41207 matches found
logrotten 3.15.1 - Privilege Escalation
logrotten 3.15.1 - Privilege Escalation Exploit Title: logrotten 3.15.1 - Privilege Escalation Date: 2019-10-04 Exploit Author: Wolfgang Hotwagner Vendor Homepage: https://github.com/logrotate/logrotate Software Link: https://github.com/logrotate/logrotate/releases/tag/3.15.1 Version: all version...
GoAhead 2.5.0 - Host Header Injection
GoAhead 2.5.0 - Host Header Injection Exploit Title: GoAhead Web server HTTP Header Injection. Shodan Query: Server: Goahead Discovered Date: 05/07/2019 Exploit Author: Ramikan Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5.0 may be others. Tested On Version: 2.5.0 in...
Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts
Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts Microsoft DirectWrite is a modern Windows API for high-quality text rendering. A majority of its code resides in the DWrite.dll user-mode library. It is used by a variety of widely used desktop programs such as the...
Webmin 1.920 - Remote Code Execution
Webmin 1.920 - Remote Code Execution !/bin/sh CVE-2019-15107 Webmin Unauhenticated Remote Command Execution based on Metasploit module https://www.exploit-db.com/exploits/47230 Original advisory: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html...
SilverSHielD 6.x - Local Privilege Escalation
SilverSHielD 6.x - Local Privilege Escalation This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit Title: extenua SilverSHielD 6.x local priviledge escalation Google Dork: na Date: 31 Jul 2019 Exploit Author: Ian...
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting
WordPress Theme Real Estate 2.8.9 - Cross-Site Scripting Exploit Title: Real Estate 7 - Real Estate WordPress Theme v2.8.9 Persistent XSS Injection Google Dork: inurl:"/wp-content/themes/realestate-7/" Date: 2019/07/20 Author: m0ze Vendor Homepage: https://contempothemes.com Software Link:...
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access
Mozilla Spidermonkey - Unboxed Objects Uninitialized Memory Access / For constructors, Spidermonkey implements a "definite property analysis" 1 to compute which properties will definitely exist on the constructed objects. Spidermonkey then directly allocates the constructed objects with the final...
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0...
SeedDMS versions 5.1.11 - Remote Command Execution
SeedDMS versions 5.1.11 - Remote Command Execution Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4: Now...
Microsoft Windows (x84x64) - Error Reporting Discretionary Access Control List Local Privilege Escalation
Microsoft Windows x84x64 - Error Reporting Discretionary Access Control List Local Privilege Escalation EDIT: Apparently this was patched earlier this month.. so whatever. Windows Error Reporting Arbitrary DACL write It can take upwards of 15 minutes for the bug to trigger. If it takes too long,...
74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)
74CMS 5.0.1 - Cross-Site Request Forgery Add New Admin User Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: http://www.74cms.com/download/index.html Version: v5.0.1 CVE :...
PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)
PilusCart 1.4.1 - Cross-Site Request Forgery Add Admin Exploit Title: PilusCart 1.4.1 - Cross-Site Request Forgery Add Admin Google Dork: N/A Date: 10-03-2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://github.com/piluscart Software Link:...
Anyburn 4.3 x86 - Copy disc to image file Buffer Overflow (Unicode) (SEH)
Anyburn 4.3 x86 - Copy disc to image file Buffer Overflow Unicode SEH !/usr/bin/python Exploit Title: Anyburn 4.3 - 'Copy disc to image file' Buffer Overflow - UNICODESEH Version: 4.3 Date: 07-03-2019 Author: Hodorsec [email protected] / [email protected] Vendor Homepage:...
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor Custom Binary)
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution Persistent Backdoor Custom Binary !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vend...
Master IP CAM 01 3.3.4.2103 - Remote Command Execution
Master IP CAM 01 3.3.4.2103 - Remote Command Execution Exploit Title: Master IP CAM 01 Remote Command Execution Date: 09-02-2019 Remote: Yes Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Master IP CAM Version: 3.3.4.2103 CVE: CVE-2019-8387 import sys import reques...
