Simple Machines Forum (SMF) 1.0.131.1.5 - Destroyer 0.1 Password Reset Security Bypass

Simple Machines Forum SMF 1.0.131.1.5 - Destroyer 0.1 Password Reset Security Bypass !/usr/bin/perl use LWP::UserAgent; use Getopt::Std; use LWP::Simple; use HTTP::Request; Author: Xianur0 Uxmal666atgmail.com Cracks links Password Recovery Find Temporary Files executed by mods DB function Flood b...

Joomla! Component Ice Gallery 0.5b2 - catid Blind SQL Injection

Joomla! Component Ice Gallery 0.5b2 - catid Blind SQL Injection Joomla Component comicecatid Blind SQL-injection Author : boom3rang Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1. Vulnerability : Blind SQL injection Google Dork : inurl:comice "catid"...

Joomla! Mambo Component Datsogallery 1.3.1 - id SQL Injection

Joomla! Mambo Component Datsogallery 1.3.1 - id SQL Injection source: https://www.securityfocus.com/bid/28361/info The Datsogallery component for Joomla! and Mambo is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL...

XOOPS Module eEmpregos - cid SQL Injection

XOOPS Module eEmpregos - cid SQL Injection XOOPS Module eEmpregos SQL Injectioncid AUTHOR : S@BUN HOME 1 : http://www.milw0rm.com/author/1334 MAÄ°L : [email protected] DORK 1 : allinurl: "modules/eEmpregos/index.php" DORK 2 : allinurl: cid "modules/eEmpregos" example...

Lotus Domino R6 Webmail - Remote Password Hash Dumper

Lotus Domino R6 Webmail - Remote Password Hash Dumper !/bin/bash $Id: raptordominohash,v 1.3 2007/02/13 17:27:28 raptor Exp $ raptordominohash - Lotus Domino R5/R6 HTTPPassword dump Copyright c 2007 Marco Ivaldi Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores...

F3Site 2.1 - Remote Code Execution

F3Site 2.1 - Remote Code Execution ? // //Kacper & str0ke Settings $exploitname = "F3Site = 2.1 Remote Code Execution Exploit"; $scriptname = "F3Site 2.1"; $scriptsite = "http://dhost.info/compmaster/"; $dork = '"Powered by F3Site"'; //to work exploit you need admin session, and cookies prefix //...

Ractive Popper 1.41 - Childwindow.Inc.php Remote File Inclusion

Ractive Popper 1.41 - Childwindow.Inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/19972/info Ractive Popper is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue could allow an attacker to...

OnePlug CMS - pressdetails.asp?Press_Release_ID SQL Injection

OnePlug CMS - pressdetails.asp?PressReleaseID SQL Injection source: https://www.securityfocus.com/bid/16155/info OnePlug CMS is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL...

KDE KMail 1.7.1 - HTML EMail Remote Email Content Spoofing

KDE KMail 1.7.1 - HTML EMail Remote Email Content Spoofing source: https://www.securityfocus.com/bid/13085/info A remote email message content spoofing vulnerability affects KDE KMail. This issue is due to a failure of the application to properly sanitize HTML email messages. An attacker may...

LHA 1.x - Remote Buffer Overflow Directory Traversal

LHA 1.x - Remote Buffer Overflow Directory Traversal // source: https://www.securityfocus.com/bid/10243/info LHA has been reported prone to multiple vulnerabilities that may allow a malicious archive to execute arbitrary code or corrupt arbitrary files when the archive is operated on. The first...

Microsoft Windows - WizardOpium Local Privilege Escalation

Microsoft Windows - WizardOpium Local Privilege Escalation include include extern "C" NTSTATUS NtUserMessageCallHWND hWnd, UINT msg, WPARAM wParam, LPARAM lParam, ULONGPTR ResultInfo, DWORD dwType, BOOL bAscii; int main HINSTANCE hInstance = GetModuleHandleNULL; WNDCLASSEX wcx; ZeroMemory&wcx,...

ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure

ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Title: ESCAM QD-900 WIFI HD Camera - Remote Configuration Disclosure Author: Todor Donev Date: 2020-02-23 Vendor: www.escam.cn Product Link: http://www.escam.cn/search/?class1=&class2=&class3=&searchtype=0&searchword=qd-900&lang=en CVE...

Go SSH servers 0.0.2 - Denial of Service (PoC)

Go SSH servers 0.0.2 - Denial of Service PoC Exploit Title: Go SSH servers 0.0.2 - Denial of Service PoC Author: Mark Adams Date: 2020-02-21 Link: https://github.com/mark-adams/exploits/blob/master/CVE-2020-9283/poc.py CVE: CVE-2020-9283 Running this script may crash the remote SSH server if it i...

SOPlanning 1.45 - users SQL Injection

SOPlanning 1.45 - users SQL Injection Exploit Title: SOPlanning 1.45 - 'users' SQL Injection Date: 2020-02-14 Exploit Author: J3rryBl4nks, Homebrewer Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/ Version 1.45 Tested on...

