41207 matches found
TwistedBrush Pro Studio 24.06 - Script Recorder Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - Script Recorder Denial of Service PoC -- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link...
RICOH SP 4520DN Printer - HTML Injection
RICOH SP 4520DN Printer - HTML Injection Exploit Title: RICOH SP 4520DN Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.htm...
Lyric Video Creator 2.1 - .mp3 Denial of Service (PoC)
Lyric Video Creator 2.1 - .mp3 Denial of Service PoC -- coding: utf-8 -- Exploit Title: Lyric Video Creator 2.1 - '.mp3' Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://lyricvideocreator.com/ Software Link:...
Instagram Auto Follow - Authentication Bypass
Instagram Auto Follow - Authentication Bypass Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Date: 2019-05-01 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux...
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification
Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no longer stop all VM operations. This is because those proceses that could possibly change mapcount or the mmap / vma pages are now...
Linux - page-_refcount Overflow via FUSE
Linux - page-refcount Overflow via FUSE Linux: page-refcount overflow via FUSE with 140GiB RAM usage Tested on: Debian Buster distro kernel "4.19.0-1-amd64 1 SMP Debian 4.19.12-1 2018-12-22" KVM guest with 160000MiB RAM A while back, there was some discussion about possible overflows of the...
UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting
UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting Exploit Title: UliCMS - 2019.2 , 2019.1 - Multiple Cross-Site Scripting Google Dork: intext:"by UliCMS" Exploit Author: Kağan EĞLENCE Vendor Homepage: https://en.ulicms.de/ Version: 2019.2 , 2019.1 CVE : CVE-2019-11398 Vulnerability 1 Url :...
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free
WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free / While fuzzing JavaScriptCore, I encountered the following simplified and commented JavaScript program which crashes jsc from current HEAD and release: / function v9 // Some watchpoint on the LexicalEnvironment is triggered he...
CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting
CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting Exploit Title: CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 28 - March - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software...
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion ============================================= MGC ALERT 2019-001 - Original release date: February 06, 2019 - Last revised: March 13, 2019 - Discovered by: Manuel García Cárdenas - Severity: 7/10 CVSS Base Score - CVE-ID:...
Microsoft Windows - .reg File Dialog Box Message Spoofing
Microsoft Windows - .reg File Dialog Box Message Spoofing + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt + ISR: ApparitionSec Vendor www.microsoft.com Product A...
DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery
DirectAdmin 1.55 - CMDACCOUNTADMIN Cross-Site Request Forgery Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link:...
Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the...
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...
Advance Gift Shop Pro Script 2.0.3 - SQL Injection
Advance Gift Shop Pro Script 2.0.3 - SQL Injection Exploit Title: Advance Gift Shop Pro Script 2.0.3 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 21, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software Link :...
WinRAR 5.61 - .lng Denial of Service
WinRAR 5.61 - .lng Denial of Service Exploit Title: WinRAR 5.61 - Denial of Service Author: Kağan Çapar Discovery Date: 2019-02-20 Software Link: https://win-rar.com/predownload.html?spV=true&subD=true&f=wrar561tr.exe Vendor Homepage : https://www.win-rar.com Tested Version: 5.61 32 Bit Tested on...
NBMonitor 1.6.5.0 - Key Denial of Service (PoC)
NBMonitor 1.6.5.0 - Key Denial of Service PoC -- coding: utf-8 -- Exploit Title: NBMonitor 1.6.5 - 'Key' Denial of Service PoC Date: 15/02/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Version: 1.6.5....
DomainMOD 4.11.01 - category.php CatagoryName_ StakeHolder Cross-Site Scripting
DomainMOD 4.11.01 - category.php CatagoryName StakeHolder Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod...
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)
Faleemi Desktop Software 1.8 - Local Buffer Overflow SEH DEP Bypass !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Faleemi Desktop Software 1.8 - Local Buffer Overflow SEHDEP Bypass Date: 01-26-19 Vulnerable Software: Faleemi Desktop Software 1.8 Vendor Homepage:...
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion Exploit Title: Joomla! Component Easy Shop 1.2.3 - Local File Inclusion Dork: N/A Date: 2019-01-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://joomtech.net/ Software D.:...