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
River Past Audio Converter 7.7.16 - Buffer Overflow SEH Exploit Title: RiverPastAudioConverter - Buffer Overflow SEH Date: 06.02.2019 Vendor Homepage: www.riverpast.com Software Link: https://en.softonic.com/download/river-past-audio-converter/windows/post-download?sl=3D1 Exploit Author: Matteo...
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows I was looking into the root cause of https://bugs.chromium.org/p/chromium/issues/detail?id=850350. In that bug, due to precision errors, Skia generated a concave RRect, but declared it convex. Later, the RRect was transformed with...
Pydio AjaXplorer 5.0.4 - (Unauthenticated) Arbitrary File Upload
Pydio AjaXplorer 5.0.4 - Unauthenticated Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Vulnerability In Pydio/AjaXplorer 5.0.3 – 3.3.5 Date: 01/18/2019 Exploit Author: @jazz Vendor Homepage: https://pydio.com/ Software Link:...
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation / Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version -...
Across DR-810 ROM-0 - Backup File Disclosure
Across DR-810 ROM-0 - Backup File Disclosure Exploit Title: Across DR-810 ROM-0 Backup - File DisclosureSensitive Information Date: 2019-01-11 Exploit Author: SajjadBnd My Email: [email protected] Vendor Homepage: http://www.ac.i8i.ir/ Version: DR-810 Tested on: DR-810 RomPager/4.07 UPnP/1.0 +...
GNU inetutils 1.9.4 - telnet.c Multiple Overflows (PoC)
GNU inetutils 1.9.4 - telnet.c Multiple Overflows PoC GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escap...
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Date: 2018-11-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link:...
School Attendance Monitoring System 1.0 - Arbitrary File Upload
School Attendance Monitoring System 1.0 - Arbitrary File Upload Exploit Title: School Attendance Monitoring System 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...
FLIR Brickstream 3D+ - RTSP Stream Disclosure
FLIR Brickstream 3D+ - RTSP Stream Disclosure FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842 Api: 1.0.0 Node: 0.10.33 Onvif: 0.1.1.47 Summary: The Brickstream...
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion
WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Exploit Title: WordPress Plugin Wechat Broadcast 1.2.0 - Local File Inclusion Author: Manuel Garcia Cardenas Date: 2018-09-19 Software link: https://es.wordpress.org/plugins/wechat-broadcast/ CVE: CVE-2018-16283 Description This bug w...
mooSocial Store Plugin 2.6 - SQL Injection
mooSocial Store Plugin 2.6 - SQL Injection Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL:...
TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
TP-Link WR840N 0.9.1 3.16 - Denial of Service PoC Exploit Title: TP-Link WR840N 0.9.1 3.16 - Denial of Service PoC Exploit Author: Aniket Dinda Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q...
PolarisOffice 2017 8 - Remote Code Execution
PolarisOffice 2017 8 - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/POLARISOFFICE-2017-v8-REMOTE-CODE-EXECUTION.txt + ISR: Apparition Security Vendor: ============= www.polarisoffice.com Product:...
School Management System CMS 1.0 - username SQL Injection
School Management System CMS 1.0 - username SQL Injection Exploit Title: School Management System CMS 1.0 - Admin Login SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage:...
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family...
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free Pwn2Own 2017 PoC char initialdnd = "tools.capability.dndversion 4"; static const int cbObj = 0x100; char seconddnd = "tools.capability.dndversion 2"; char chgver = "vmx.capability.dndversion"; char calltransport = "dnd.transport "; char...
Barco ClickShare CSE-200 - Remote Denial of Service
Barco ClickShare CSE-200 - Remote Denial of Service !/usr/bin/python Exploit Title: Barco ClickShare CSE-200 - Remote Denial of Service Date: 11-04-2018 Hardware Link: https://www.barco.com/de/product/clickshare-cse-200 Exploit Author: Florian Hauser Contact: florian DOT g DOT hauser AT gmail DOT...
Microsoft Windows Remote Assistance - XML External Entity Injection
Microsoft Windows Remote Assistance - XML External Entity Injection Exploit Title: Microsoft Windows Remote Assistance XXE Date: 27/03/2018 Exploit Author: Nabeel Ahmed Tested on: Windows 7 x64, Windows 10 x64 CVE : CVE-2018-0878 Category: Remote Exploits Invitation.msrcincident...
