41207 matches found
ClamAV 0.102.0 - bytecode_vm Code Execution
ClamAV 0.102.0 - bytecodevm Code Execution !/usr/bin/python ''' Finished : 22/07/2019 Pu8lished : 31/10/2019 Versi0n : Current ./exploit.py clambc --debug exploit SNIP $ ''' names = 'test1', 'read', 'write', 'seek', 'setvirusname',...
XNU - Remote Double-Free via Data Race in IPComp Input Path
XNU - Remote Double-Free via Data Race in IPComp Input Path === Summary === This report describes a bug in the XNU implementation of the IPComp protocol https://tools.ietf.org/html/rfc3173. This bug can be remotely triggered by an attacker who is able to send traffic to a macOS system iOS AFAIK...
Counter-Strike Global Offensive 1.37.1.1 - vphysics.dll Denial of Service (PoC)
Counter-Strike Global Offensive 1.37.1.1 - vphysics.dll Denial of Service PoC CVE-2019-15943 Counter-Strike Global Offensive vphysics.dll before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, becaus...
Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts
Microsoft DirectWrite - Out-of-Bounds Read in sfacGetSbitBitmap While Processing TTF Fonts Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs suc...
WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting
WordPress Plugin Download Manager 2.9.93 - Cross-Site Scripting Exploit Title: WordPress Download Manager Cross-site Scripting Discovery Date: 2019-04-13 Exploit Author: ThuraMoeMyint Author Link: https://twitter.com/mgthuramoemyint Vendor Homepage: https://www.wpdownloadmanager.com Software Link...
Alkacon OpenCMS 10.5.x - Local File inclusion
Alkacon OpenCMS 10.5.x - Local File inclusion Exploit Title: Alkacon OpenCMS 10.5.x - Multiple LFI in Alkacon OpenCms Site Management Google Dork: N/A Date: 18/07/2019 Exploit Author: Aetsu Vendor Homepage: http://www.opencms.org Software Link: https://github.com/alkacon/opencms-core Version:...
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities
Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities The msctf subsystem is part of the Text Services Framework, The TSF manages things like input methods, keyboard layouts, text processing and so on. There are two main components, the ctfmon server and the msctf client. The...
Ovidentia 8.4.3 - SQL Injection
Ovidentia 8.4.3 - SQL Injection ------------------------------------------------------- Exploit Title: Ovidentia CMS - SQL Injection Authenticated Date: 06/05/2019 CVE: CVE-2019-13978 Exploit Author: Fernando Pinheiro n3k00n3 Victor Flores UserX Vendor Homepage: https://www.ovidentia.org/ Version...
Axway SecureTransport 5 - Unauthenticated XML Injection
Axway SecureTransport 5 - Unauthenticated XML Injection Title: Axway SecureTransport 5 - Unauthenticated XML Injection Google Dork: intitle:"Axway SecureTransport" "Login" Date: 2019-07-20 Author: Dominik Penner / zer0pwn of Underdog Security Vendor Homepage: https://www.axway.com/en Software Lin...
Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
Microsoft DirectWrite AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index -----===== Background =====----- AFDKO Adobe Font Development Kit for OpenType is a set of tools for examining, modifying and building fonts. The core part of this toolset is a font handling...
Firefox 67.0.4 - Denial of Service
Firefox 67.0.4 - Denial of Service Loading please wait function MyFun var text = ; forvar i=0 ;i"+ ""+ ""+ ""+ ""+ ""+ "\x70...
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware...
JioFi 4G M2S 1.0.2 - Denial of Service
JioFi 4G M2S 1.0.2 - Denial of Service Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...
Ross Video DashBoard 8.5.1 - Insecure Permissions
Ross Video DashBoard 8.5.1 - Insecure Permissions Ross Video DashBoard 8.5.1 Insecure Permissions Vendor: Ross Video Ltd. Product web page: https://www.rossvideo.com Affected version: 8.5.1 Summary: DashBoard is a free and open platform from Ross Video for facility control and monitoring that...
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit
systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on...
DVD X Player 5.5.3 - .plf Buffer Overflow
DVD X Player 5.5.3 - .plf Buffer Overflow !/usr/bin/env python Exploit Title: DVD X Player 5.5.3 Buffer Overflow Date: 20.03.2019 Exploit Author: Paolo Perego - [email protected] Vendor Homepage: http://www.dvd-x-player.com Software Link:...