Remote Desktop Gateway - BlueGate Denial of Service (PoC)

Remote Desktop Gateway - BlueGate Denial of Service PoC include "BlueGate.h" / EDB Note: - Download Binary https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-1.exe - Download Source...

ASTPP 4.0.1 VoIP Billing - Database Backup Download

ASTPP 4.0.1 VoIP Billing - Database Backup Download Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor...

phpMyChat-Plus 1.98 - pmc_username Reflected Cross-Site Scripting

phpMyChat-Plus 1.98 - pmcusername Reflected Cross-Site Scripting Exploit Title: phpMyChat-Plus 1.98 - 'pmcusername' Reflected Cross-Site Scripting Date: 2019-12-19 Exploit Author: Chris Inzinga Vendor Homepage: http://ciprianmp.com/latest/ Download: https://sourceforge.net/projects/phpmychat/...

WordPress Core 5.3.x - xmlrpc.php Denial of Service

WordPress Core 5.3.x - xmlrpc.php Denial of Service !/usr/bin/env python WordPress methodNamepingback.ping" entry += f"paramspingback/COUNT" entry += f"paramspingback/uuid.uuid4" entry += f"target/?p=1" entry += f"target/e" taxes DB more return entry def buildrequestpingback,target,entries: prefi...

CBAS-Web 19.0.0 - Remote Code Execution

CBAS-Web 19.0.0 - Remote Code Execution Exploit Title: CBAS-Web 19.0.0 - Remote Code Execution Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link: https://www.computrols.com/building-automation-software/...

macOS XNU - Missing Locking in checkdirs_callback() Enables Race with fchdir_common()

macOS XNU - Missing Locking in checkdirscallback Enables Race with fchdircommon On macOS, when a new mount point is created, the kernel uses checkdirs to, as a comment above the function explains: "Scan all active processes to see if any of them have a current or root directory onto which the new...

IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload

IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Exploit Title: IBM Bigfix Platform 9.5.9.62 - Arbitrary File Upload Date: 2018-12-11 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.ibm.com/ Version: IBM Bigfix Platform Software Add Software" menu. Here user needs to choose...

WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting

WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software...

TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting

TP-LINK TL-WR840N v5 00000005 - Cross-Site Scripting Exploit Title: TL-WR840N v5 00000005 Date: 5/10/2019 Exploit Author: purnendu ghosh Vendor Homepage: https://www.tp-link.com/ Software Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Category: Hardware...

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow

Huawei eSpace 1.1.11.103 - Image File Format Handling Buffer Overflow Huawei eSpace Meeting Image File Format Handling Buffer Overflow Vulnerability Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected version: eSpace 1.1.11.103 aka eSpace ECS, eSpace Desktop,...

Sales ERP 8.1 - Multiple SQL Injection

Sales ERP 8.1 - Multiple SQL Injection =========================================================================================== Exploit Title: SalesERP v.8.1 SQL Inj. Dork: N/A Date: 13-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

elFinder 2.1.47 - PHP connector Command Injection

elFinder 2.1.47 - PHP connector Command Injection !/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqi...

Navicat for Oracle 12.1.15 - _Password_ Denial of Service (PoC)

Navicat for Oracle 12.1.15 - Password Denial of Service PoC Exploit Title: Navicat for Oracle 12.1.15 - "Password" Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-02-14 Vendor Homepage: https://www.navicat.com/es/ Software Link:...

FortiGate FortiOS 6.0.3 - LDAP Credential Disclosure

FortiGate FortiOS 6.0.3 - LDAP Credential Disclosure /usr/bin/python3 """ CVE-2018-13374 Publicado por Julio Ureña PlainText Twitter: @JulioUrena Blog Post: https://plaintext.do/My-1st-CVE-Capture-LDAP-Credentials-From-FortiGate-EN/ Referencia: https://fortiguard.com/psirt/FG-IR-18-157 Ejemplo:...

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation

McAfee True Key - McAfee.TrueKey.Service Privilege Escalation McAfee True Key: Multiple Issues with McAfee.TrueKey.Service Implementation Platform: Version 5.1.173.1 on Windows 10 1809. Class: Elevation of Privilege Summary: There are multiple issues in the implementation of the...

Chrome OS 10820.0.0 dev-channel - app-VM via garcon TCP Command Socket

Chrome OS 10820.0.0 dev-channel - app-VM via garcon TCP Command Socket ======================= BUG DESCRIPTION ======================= There is a variety of RPC communication channels between the Chrome OS host system and the crosvm guest. This bug report focuses on communication on TCP port 8889...

Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery

Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and bel...

Nagios Core 4.4.1 - Denial of Service

Nagios Core 4.4.1 - Denial of Service Exploit Title: Nagios Core Multiple Local Denial of Service Date: 2018-07-09 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.nagios.org/ Software Link: https://www.nagios.org/downloads/nagios-core/ Version: 4.4.1 and earlier Tested on:...

ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution

ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution Exploit Title: ManageEngine Exchange Reporter Plus = 5310 Unauthenticated RCE Date: 28-06-2018 Software Link: https://www.manageengine.com/products/exchange-reports/ Exploit Author: Kacper Szurek Contact:...

