 - 'POP3 Server' Denial of Service Date: 2019-10-12 Vendor Homepage: https://www.actfax.com/ Software Link : https://www.actfax.com/download/actfaxsetupx64ge.exe Exploit Author: Achilles Tested Version: 6.92 Tested on: Windows 7 x64 Vulnerability Typ...
Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting
Exploit Title: Express Invoice 7.12 - 'Customer' Persistent Cross-Site Scripting Exploit Author: Debashis Pal Date: 2019-10-13 Vendor Homepage: https://www.nchsoftware.com/ Source: https://www.nchsoftware.com/invoice/index.html Version: Express Invoice v7.12 CVE : N/A Tested on: Windows 7 SP132bi...
Ajenti 2.1.31 - Remote Code Execution
Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details ------- Ajenti is a web control panel written in...
Uplay 92.0.0.6280 - Local Privilege Escalation
Exploit Title: Uplay 92.0.0.6280 - Local Privilege Escalation Date: 2019-08-07 Exploit Author: Kusol Watchara-Apanukorn, Pongtorn Angsuchotmetee, Manich Koomsusi Vendor Homepage: https://uplay.ubisoft.com/ Version: 92.0.0.6280 Tested on: Windows 10 x64 CVE : N/A Vulnerability Description:...
National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation
Exploit Title: National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation Discovery Date: 2019-10-10 Exploit Author: Ivan Marmolejo Vendor Homepage: http://www.ni.com/en-us.html Software Link: https://www.ni.com/en-us/shop/select/circuit-design-suite Version: 14.0 Vulnerability...
Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting
Exploit Title: Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting Date: 2019-10-03 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version: 1.0.18 Tested on: Windows CVE : CVE-2019–17411 PoC 1:...
WordPress Plugin Arforms 3.7.1 - Directory Traversal
Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal Date: 2019-09-27 Exploit Author: Ahmad Almorabea Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link: https://www.arformsplugin.com/documentation/changelog/ Version: 3.7.1 CVE ID...
SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery
Exploit Title: SMA Solar Technology AG Sunny WebBox device - 1.6 - Cross-Site Request Forgery Date: 2019-10-08 Exploit Author: Borja Merino and Eduardo Villaverde Vendor Homepage: https://www.sma.de Version: Firmware Version 1.6 and prior Tested on: Sunny WebBox SMA Solar Device Firmware Version...