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution Exploit Title: Umbraco CMS - Remote Code Execution by authenticated administrators Dork: N/A Date: 2019-01-13 Exploit Author: Gregory DRAPERI & Hugo BOUTINON Vendor Homepage: http://www.umbraco.com/ Software Link:...
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Reflected XSS Date: 21/12/2018 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/ Vendor: ChinaMobile...
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload
WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Exploit Title: WordPress Plugin Baggage Freight Shipping Australia 0.1.0 - Arbitrary File Upload Date: 2018-12-24 Software Link: https://wordpress.org/plugins/baggage-freight/ Exploit Author: Kaimi Website:...
XMPlay 3.8.3 - .m3u Denial of Service (PoC)
XMPlay 3.8.3 - .m3u Denial of Service PoC Exploit Title: XMPlay 3.8.3 - '.m3u' Denial of Service PoC Date: 2018-11-18 Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link: https://support.xmplay.com/filesview.php?fileid=676 Version: 3.8.3 latest Tested on: Windows...
CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution
CMS Made Simple 2.2.7 - Authenticated Remote Code Execution Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Date: 2018-11-04 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage:...
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution
Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User...
South Gate Inn Online Reservation System 1.0 - q SQL Injection
South Gate Inn Online Reservation System 1.0 - q SQL Injection Exploit Title: South Gate Inn Online Reservation System 1.0 - 'q' SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
Microstrategy Web 7 - Cross-Site Scripting Directory Traversal
Microstrategy Web 7 - Cross-Site Scripting Directory Traversal !-- Exploit Title: Cross Site Scripting in Microstrategy Web version 7 Date: 29-10-2018 Exploit Author: Rafael Pedrero Vendor Homepage: https://www.microstrategy.com Software Link: https://www.microstrategy.com Version: Microstrategy...
Kados R10 GreenBee - release_id SQL Injection
Kados R10 GreenBee - releaseid SQL Injection Exploit Title: Kados R10 GreenBee - 'releaseid' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.kados.info/ Software Link: https://sourceforge.net/projects/kados/ Version: R10 GreenBee Category: Webapp...
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Exploit Title: ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/asset-explorer/...
CrossFont 7.5 - Denial of Service (PoC)
CrossFont 7.5 - Denial of Service PoC Exploit Title: CrossFont 7.5 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-26 Software Link: http://www.acutesystems.com/cfnt/cfsetup.exe Tested Version: 7.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python...
TransMac 12.2 - Denial of Service (PoC)
TransMac 12.2 - Denial of Service PoC Exploit Title: TransMac 12.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-26 Software Link: http://www.acutesystems.com/tmac/tmsetup.exe Tested Version: 12.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python...
WebKit - WebCore::SVGTextLayoutAttributes::context Use-After-Free
WebKit - WebCore::SVGTextLayoutAttributes::context Use-After-Free tref, feMerge, title inherit; float: right; none; 81em function jsfuzzer try var var00006 = htmlvar00002.getSVGDocument; catche try var var00162 = document.head; catche try htmlvar00015.setSelectionRange2,56; catche try...
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal
Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal Date: 2018-08-29 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.cybrotech.com/ Software Link:...
WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection
WordPress Plugin Plainview Activity Monitor 20161228 - Authenticated Command Injection !-- Wordpress Plainview Activity Monitor RCE + Version: 20161228 and possibly prior + Description: Combine OS Commanding and CSRF to get reverse shell + Author: LydAcric LEFEBVRE + CVE-ID: CVE-2018-15877 +...
Wansview 1.0.2 - Denial of Service (PoC)
Wansview 1.0.2 - Denial of Service PoC Exploit Title: Wansview 1.0.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-14 Software Link: http://www.wansview.com/uploads/soft/Wansviewv1.0.2.exe Tested Version: 1.0.2 Tested on OS: Windows 10 Steps to Reproduce: Run the...