Geutebruck 5.02024 G-CamEFD-2250 - simple_loglistjs.cgi Remote Command Execution (Metasploit)

Geutebruck 5.02024 G-CamEFD-2250 - simpleloglistjs.cgi Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck simpleloglistjs.cgi Remote Command Execution...

HPE iMC 7.3 - Remote Code Execution (Metasploit)

HPE iMC 7.3 - Remote Code Execution Metasploit Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link:...

Microsoft Windows FxCop 1012 - XML External Entity Injection

Microsoft Windows FxCop 1012 - XML External Entity Injection Exploit Title: Microsoft Windows FxCop 10/12 - XML External Entity Injection Date: 2018-03-15 Exploit Author: Debashis Pal Vendor Homepage: www.microsoft.com Version: Microsoft Windows "FxCop" v10-12 CVE : N/A Greetz:...

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting

WordPress Plugin Caldera Forms 1.5.9.1 - Cross-Site Scripting Exploit Title: CalderaForms 1.5.9.1 - multiple XSS Date: 02-03-2018 Exploit Author: Federico Scalco fscalco at mentat dot is @mindpr00f Vendor Homepage: https://calderaforms.com/ Software Link:...

OpenCMS 10.5.3 - Cross-Site Scripting

OpenCMS 10.5.3 - Cross-Site Scripting Exploit Title: OpenCMS 10.5.3 Stored Cross Site Scripting Vulnerability Google Dork: N/A Date: 02-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.opencms.org/en/ Software Link:...

Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting

Oracle Primavera P6 Enterprise Project Portfolio Management - HTTP Response Splitting Exploit Title: Oracle Primavera P6 Enterprise Project Portfolio Management HTTP Response Splitting Date: 16-02-2018 Exploit Author: Marios Nicolaides - RUNESEC Reviewers: Simon Loizides and Nicolas Markitanis -...

BMC BladeLogic 8.3.00.64 - Remote Command Execution

BMC BladeLogic 8.3.00.64 - Remote Command Execution Exploit Title: BMC BladeLogic RSCD agent remote exec - XMLRPC version Filename: BMCrexec.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-24 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog...

FuzzerTCP

This is yet a simple fuzzer written in Python that uses SCAPY to create IP packages and send them over a socket, it works as a server/client and logs all packet in hexadecimal to make it easier to modify. Fuzzer Author: Juan Sacco Date and time: 31 October 2017 Description: This a yet simple fuzz...

Kentico CMS 11.0 - Buffer Overflow

Kentico CMS 11.0 - Buffer Overflow Document Title: =============== Kentico CMS v11.0 - Stack Buffer Overflow Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1943 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5282 CVE-ID: =======...

Android - Inter-Process munmap due to Race Condition in ashmem

Android - Inter-Process munmap due to Race Condition in ashmem The MemoryIntArray class allows processes to share an in-memory array of integers backed by an "ashmem" file descriptor. As the class implements the Parcelable interface, it can be inserted into a Parcel, and optionally placed in a...

Webkit (Safari) - Universal Cross-site Scripting

Webkit Safari - Universal Cross-site Scripting function Pewvar doc=open'parent-tab://apple.com';doc.document.body.innerHTML='';Click me! Exploit by Frans Rosén html data:text/html,function yx=open'parent-tab://google.com','top',x.document.body.innerHTML='';setTimeouty,100 -- function...

A2billing 2.x - Backup File Download Remote Code Execution

A2billing 2.x - Backup File Download Remote Code Execution Title : A2billing 2.x , Unauthenticated Backup dump / RCE flaw Vulnerable software : A2billing 2.x Author : Ahmed Sultan 0x4148 Email : [email protected] Home : 0x4148.com Linkedin : https://www.linkedin.com/in/0x4148/ A2billing contain...

QNAP TVS-663 QTS 4.2.4 build 20170313 - Command Injection

QNAP TVS-663 QTS 4.2.4 build 20170313 - Command Injection QNAP QTS multiple RCE vulnerabilities ===================================== The latest version of this advisory is available at: https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt Overview -------- QNAP QTS firmware...

Splunk Enterprise - Information Disclosure

Splunk Enterprise - Information Disclosure + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt + ISR: ApparitionSec Vendor: =============== www.splunk.com Product: ==================...

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

Linux Kernel 4.4.0 Ubuntu - DCCP Double-Free PoC // // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A trigger for CVE-2017-6074, crashes kernel. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 // //...

NTP 4.2.8p8 - Denial of Service

NTP 4.2.8p8 - Denial of Service !/usr/bin/env python Exploit Title: ntpd remote pre-auth Denial of Service Date: 2016-11-21 Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: http://dumpco.re/cve-2016-7434/ Vendor Homepage: http://www.ntp.org/ Software Link:...

Microsoft Windows Kerberos - Security Feature Bypass (MS16-101)

Microsoft Windows Kerberos - Security Feature Bypass MS16-101 Exploit Title: Kerberos Security Feature Bypass Vulnerability Kerberos to NTLM Fallback Date: 22-09-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 and Windows 10 x64 CVE : CVE-2016-3237 Category: Local...