Ecommerce Systempay 1.0 - Production KEY Brute Force

Ecommerce Systempay 1.0 - Production KEY Brute Force Exploit Title: Ecommerce Systempay 1.0 - Production KEY Brute Force Author: live3 Date: 2020-02-05 Vendor Homepage: https://paiement.systempay.fr/doc/fr-FR/ Software Link: https://paiement.systempay.fr/doc/fr-FR/module-de-paiement-gratuit/ Test...

Trend Micro Maximum Security 2019 - Arbitrary Code Execution

Trend Micro Maximum Security 2019 - Arbitrary Code Execution Exploit Title: Trend Micro Maximum Security 2019 - Arbitrary Code Execution Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security...

Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation

Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation Exploit Title: Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation Date: 2019-12-18 Exploit Author: Vulnerability-Lab Vendor Homepage:...

Bullwark Momentum Series JAWS 1.0 - Directory Traversal

Bullwark Momentum Series JAWS 1.0 - Directory Traversal Title: Bullwark Momentum Series JAWS 1.0 - Directory Traversal Date: 2019-12-11 Author: Numan Türle Vendor Homepage: http://www.bullwark.net/ Version : Bullwark Momentum Series Web Server JAWS/1.0 Software Link :...

Product Key Explorer 4.2.0.0 - Key Denial of Service (PoC)

Product Key Explorer 4.2.0.0 - Key Denial of Service PoC Exploit Title: Product Key Explorer 4.2.0.0 - 'Key' Denial of Service POC Discovery by: SajjadBnd Date: 2019-12-10 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/productkeyexplorersetup.exe Teste...

CBAS-Web 19.0.0 - id Boolean-based Blind SQL Injection

CBAS-Web 19.0.0 - id Boolean-based Blind SQL Injection Exploit Title: CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection Google Dork: NA Date: 2019-11-11 Exploit Author: LiquidWorm Vendor Homepage: https://www.computrols.com/capabilities-cbas-web/ Software Link:...

Prima FlexAir Access Control 2.3.38 - Remote Code Execution

Prima FlexAir Access Control 2.3.38 - Remote Code Execution Exploit Title: Prima FlexAir Access Control 2.3.38 - Remote Code Execution Google Dork: NA Date: 2018-09-06 Exploit Author: LiquidWorm Vendor Homepage: https://www.primasystems.eu/ Software Link:...

Alps HID Monitor Service 8.1.0.10 - ApHidMonitorService Unquote Service Path

Alps HID Monitor Service 8.1.0.10 - ApHidMonitorService Unquote Service Path Exploit Title: Alps HID Monitor Service 8.1.0.10 - 'ApHidMonitorService' Unquote Service Path Date: 2019-11-07 Exploit Author: Héctor Gabriel Chimecatl Hernández Vendor Homepage: https://www.alps.com/e/ Software Link:...

Bolt CMS 3.6.10 - Cross-Site Request Forgery

Bolt CMS 3.6.10 - Cross-Site Request Forgery Exploit Title: Bolt CMS 3.6.10 - Cross-Site Request Forgery Date: 2019-10-15 Exploit Author: r3m0t3nu11Zero-Way Vendor Homepage: https://bolt.cm/ Software Link: https://bolt.cm/ Version: up to date and 6.5 Tested on: Linux CVE : CVE-2019-1759 last...

WordPress Arforms 3.7.1 - Directory Traversal

WordPress Arforms 3.7.1 - Directory Traversal Exploit Title: WordPress Arforms 3.7.1 - Directory Traversal Date: 2019-09-27 Exploit Author: Ahmad Almorabea Updated version of the exploit can be found always at : http://almorabea.net/cve-2019-16902.txt Software Link:...

DotNetNuke 9.4.0 - Cross-Site Scripting

DotNetNuke 9.4.0 - Cross-Site Scripting Exploit Title: Stored Cross-Site Scripting in DotNetNuke DNN Version before 9.4.0 Exploit Description : This exploit will add a superuser to target DNN website. Exploit Condition : Successful exploitation occurs when an admin user visits a notification page...

Gila CMS 1.11.1 - Local File Inclusion

Gila CMS 1.11.1 - Local File Inclusion Exploit Title: Authenticated Local File InclusionLFI in GilaCMS Google Dork: N/A Date: 04-08-2019 Exploit Author: Sainadh Jamalpur Vendor Homepage: https://github.com/GilaCMS/gila Software Link: https://github.com/GilaCMS/gila Version: 1.10.9 Tested on: XAMP...

Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation

Microsoft Windows 7 build 7601 x86 - Local Privilege Escalation include include / EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47176.zip / / PREPROCESSOR DEFINITIONS / define MNSELECTITEM 0x1E5 define MNSELECTFIRSTVALIDITEM 0x1E7 define...

REDCap 9.1.2 - Cross-Site Scripting

REDCap 9.1.2 - Cross-Site Scripting Exploit Title: REDCap - Details: Since it is an onkeypress event, it is triggered whenever the user touch any key and since the XSS payload is stored in the project name it appears in several pages. - Privileges: It requires admin privileges to store it. -...

DameWare Remote Support 12.0.0.509 - Host Buffer Overflow (SEH)

DameWare Remote Support 12.0.0.509 - Host Buffer Overflow SEH !/usr/bin/env python Author: Xavi Beltran Date: 11/07/2019 Description: SEH based Buffer Overflow DameWare Remote Support V. 12.0.0.509 CVE-2018-12897 Contact: [email protected] Webpage: https://xavibel.com Tested on: Windows ...

SNMPc Enterprise Edition 910 - Mapping Filename Buffer Overflow

SNMPc Enterprise Edition 910 - Mapping Filename Buffer Overflow !/usr/bin/python -- coding: utf-8 -- -------------------------------------------------------------------- Exploit: SNMPc Enterprise Edition 9 & 10 Mapping File Name BOF Date: 11 July 2019 Exploit Author: @xerubus | mogozobo.com Vendo...

Centreon 19.04 - Remote Code Execution

Centreon 19.04 - Remote Code Execution !/usr/bin/python ''' Exploit Title: Centreon v19.04 authenticated Remote Code Execution Date: 28/06/2019 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2019-13024 Vendor Homepage: https://www.centreon.com/ Software link: https://download.centreon.com Versio...

Zoho ManageEngine ServiceDesk Plus 9.3 - SiteLookup.do Cross-Site Scripting

Zoho ManageEngine ServiceDesk Plus 9.3 - SiteLookup.do Cross-Site Scripting Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SiteLookup.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage:...

Qualcomm Android - Kernel Use-After-Free via Incorrect set_page_dirty() in KGSL

Qualcomm Android - Kernel Use-After-Free via Incorrect setpagedirty in KGSL The following issue exists in the android-msm-wahoo-4.4-pie branch of https://android.googlesource.com/kernel/msm and possibly others: When kgslmementrydestroy in drivers/gpu/msm/kgsl.c is called for a writable entry with...

RICOH SP 4510DN Printer - HTML Injection

RICOH SP 4510DN Printer - HTML Injection Exploit Title: RICOH SP 4510DN Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.htm...

LG Supersign EZ CMS - Remote Code Execution (Metasploit)

LG Supersign EZ CMS - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Supersign EZ CMS RCE', 'Description' = %q LG SuperSignEZ CMS, that many LG SuperSign TVs...

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Intelbras IWR 3000N - Denial of Service Remote Reboot /bin/bash PoC based on CVE-2019-11415 created by Social Engineering Neo. Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/ A malformed login request allows remote attackers to cause a denial ...

ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution (Metasploit)

ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module...

Job Portal 3.1 - job_submit SQL Injection

Job Portal 3.1 - jobsubmit SQL Injection =========================================================================================== Exploit Title: NewJobPortal v3.1 - 'jobsubmit' SQL Inj. Dork: N/A Date: 25-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by th...

Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow

Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None...

MarcomCentral FusionPro VDP Creator 10.0 - Directory Traversal

MarcomCentral FusionPro VDP Creator 10.0 - Directory Traversal !/usr/bin/env python ''' Exploit Title: MarcomCentral FusionPro VDP Creator :/Windows/System32/drivers/etc/hosts. No slash-dot-dots /../.. are required, but you can add some if you want. Note that the slashes are forward slashes! By...

BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure

BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support...

Nessus 8.2.1 - Cross-Site Scripting

Nessus 8.2.1 - Cross-Site Scripting Exploit Title: Nessus 8.2.1 | Stored Cross-Site Scripting Date: 29.01.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.tenable.com Software Link: https://www.tenable.com/downloads/nessus Version: 8.2.1 Introduction Nessus is 1 For Vulnerability...

Advanced Host Monitor 11.90 Beta - Registration number Denial of Service (PoC)

Advanced Host Monitor 11.90 Beta - Registration number Denial of Service PoC Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-30 Vendor Homepage: https://www.ks-soft.net Software Link :...

Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution

Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Date: 2018-11-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link:...