Quest NetVault Backup Server 11.4.5 - Process Manager Service SQL Injection Remote Code Execution
Quest NetVault Backup Server 11.4.5 - Process Manager Service SQL Injection Remote Code Execution Exploit Title: Quest NetVault Backup Server 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability ZDI-17-982 Date: 2-21-2019 Exploit Author: credit goes to rgod for finding...
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process
Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of...
OpenMRS Platform 2.24.0 - Insecure Object Deserialization
OpenMRS Platform 2.24.0 - Insecure Object Deserialization Insecure Object Deserialization on the OpenMRS Platform Vulnerability Details CVE ID: CVE-2018-19276 Access Vector: Remote Security Risk: Critical Vulnerability: CWE-502 CVSS Base Score: 10.0 CVSS vector:...
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an...
GDB-Connector
GDB Connector is a remote script to use for controlling a remote target and debug an exploit on a target directly from Exploit Pack. Copy this script to your target and execute it to connect back to your framework. Shell Script created using Exploit Pack http://www.exploitpack.com -...
SDL Web Content Manager 8.5.0 - XML External Entity Injection
SDL Web Content Manager 8.5.0 - XML External Entity Injection Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Company : Canon Security Date : 25/11/2018 Software Information Affected Software : SDL Web Content Manager Version: Build 8.5.0 Vendor: SDL Tridion Software websi...
FreshRSS 1.11.1 - Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1 Information -------------------- Advisory by Netsparker Name: Multiple Cross-Site Scripting Vulnerabilities in FreshRSS Affected Software: FreshRSS Affected Versions: 1.11.1 Homepage:...
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/ Version: 1408-EM3A-ENT B Tested on:...
Budabot 4.0 - Denial of Service (PoC)
Budabot 4.0 - Denial of Service PoC Exploit Title: Budabot 4.0 - Denial of Service PoC Date: 2018-10-15 Exploit Author: Ryan Delaney Author Contact: [email protected] Vendor Homepage: http://budabot.com/ Software Link: http://budabot.com/forum/viewtopic.php?f=8&t=1413 Version: 0.6 - 4.0 Test...
ELBA5 5.8.0 - Remote Code Execution
ELBA5 5.8.0 - Remote Code Execution Exploit Title: ELBA5 5.8.0 - Remote Code Execution Date: 2018-11-16 Exploit Author: Florian Bogner Vendor Homepage: https://www.elba.at Vulnerable Software:...
Apple macOS 10.13 - workq_kernreturn Denial of Service (PoC)
Apple macOS 10.13 - workqkernreturn Denial of Service PoC / Exploit Title: MacOS 10.13 - 'workqkernreturn' Denial of Service PoC Date: 2018-07-30 Exploit Author: Fabiano Anemone Vendor Homepage: https://www.apple.com/ Version: iOS 11.4.1 / MacOS 10.13.6 Tested on: iOS / MacOS CVE: Not assigned...
Webiness Inventory 2.9 - Arbitrary File Upload
Webiness Inventory 2.9 - Arbitrary File Upload Exploit Title: Webiness Inventory 2.9 - Arbitrary File Upload Date: 2018-10-27 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 3145728 61 continue; 62 63 64 /...
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushey/ Software : Ekushey Project...
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Argus Surveillance DVR 4.0.0.0 - Directory Traversal Exploit: Argus Surveillance DVR 4.0.0.0 - Directory Traversal Author: John Page aka hyp3rlinx Date: 2018-08-28 Vendor: www.argussurveillance.com Software Link: http://www.argussurveillance.com/download/DVRstp.exe CVE: N/A Description: Argus...
Electron WebPreferences - Remote Code Execution
Electron WebPreferences - Remote Code Execution CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windo...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160...
CyberArk 10 - Memory Disclosure
CyberArk 10 - Memory Disclosure Exploit Title: CyberArk 10 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012,...
Online Store System CMS 1.0 - SQL Injection
Online Store System CMS 1.0 - SQL Injection Exploit Title: Online Store System CMS 1.0 - SQL Injection Dork: N/A Date: 2018-05-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/online-store-system-in-php-and-mysql/3 Version:...
RSVG 2.40.13 2.42.2 - .svg Buffer Overflow
RSVG 2.40.13 2.42.2 - .svg Buffer Overflow Exploit Title: Buffer-overflow in RSVG while converting a malformed svg Date: 17 April 2018 Exploit Author: Hamm3r.py Vendor Homepage: https://launchpad.net/ubuntu/xenial/+package/librsvg2-bin Software Link:...
Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass
Sophos Endpoint Protection 10.7 - Tamper-Protection Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SOPHOS-ENDPOINT-PROTECTION-v10.7-TAMPER-PROTECTION-BYPASS-CVE-2018-4863.txt + ISR: Apparition Security Vendor:...
