41207 matches found
Linux Kernel 2.02.1 (Digital UNIX 4.0 D FreeBSD 2.2.4 HP HP-UX 10.2011.0 IBM AIX 3.2.5 NetBSD 1.2 Solaris 2.5.1) - Smurf Denial of Service
Linux Kernel 2.02.1 Digital UNIX 4.0 D FreeBSD 2.2.4 HP HP-UX 10.2011.0 IBM AIX 3.2.5 NetBSD 1.2 Solaris 2.5.1 - Smurf Denial of Service / source: https://www.securityfocus.com/bid/147/info The "Smurf" denial of service exploits the existance, and forwarding of, packets sent to IP broadcast...
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting
Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security...
FreeSWITCH 1.10.1 - Command Execution
FreeSWITCH 1.10.1 - Command Execution Exploit Title: FreeSWITCH 1.10.1 - Command Execution Date: 2019-12-19 Exploit Author: 1F98D Vendor Homepage: https://freeswitch.com/ Software Link: https://files.freeswitch.org/windows/installer/x64/FreeSWITCH-1.10.1-Release-x64.msi Version: 1.10.1 Tested on:...
Cisco WLC 2504 8.9 - Denial of Service (PoC)
Cisco WLC 2504 8.9 - Denial of Service PoC Exploit Title: Cisco WLC 2504 8.9 - Denial of Service PoC Google Dork: N/A Date: 2019-11-25 Exploit Author: SecuNinja Vendor Homepage: cisco.com Software Link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191106-wlc-do...
Ubuntu 19.10 - ubuntu-aufs-modified mmap_region() Breaks Refcounting in overlayfsshiftfs Error Path
Ubuntu 19.10 - ubuntu-aufs-modified mmapregion Breaks Refcounting in overlayfsshiftfs Error Path Tested on 19.10. Ubuntu's aufs kernel patch includes the following change which I interestingly can't see in the AUFS code at https://github.com/sfjro/aufs5-linux/blob/master/mm/mmap.c:...
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Google Dork: N/A Date: 2019-11-15 Exploit Author: Kevin Randall Vendor Homepage: https://www.lexmark.com/enus.html Software Link:...
TemaTres 3.0 - value Persistent Cross-site Scripting
TemaTres 3.0 - value Persistent Cross-site Scripting Exploit Title: TemaTres 3.0 - 'value' Persistent Cross-site Scripting Author: Pablo Santiago Date: 2019-11-14 Vendor Homepage: https://www.vocabularyserver.com/ Source:...
Emerson PAC Machine Edition 9.70 Build 8595 - FxControlRuntime Unquoted Service Path
Emerson PAC Machine Edition 9.70 Build 8595 - FxControlRuntime Unquoted Service Path Exploit Title: Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path Discovery by: Luis Martinez Discovery Date: 2019-11-17 Vendor Homepage: https://www.emerson.com/en-us Software...
TP-Link TL-WR1043ND 2 - Authentication Bypass
TP-Link TL-WR1043ND 2 - Authentication Bypass Exploit Title: TP-Link TL-WR1043ND 2 - Authentication Bypass Date: 2019-06-20 Exploit Author: Uriel Kosayev Vendor Homepage: https://www.tp-link.com Version: TL-WR1043ND V2 Tested on: TL-WR1043ND V2 CVE : CVE-2019-6971 CVE Link:...
Foscam Video Management System 1.1.6.6 - UID Denial of Service (PoC)
Foscam Video Management System 1.1.6.6 - UID Denial of Service PoC Exploit Title: Foscam Video Management System 1.1.6.6 - 'UID' Denial of Service PoC Author: Alessandro Magnosi Date: 2019-10-09 Vendor Homepage: https://www.foscam.com/ Software Link :...
SQLiteManager 1.2.0 1.2.4 - Blind SQL Injection
SQLiteManager 1.2.0 1.2.4 - Blind SQL Injection !-- Exploit Title: Blind SQL injection in SQLiteManager 1.2.0 and 1.2.4 Date: 17-02-2019 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.sqlitemanager.org/ Software Link: http://www.sqlitemanager.org/ Version: SQLiteManager 1.2.0 and 1.2....
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload
osTicket 1.12 - Persistent Cross-Site Scripting via File Upload Exploit Title: osTicket-v1.12 Stored XSS via File Upload Vendor Homepage: https://osticket.com/ Software Link: https://osticket.com/download/ Exploit Author: Aishwarya Iyer Contact: https://twitter.com/aish9524 Website:...