Musicco 2.0.0 - Arbitrary Directory Download

Musicco 2.0.0 - Arbitrary Directory Download Exploit Title: Musicco 2.0.0 - Arbitrary Directory Download Dork: N/A Date: 2018-11-09 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.musicco.app/ Software Link: https://codeload.github.com/micser/musicco/zip/master Version: 2.0.0 Category:...

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Exploit Title: TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Date: 2018-11-07 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com...

ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution

ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Exploit Title: ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Date: 2018-10-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.projeqtor.org Software Link:...

Phoenix Contact WebVisit 6.40.00 - Password Disclosure

Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Title: Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Author: Deneut Tijl Date: 2018-09-30 Vendor Homepage: www.phoenixcontact.com Software Link:...

iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection

iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection Exploit Title: iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20 – XML External Entity Injection Google Dork: N/A Date: 2018-09-27 Exploit Author: Sureshbabu Narvaneni Author Blog : https://nullnews.in Vendor...

WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free

WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free function eventhandler2 try var var00138 = svgvar00013.parentNode; catche try htmlvar00006.setAttribute"onfocusin", "eventhandler2"; catche try svgvar00001.aftervar00138; catche function eventhandler5 try...

XAMPP Control Panel 3.2.2 - Denial of Service (PoC)

XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Title: XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Author: Gionathan "John" Reale Date: 2018-09-14 Software: XAMPP Version: 3.2.2 / 7.2.9 Newest version at time of writing Download:...

Vox TG790 ADSL Router - Cross-Site Scripting

Vox TG790 ADSL Router - Cross-Site Scripting Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are ab...

WebkitGTK+ 2.20.3 - ImageBufferCairo::getImageData() Buffer Overflow (PoC)

WebkitGTK+ 2.20.3 - ImageBufferCairo::getImageData Buffer Overflow PoC Exploit Title: WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData' Buffer Overflow PoC Date: 2018-08-15 Exploit Author: PeregrineX Vendor Homepage: https://webkitgtk.org/ & https://webkit.org/wpe/ Software Link:...

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML...

Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation Windows: Windows: Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the...

Linux Kernel 4.16.11 - ext4_read_inline_data() Memory Corruption

Linux Kernel 4.16.11 - ext4readinlinedata Memory Corruption ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in...

CloudMe Sync 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)

CloudMe Sync 1.11.0 - Buffer Overflow SEH DEP Bypass Exploit: CloudMe Sync netstat -nao | find "8888" TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 2640 C:\tasklist | find "2640" CloudMe.exe 2640 Console 1 36,632 K Attacking Machine: root@kali:/Desktop python cloudme.py CloudMe Sync v1.10.9 Buffer Overflo...

2345 Security Guard 3.7 - 2345BdPcSafe.sys Denial of Service

2345 Security Guard 3.7 - 2345BdPcSafe.sys Denial of Service Exploit Title: BSOD by IOCTL 0x002220e0 in 2345BdPcSafe.sys of 2345 Security Guard 3.7 Date: 20180509 Exploit Author: anhkgg Vendor Homepage: http://safe.2345.cc/ Software Link: http://dl.2345.cc/2345pcsafe/2345pcsafev3.7.0.9345.exe...

VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)

VMware Workstation 12.5.2 - Drag n Drop Use-After-Free Pwn2Own 2017 PoC char initialdnd = "tools.capability.dndversion 4"; static const int cbObj = 0x100; char seconddnd = "tools.capability.dndversion 2"; char chgver = "vmx.capability.dndversion"; char calltransport = "dnd.transport "; char...

DLink DIR-601 - Admin Password Disclosure

DLink DIR-601 - Admin Password Disclosure Exploit Title: DLink DIR-601 Unauthenticated Admin password disclosure Google Dork: N/A Date: 12/24/2017 Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windo...

Easy Avi Divx Xvid to DVD Burner 2.9.11 - .avi Denial of Service

Easy Avi Divx Xvid to DVD Burner 2.9.11 - .avi Denial of Service !/usr/bin/python Exploit Title : Easy Avi Divx Xvid to DVD Burner v2.9.11 - Local Denial of Service Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage :...

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation

Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation / Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here:...

WebLog Expert Enterprise 9.4 - Denial of Service

WebLog Expert Enterprise 9.4 - Denial of Service + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WEBLOG-EXPERT-WEB-SERVER-ENTERPRISE-v9.4-DENIAL-OF-SERVICE.txt + ISR: Apparition Security Vendor: ======= www.weblogexpert.c...