Asterisk chan_pjsip 15.2.0 - SDP fmtp Denial of Service
Asterisk chanpjsip 15.2.0 - SDP fmtp Denial of Service ''' Segmentation fault occurs in asterisk with an invalid SDP fmtp attribute - Authors: - Alfred Farrugia - Sandro Gauci - Latest vulnerable version: Asterisk 15.2.0 running chanpjsip - References: AST-2018-003 - Enable Security Advisory: -...
Armadito Antivirus 0.12.7.2 - Detection Bypass
Armadito Antivirus 0.12.7.2 - Detection Bypass / Title: Armadito Antivirus - Malware Detection Bypass Date: 21/02/2018 Author: Souhail Hammou Author's website: http://rce4fun.blogspot.com Vendor Homepage: http://www.teclib-edition.com/en/ Version: 0.12.7.2 CVE: CVE-2018-7289 Details: -------- An...
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Exploit Title: Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.christianwebministries.org/ Software Link:...
Joomla Component ccNewsletter 2.x.x id - SQL Injection
Joomla Component ccNewsletter 2.x.x id - SQL Injection Exploit Title: Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.chillcreations.com/ Software Link: https://extensions.joomla.org/extension/ccnewsletter/ Version: 2.x Stable...
Netis WF2419 Router - Cross-Site Scripting
Netis WF2419 Router - Cross-Site Scripting Exploit Title: Netis-WF2419 HTML Injection Date: 20/01/2018 Exploit Author: Sajibe Kanti Author Contact :https://twitter.com/@sajibekantibd Vendor Homepage: http://www.netis-systems.com/ Version: Netis-WF2419 , V3.2.41381 Tested on: Windows 10 CEV :...
Shopware 5.2.55.3 - Cross-Site Scripting
Shopware 5.2.55.3 - Cross-Site Scripting Document Title: =============== Shopware 5.2.5 & v5.3 - Multiple Cross Site Scripting Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1922 Shopware Security Tracking ID: SW-19834 Security Updat...
Ichano AtHome IP Cameras - Multiple Vulnerabilities
Ichano AtHome IP Cameras - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three 3 vulnerabilities found in Ichano IP Cameras. AtHome Camera is “a remote video surveillance app which turns your personal computer, smart TV/set-top box, smart phone, and tablet into...
PHP Multivendor Ecommerce 1.0 - sid searchcat chid1 SQL Injection
PHP Multivendor Ecommerce 1.0 - sid searchcat chid1 SQL Injection Exploit Title: PHP Multivendor Ecommerce 1.0 - SQL Injection Dork: N/A Date: 09.12.2017 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/php-multivendor-ecommerce/ Version: 1.0...
WordPress Plugin WPGYM - SQL Injection
WordPress Plugin WPGYM - SQL Injection Exploit Title: WPGYM - Wordpress Gym Management System - SQL Injection Dork: N/A Date: 26.09.2017 Vendor Homepage: http://mojoomla.com/ Software Link: https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964 Demo:...
FLIR Thermal Camera FFCPTD - SSH Backdoor Access
FLIR Thermal Camera FFCPTD - SSH Backdoor Access FLIR Systems FLIR Thermal Camera F/FC/PT/D Hard-Coded SSH Credentials Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA, 1.3.3 GA...
Mako Web Server 2.5 - Multiple Vulnerabilities
Mako Web Server 2.5 - Multiple Vulnerabilities + SSD Beyond Security: https://blogs.securiteam.com/index.php/archives/3391 + Credits: John Page a.k.a hyp3rlinx + Website: hyp3rlinx.altervista.org + Source:...
Invoice Manager 3.1 - Cross-Site Request Forgery (Add Admin)
Invoice Manager 3.1 - Cross-Site Request Forgery Add Admin ======================================================== Invoice Manager v3.1 Cross site request forgery Add Admin Description : Invoice Manager v3.1 is vulnerable to CSRF attack No CSRF token in place which if an admin user can be tricke...
Nitro Pro PDF - Multiple Vulnerabilities
Nitro Pro PDF - Multiple Vulnerabilities Vulnerabilities Summary The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF. Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you chan...
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution
eVestigator Forensic PenTester - Man In The Middle Remote Code Execution Exploit Title: eVestigator Forensic PenTester v1 - Remote Code Execution via MITM Date: 30/Jun/17 Exploit Author: MaXe Vendor Homepage: https://play.google.com/store/apps/details?id=penetrationtest.eVestigator.com Software...