File Sharing Wizard 1.5.0 - POST SEH Overflow

import socket from struct import Exploit Title: File sharing wizard 'post' remote SEH overflow Date: 9/23/2019 Exploit Author: x00pwn Software Link: https://file-sharing-wizard.soft112.com/ Version: 1.5.0 Tested on: Windows 7 CVE : CVE-2019-16724 File-sharing-wizard-seh...

Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploitation and Caveats from zerosum0x0: 1. Register with channel MST120 and others such as RDPDR/RDPSND nominally. 2. Perform a full RDP handshake, I like to wait for...

Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure

!/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure ============================================================= Exploit Author: Todor Donev 2019 Disclaimer: This or previous...

vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution

!/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.argv != 2: sys.exit"Usage: %s " % sys.argv0 params =...

Gila CMS < 1.11.1 - Local File Inclusion

Exploit Title: Authenticated Local File InclusionLFI in GilaCMS Google Dork: N/A Date: 04-08-2019 Exploit Author: Sainadh Jamalpur Vendor Homepage: https://github.com/GilaCMS/gila Software Link: https://github.com/GilaCMS/gila Version: 1.10.9 Tested on: XAMPP version 3.2.2 in Windows 10 64bit, CV...

InputMapper 1.6.10 - Denial of Service

Exploit Title: InputMapper 1.6.10 Local Denial of Service Date: 20.09.2019 Vendor Homepage: https://inputmapper.com/ Software Link: https://inputmapper.com/downloads/category/2-input-mapper Exploit Author: elkoyote07 Tested Version: 1.6.10 Tested on: Windows 10 x64 1.- Start Input Mapper 2.- Clic...

HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure

!/opt/local/bin/python2.7 Exploit Title: HPE Intelligent Management Center dbman Command 10001 Information Disclosure Date: 22-09-2019 Exploit Author: Rishabh Sharma Linkedin: rishabh2241991 Vendor Homepage: www.hpe.com Software Link:...

iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation

Exploit Title: SockPuppet 3 Date: September 8, 2019 Exploit Author: Umang Raghuvanshi Vendor Homepage: https://apple.com Software Link: https://ipsw.me/ Version: iOS 11.0—12.2, iOS 12.4 Tested on: iOS 11.0—12.2, iOS 12.4 CVE: CVE-2019-8605 This is an alternative and complete exploit for...

SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service

Exploit Title: SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service DoS Exploit Author: Emilio Revelo Date: 2019-09-20 Software Link : http://www.nsauditor.com/downloads/spotiesetup.exe Tested on: Windows 10 Pro x64 es Steps to produce the DoS: 1.- Run perl script : perl...

Microsoft Windows 10 - 'WSReset' UAC Protection Bypass (propsys.dll)

// ref : https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e include // uac bypass via wsreset.exe // @404death // EDB Note: Download https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/47755.zip int main printf"\n+ Run First...

LayerBB < 1.1.4 - Cross-Site Request Forgery

Exploit Title: LayerBB 1.1.3 - Multiple CSRF Date: 4/7/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=30 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2019-16531 1. Description: LayerBB is a free open-source forum...

GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting

Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link: https://downloads2.goautodial.org/centos/7/isos/x8664/GOautodial-4-x8664-Pre-Release-20180929-0618.iso Tested Version: 4.0...

DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection

Exploit Title: DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection Date: 2019-09-19 Exploit Author: n1x MS-WEB Vendor Homepage: http://www.digit-rs.com/ Product Homepage: http://digit-rs.com/centris.html Version: Every version CVE : N/A Vulnerable parameters: datum1, datum2, KID, PID POST REQUEST POST...

Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution

Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, National Security Services Group NSSG Vendor Homepage: https://wd.com/ Software Link:...

macOS 18.7.0 Kernel - Local Privilege Escalation

macOS-Kernel-Exploit DISCLAIMER You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it's not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild exploitation but still helpful for security...

Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)

CVE-2019-15943 Counter-Strike Global Offensive vphysics.dll before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map using memory corruption. Description: We are need modifying...

Hospital-Management 1.26 - 'fname' SQL Injection

Exploit Title: Hospital-Management 1.26 - 'fname' SQL Injection Author: Cakes Discovery Date: 2019-09-18 Vendor Homepage: https://github.com/Mugerwa-Joseph/hospital-management Software Link: https://github.com/Mugerwa-Joseph/hospital-management/archive/master.zip Tested Version: 1.26 Tested on OS...