BlogEngine.NET 3.3.63.3.7 - path Directory Traversal
BlogEngine.NET 3.3.63.3.7 - path Directory Traversal Exploit Title: Directory Traversal on BlogEngine.NET Date: 24 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10717 1. Description ============== BlogEngine.NET is...
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Produ...
WordPress Plugin Form Maker 1.13.3 - SQL Injection
WordPress Plugin Form Maker 1.13.3 - SQL Injection -- coding: utf-8 -- Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection Date: 22-03-2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://10web.io/plugins/ Software Link:...
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free
Visual Voicemail for iPhone - IMAP NAMESPACE Processing Use-After-Free Visual Voicemail VVM is a feature of mobile devices that allows voicemail to be read in an email-like format. Carriers set up a Visual Voicemail server that supports IMAP, and the device queries this server for new email. Visu...
Nagios XI 5.6.1 - SQL injection
Nagios XI 5.6.1 - SQL injection Exploit Title: Nagiosxi username sql injection Date: 22/05/2019 Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.nagios.com Software Link: https://www.nagios.com/products/nagios-xi/ Version: xi-5.6.1 Tested on: MacOSX CVE:...
Interspire Email Marketer 6.20 - surveys_submit.php Remote Code Execution
Interspire Email Marketer 6.20 - surveyssubmit.php Remote Code Execution Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6....
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
LG Supersign EZ CMS - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Supersign EZ CMS RCE', 'Description' = %q LG SuperSignEZ CMS, that many LG SuperSign TVs...
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
Spring Cloud Config 2.1.x - Path Traversal Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an...
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control
PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Incorrect Access Control Date: 14/01/2019 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-incorrect-access-control/...
Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow
Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None...
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
pfSense 2.4.4-p1 HAProxy Package 0.5914 - Persistent Cross-Site Scripting Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Date: 13.02.2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N...
MarcomCentral FusionPro VDP Creator 10.0 - Directory Traversal
MarcomCentral FusionPro VDP Creator 10.0 - Directory Traversal !/usr/bin/env python ''' Exploit Title: MarcomCentral FusionPro VDP Creator :/Windows/System32/drivers/etc/hosts. No slash-dot-dots /../.. are required, but you can add some if you want. Note that the slashes are forward slashes! By...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Arbitrary File Disclosure BEWARD N100 H.264 VGA IP Camera M2.1.6 Arbitrary File Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support for a mor...
ResourceSpace 8.6 - collection_edit.php SQL Injection
ResourceSpace 8.6 - collectionedit.php SQL Injection Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an...
ASANSUID - Local Privilege Escalation
ASANSUID - Local Privilege Escalation !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a...
Apache Superset 0.23 - Remote Code Execution
Apache Superset 0.23 - Remote Code Execution Exploit Title: Apache Superset ' sys.exit else: Script arguments supersetIP = sys.argv1 supersetPort = sys.argv2 Verify these URLs match your environment loginURL = 'http://' + supersetIP + ':' + supersetPort + '/login/' uploadURL = 'http://' +...
Webiness Inventory 2.9 - Arbitrary File Upload
Webiness Inventory 2.9 - Arbitrary File Upload Exploit Title: Webiness Inventory 2.9 - Arbitrary File Upload Date: 2018-10-27 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Software Link: https://github.com/webiness/webinessinventory Version: 2.9 3145728 61 continue; 62 63 64 /...
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write Exploit Title: ServersCheck Monitoring Software 14.3.3 - Denial of Service PoC Author: John Page aka hyp3rlinx Date: 2018-10-23 Vendor: www.serverscheck.com Software Link: http://downloads.serverscheck.com/monitoringsoftware/setup.exe...
D-Link Routers - Command Injection
D-Link Routers - Command Injection Shell command injection CVE: CVE-2018-10823 CVSS v3: 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02,...
Phoenix Contact WebVisit 6.40.00 - Password Disclosure
Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Title: Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Author: Deneut Tijl Date: 2018-09-30 Vendor Homepage: www.phoenixcontact.com Software Link:...
WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) template_id SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - Authenticated templateid SQL Injection Exploit Title: WordPress Plugin Gift Voucher 1.0.5 - 'templateid' SQL Injection Google Dork: intext:"/wp-content/plugins/gift-voucher/" Date: 2018-08-23 Exploit Author: Renos Nikolaou Software Link:...