IBM Sterling B2B Integrator 5.2.0.15.2.6.3 - Cross-Site Scripting
IBM Sterling B2B Integrator 5.2.0.15.2.6.3 - Cross-Site Scripting Exploit Title: IBM Sterling B2B Integrator persistent cross-site scripting Exploit Author: Vikas Khanna https://www.linkedin.com/in/leetvikaskhanna/ https://twitter.com/MRSHANUKHANNA Vendor Homepage:...
onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)
onArcade 2.4.2 - Cross-Site Request Forgery Add Admin Exploit Title: Cross-Site Request Forgery Add Admin Google Dork: Powered by onArcade v2.4.2 Date: 2018/August/4 Author: r3m0t3nu11Zero-way Software Link: "http://www.onarcade.com" Version: "Uptodate" the appilication is vulnerable to CSRF atta...
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection
Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Exploit Title: Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Date: 2018-07-20 Software Link: https://github.com/nystudio107/craft-seomatic Exploit Author: Sebastian Kriesten 0xB455 Contact:...
D-link DAP-1360 - Path Traversal Cross-Site Scripting
D-link DAP-1360 - Path Traversal Cross-Site Scripting Exploit Title: D-Link DAP-1360 File path traversal and Cross site scriptingreflected can lead to Authentication Bypass easily. Date: 20-07-2018 Exploit Author: r3m0t3nu11 Contact : http://twitter.com/r3m0t3nu11 Vendor : www.dlink.com Version:...
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)
IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure Metasploit require 'msf/core' class MetasploitModule 'IPConfigure Orchid VMS %q Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote,...
Splunk 7.0.1 - Information Disclosure
Splunk 7.0.1 - Information Disclosure Exploit Title: Splunk 7.0.1 - Information Disclosure Date: 2018-05-23 Exploit Author: KoF2002 Vendor Homepage: https://www.splunk.com/ Version: 6.2.3 - 7.01 MAYBE ALL VERSION AFFECTED Tested on: Linux OS CVE : CVE-2018-11409 Splunk through 6.2.3 7.0.1 allows...
Sony Playstation 4 (PS4) 5.07 - Jailbreak WebKit bpf v2 Kernel Loader
Sony Playstation 4 PS4 5.07 - Jailbreak WebKit bpf v2 Kernel Loader PS4 5.05 Kernel Exploit --- Summary In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking an...
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Scripting Date: 2018-05-17 Author: 0xB9 Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu 18.04 CVE: N/A 1. Description:...
Timber 1.1 - Cross-Site Request Forgery
Timber 1.1 - Cross-Site Request Forgery Exploit Title: Timber - Ultimate Freelancer Platform 1.1 - Cross site request forgery Date: 2018-05-24 Exploit Author: L0RD or [email protected] Vendor Homepage: https://codecanyon.net/item/timber-ultimate-freelancer-platform/14747284?srank=1717...
PowerlogicSchneider Electric IONXXXX Series - Cross-Site Request Forgery
PowerlogicSchneider Electric IONXXXX Series - Cross-Site Request Forgery Exploit Title: Powerlogic Schneider Electric IONXXXX Series - Cross-Site Request Forgery Date: 2018-05-17 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Version: ION73XX series, ION75XX series...
Microsoft Windows 2003 SP2 - RRAS SMB Remote Code Execution
Microsoft Windows 2003 SP2 - RRAS SMB Remote Code Execution !/usr/bin/env python -- coding: utf-8 -- Tested in Windows Server 2003 SP2 ES - Only works when RRAS service is enabled. The exploited vulnerability is an arbitraty pointer deference affecting the dwVarID field of the MIBOPAQUEQUERY...
2345 Security Guard 3.7 - 2345NetFirewall.sys Denial of Service
2345 Security Guard 3.7 - 2345NetFirewall.sys Denial of Service / Exploit Title: 2345 Security Guard 3.7 - Denial of Service Date: 2018-05-08 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe Version: v3.7 Tested on:...
Shopy Point of Sale 1.0 - CSV Injection
Shopy Point of Sale 1.0 - CSV Injection Exploit Title: Shopy Point of Sale v1.0 - CSV Injection Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10258 Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/shopy-point-of-sales/21730225 Version: 1.0 Tested on: Ka...
HRSALE The Ultimate HRM 1.0.2 - (Authenticated) Cross-Site Scripting
HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross-Site Scripting Exploit Title: HRSALE The Ultimate HRM 1.0.2 - Authenticated Cross Site Scripting Date: 2018-04-23 Exploit Author: 8bitsec CVE: CVE-2018-10259 Vendor Homepage: https://codecanyon.net/ Software Link:...