Inteno IOPSYS Gateway - Improper Access Restrictions

Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650 Fixed Version: EG200-WU7P1UADAMO3.16.8-1908200937...

Notepad++ < 7.7 (x64) - Denial of Service

Exploit Title: Notepad++ all x64 versions before 7.7. Remote memory corruption via .ml file. Google Dork: N/A Date: 2019-09-14 Exploit Author: Bogdan Kurinnoy [email protected] Vendor Homepage: https://notepad-plus-plus.org/ Version: 7.7 Tested on: Windows x64 CVE : CVE-2019-16294 Description:...

NetGain EM Plus 10.1.68 - Remote Command Execution

/ Exploit Title: NetGain EM Plus = v10.1.68 - Unauthorized Local File Inclusion Date: 15 September 2019 Exploit Author: azams / @TheRealAzams Vendor Homepage: http://netgain-systems.com Software Link: http://www.netgain-systems.com/free/ Version: v10.1.68 Tested on: Linux Install golang:...

AppXSvc - Privilege Escalation

----------------------------------------------------------------------------- Exploit Title: AppXSvc - Arbitrary File Security Descriptor Overwrite EoP Date: Sep 4 2019 Exploit Author: Gabor Seljan Vendor Homepage: https://www.microsoft.com/ Version: 17763.1.amd64fre.rs5release.180914-1434 Tested...

Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload

===========Security Intelligence============ Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 Exploit Author: Pankaj Kumar Thakur Nepal ==========Table of Contents============== Overview Detailed description Thanks & Acknowledgements References ==========Vulnerability...

CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection

Exploit Title: CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection Author: Cakes Discovery Date: 2019-09-16 Vendor Homepage: https://github.com/SaloniKumari123/CollegeManagementSystem Software Link: https://github.com/SaloniKumari123/CollegeManagementSystem/archive/master.zip Tested Version:...

docPrint Pro 8.0 - SEH Buffer Overflow

import struct Title: docPrint Pro v8.0 'User/Master Password' Local SEH Alphanumeric Encoded Buffer Overflow Date: September 14th, 2019 Author: Connor McGarr @33y0re https://connormcgarr.github.io Vendor Homepage: http://www.verypdf.com Software Link: http://dl.verypdf.net/docprintprosetup.exe...

Ticket-Booking 1.4 - Authentication Bypass

Exploit Title: Ticket-Booking 1.4 - Authentication Bypass Author: Cakes Discovery Date: 2019-09-14 Vendor Homepage: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking Software Link: https://github.com/ABHIJEET-MUNESHWAR/Ticket-Booking/archive/master.zip Tested Version: 1.4 Tested on OS: CentOS ...

College-Management-System 1.2 - Authentication Bypass

Exploit Title: College-Management-System 1.2 - Authentication Bypass Author: Cakes Discovery Date: 2019-09-14 Vendor Homepage: https://github.com/ajinkyabodade/College-Management-System Software Link: https://github.com/ajinkyabodade/College-Management-System/archive/master.zip Tested Version: 1....

Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting

Exploit Title: Dolibarr ERP/CRM 10.0.1 - User-Agent Http Header Cross Site Scripting Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux CVE:...

Folder Lock 7.7.9 - Denial of Service

Exploit Title: Folder Lock v7.7.9 Denial of Service Exploit Date: 12.09.2019 Vendor Homepage:https://www.newsoftwares.net/folderlock/ Software Link: https://www.newsoftwares.net/download/folderlock7-en/folder-lock-en.exe Exploit Author: Achilles Tested Version: 7.7.9 Tested on: Windows 7 x64 1.-...

phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery

============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922 ============================================= I...

LimeSurvey 3.17.13 - Cross-Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored and reflected XSS vulnerabilities product: LimeSurvey vulnerable version: 3.17.14 CVE number: CVE-2019-16172, CVE-2019-16173 impact: medium homepage:...

Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts

Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the Chrome, Firefox and Edge browsers and constitutes an attack surface for memory...

Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts

Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as web browsers and constitutes an attack surface for memory corruption bugs, as it...

AVCON6 systems management platform - OGNL Remote Command Execution

Exploit Title: AVCON6 systems management platform - OGNL - Remote root command execution Date: 10/09/2018 Exploit Author: Nassim Asrir Contact: [email protected] | https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: N\A Tested On: Windows 1064bit / 61.0b12 64-bit Thanks to: Otmane Aarab...

eWON Flexy - Authentication Bypass

!/usr/bin/env python ''' Exploit Title: eWON v13.0 Authentication Bypass Date: 2018-10-12 Exploit Author: Photubias – tijldotDeneutatHowestdotbe for www.ic4.be Vendor Advisory: 1 https://websupport.ewon.biz/support/news/support/ewon-security-enhancement-131s0-0 2...