Microsoft DirectX SDK - Xact.exe Remote Code Execution
Microsoft DirectX SDK - Xact.exe Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DIRECTX-SDK-XACT.EXE-TROJAN-FILE-CODE-EXECUTION.txt + ISR: Apparition Security Greetz: indoushka | Eduardo...
Microsoft Windows - dnslint.exe Drive-By Download
Microsoft Windows - dnslint.exe Drive-By Download + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DNSLINT.EXE-FORCED-DRIVE-BY-DOWNLOAD.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor...
VelotiSmart WiFi B-380 Camera - Directory Traversal
VelotiSmart WiFi B-380 Camera - Directory Traversal Title: Vulnerability in VelotiSmart Wifi - Directory Traversal Date: 12-07-2018 Scope: Directory Traversal Platforms: Unix Author: Miguel Mendez Z Vendor: VelotiSmart Version: B380 CVE: CVE-2018–14064 Vulnerability description...
DIGISOL DG-BR4000NG - Buffer Overflow (PoC)
DIGISOL DG-BR4000NG - Buffer Overflow PoC Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow PoC Date 2018-06-24 Vendor Homepage† http://www.digisol.com Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK Version: DIGISOL DG-BR4000NG Wireless Router Catego...
Siaberry 1.2.2 - Command Injection
Siaberry 1.2.2 - Command Injection Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying and selling data storage...
Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery
Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery Exploit Title: Joomla! extension jCart for OpenCart 2.3.0.2 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link:...
EMC RecoverPoint 4.3 - Admin CLI Command Injection
EMC RecoverPoint 4.3 - Admin CLI Command Injection Exploit Title: EMC RecoverPoint 4.3 - Admin CLI Command Injection Version: RecoverPoint prior to 5.1.1 RecoverPoint for VMs prior to 5.0.1.3 Date: 2018-05-11 Exploit Author: Paul Taylor Github: https://github.com/bao7uo Tested on: RecoverPoint fo...
CSP MySQL User Manager 2.3.1 - Authentication Bypass
CSP MySQL User Manager 2.3.1 - Authentication Bypass Exploit Title: CSP MySQL User Manager 2.3.1 - Authentication Bypass Date: 2018-05-04 Exploit Author: Youssef mami Vendor Homepage: https://code.google.com/archive/p/cspmum/ Software Link:...
Open-AudIT 2.1 - CSV Macro Injection
Open-AudIT 2.1 - CSV Macro Injection Hi Guys, Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Google Dork: N/A Date: 21-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link:...
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting
Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Exploit Title: Joomla! Component jDownloads 3.2.58 - Cross Site Scripting Google Dork: N/A Date: 14-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.jdownloads.com/ Software Link:...
WUZHI CMS 4.1.0 - Cross-Site Request Forgery (Add User)
WUZHI CMS 4.1.0 - Cross-Site Request Forgery Add User Exploit Title: WUZHI CMS 4.1.0 CSRF vulnerability add user account Date: 2018-04-10 Exploit Author: taoge Vendor Homepage: https://github.com/wuzhicms/wuzhicms Software Link: https://github.com/wuzhicms/wuzhicms Version: 4.1.0 CVE :...
DualDesk 20 - Proxy.exe Denial of Service
DualDesk 20 - Proxy.exe Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DUALDESK-v20-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: =============== www.dualdesk.com Product: =========== DualDes...
Papenmeier WiFi Baby Monitor Free Lite 2.02.2 - Remote Audio Record
Papenmeier WiFi Baby Monitor Free Lite 2.02.2 - Remote Audio Record Whilst analysing a number of free communication based applications on the Google Play Store, I took a look at WiFi Baby Monitor: Free & Lite the free version of WiFi Baby Monitor. Although the premium version offered users the...
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload
Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Exploit Title: Joomla! Component Proclaim 9.1.1 - Arbitrary File Upload Dork: N/A Date: 22.02.2018 Vendor Homepage: https://www.christianwebministries.org/ Software Link:...
LogicalDOC Enterprise 7.7.4 - User Enumeration
LogicalDOC Enterprise 7.7.4 - User Enumeration LogicalDOC Enterprise 7.7.4 Username Enumeration Weakness Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free document management...
Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access
Geovision Inc. IP CameraVideoAccess Control - Multiple Remote Command Execution Stack Overflow Double Free Unauthorized Access STX Subject: Geovision Inc. IP Camera/Video/Access Control Multiple Remote Command Execution - Multiple Stack Overflow - Double free - Unauthorized Access Attack vector:...