LibreNMS - Collectd Command Injection (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreNMS Collectd Command Injection', 'Description' = %q This module exploits a command injection vulnerability in the Collectd graphing...

WordPress Plugin Photo Gallery 1.5.34 - SQL Injection

Exploit Title: WordPress Plugin Photo Gallery by 10Web Add new and in add galleries / Gallery groups. GET request going with parameter albumid is vulnerable to Time Based Blind SQL injection. Following is the POC, 1...

Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe', 'Description' = %q This module exploits a flaw in the WSReset.exe Windows Store...

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)

Exploit Title: WordPress Plugin Photo Gallery by 10Web img src=a onerror='alert2;' 4. Click Save. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded 09-04-2019 - New version released 1.5.35 09-10-2019 - Full...

WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting

Exploit Title: WordPress Plugin Photo Gallery by 10Web alert1; 4. Click Save and preview. 5. It will show pop-up confirming existence of XSS vulnerability Timeline 09-01-2019 - Vulnerability Reported 09-03-2019 - Vendor responded 09-04-2019 - New version released 1.5.35 09-10-2019 - Full Disclosu...

Microsoft Windows 10 - UAC Protection Bypass Via Microsoft Windows Store (WSReset.exe) and Registry (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows 10 UAC Protection Bypass Via Windows Store WSReset.exe and Registry', 'Description' = %q This module exploits a flaw in the WSReset.exe...

October CMS - Upload Protection Bypass Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'October CMS Upload Protection Bypass Code Execution', 'Description' = %q This module exploits an Authenticated user with permission to upload and...

Enigma NMS 65.0.0 - OS Command Injection

!/usr/bin/python -------------------------------------------------------------------- Exploit Title: Enigma NMS OS Command Injection NETSAS Pty Ltd Enigma NMS Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software...

Rifatron Intelligent Digital Security System - 'animate.cgi' Stream Disclosure

!/bin/bash Rifatron Intelligent Digital Security System animate.cgi Stream Disclosure Vendor: Rifatron Co., Ltd. | SAM MYUNG Co., Ltd. Product web page: http://www.rifatron.com Affected version: 5brid DVR HD6-532/516, DX6-516/508/504, MX6-516/508/504, EH6-504 7brid DVR HD3-16V2, DX3-16V2/08V2/04V...

Dolibarr ERP-CRM 10.0.1 - 'elemid' SQL Injection

Exploit Title: Dolibarr ERP/CRM - elemid Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux Software Description : Dolibarr ERP & CRM ...

WordPress Core 5.2.3 - Cross-Site Host Modification

!/usr/bin/perl -w Wordpress Type: Remote Risk: High Solution: Set security headers to web server and no-cache for Cache-Control Simple Attack Scenarios: o This attack can bypass Simple WAF to access restricted content on the web server, something like phpMyAdmin; o This attack can deface the...

Online Appointment - SQL Injection

Exploit Title: Online Appointment SQL Injection Data: 07.09.2019 Exploit Author: mohammad zaheri Vendor HomagePage: https://github.com/girish03/Online-Appointment-Booking-System Tested on: Windows Google Dork: N/A ========= Vulnerable Page: =========...

Enigma NMS 65.0.0 - Cross-Site Request Forgery

-------------------------------------------------------------------- Exploit Title: Enigma NMS Cross-Site Request Forgery CSRF Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software Link:...

Dolibarr ERP-CRM 10.0.1 - SQL Injection

Exploit Title: Dolibarr ERP/CRM - Multiple Sql Injection Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.dolibarr.org/ Software Link: https://www.dolibarr.org/downloads Version: 10.0.1 Category: Webapps Tested on: Xampp for Linux Software Description : Dolibarr ERP & CR...

Enigma NMS 65.0.0 - SQL Injection

-------------------------------------------------------------------- Exploit Title: Enigma NMS searchpattern SQL Injection Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage: https://www.netsas.com.au/ Software Link:...

WordPress Plugin Sell Downloads 1.0.86 - Cross-Site Scripting

Exploit Title: WordPress Plugin Sell Downloads 1.0.86 - Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: September 09,2019 Vendor Homepage: https://wordpress.dwbooster.com/content-tools/sell-downloads Software Link :...