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow SWAMI KARUPASAMI THUNAI Exploit Title: Allok Video Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions...
Kamailio 5.1.1 5.1.0 5.0.0 - Off-by-One Heap Overflow
Kamailio 5.1.1 5.1.0 5.0.0 - Off-by-One Heap Overflow ''' Off-by-one heap overflow in Kamailio - Authors: - Alfred Farrugia - Sandro Gauci - Fixed versions: Kamailio v5.1.2, v5.0.6 and v4.4.7 - References: no CVE assigned yet - Enable Security Advisory: - Tested vulnerable versions: 5.1.1, 5.1.0,...
TextPattern 4.6.2 - qty SQL Injection
TextPattern 4.6.2 - qty SQL Injection ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...
Sophos UTM 9.410 - loginuser confd Service Privilege Escalation
Sophos UTM 9.410 - loginuser confd Service Privilege Escalation KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL:...
Papenmeier WiFi Baby Monitor Free Lite 2.02.2 - Remote Audio Record
Papenmeier WiFi Baby Monitor Free Lite 2.02.2 - Remote Audio Record Whilst analysing a number of free communication based applications on the Google Play Store, I took a look at WiFi Baby Monitor: Free & Lite the free version of WiFi Baby Monitor. Although the premium version offered users the...
GNU binutils 2.26.1 - Integer Overflow (PoC)
GNU binutils 2.26.1 - Integer Overflow PoC Exploit Title: Objdump - Integer Overflow Crash POC Date: 12.02.2018 Exploit Author: r4xis Tested Version: 2.26.1 Vuln Version: \nint mainprintf"HelloWorld!\n"; return 0;" f = open"helloWorld.c", 'w' f.writehello f.close os.system"gcc -c helloWorld.c -o...
Real Estate Custom Script - route SQL Injection
Real Estate Custom Script - route SQL Injection Exploit Title: Real Estate Custom Script - 'route' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 1.0 Tested on:...
Trend Micro Threat Discovery Appliance 2.6.1062r1 - dlp_policy_upload.cgi Remote Code Execution
Trend Micro Threat Discovery Appliance 2.6.1062r1 - dlppolicyupload.cgi Remote Code Execution !/usr/local/bin/python """ Trend Micro Threat Discovery Appliance /opt/TrendMicro/MinorityReport/bin/ Then, all we do is create /engptnstores/prod/sensorSDK/data/si/dlpkill.sh with malicious code and get...
Nexpose 6.4.66 - Cross-Site Request Forgery
Nexpose 6.4.66 - Cross-Site Request Forgery Exploit Title: Cross Site Request Forgery at Nexpose Automated Actions Release Date: 2017-12-13 Exploit Author: Shwetabh Vishnoi Link: https://www.linkedin.com/in/shwetabhvishnoi Vendor Homepage: https://www.rapid7.com/ Software Link:...
RISE 1.9 - search SQL Injection
RISE 1.9 - search SQL Injection Exploit Title: RISE Ultimate Project Manager 1.9 - SQL Injection Exploit Author: Ahmad Mahfouz Contact: http://twitter.com/eln1x Date: 30/12/2017 CVE: CVE-2017-17999 Vendor Homepage: http://fairsketch.com/ Version: 1.9 POST...
WebKit - WebCore::RenderText::localCaretRect Out-of-Bounds Read
WebKit - WebCore::RenderText::localCaretRect Out-of-Bounds Read / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1348 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC:...
QNAP HelpDesk 1.1.12 - SQL Injection
QNAP HelpDesk 1.1.12 - SQL Injection Vulnerability Summary The following advisory describes a SQL injection found in QTS Helpdesk versions 1.1.12 and earlier. QNAP helpdesk: “Starting from QTS 4.2.2 you can use the built-in Helpdesk app to directly submit help requests to QNAP from your NAS. To d...
ClipBucket 2.8.3 - Multiple Vulnerabilities
ClipBucket 2.8.3 - Multiple Vulnerabilities @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title ClipBucket 2.8.3 - Multiple Vulnerabilities .:. Google Dorks .:. "Forged by ClipBucket" inurl:viewcollection.php?cid= .:. Date: August 15, 2017 .:...
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation (MS17-017)
Microsoft Windows 7 SP1 x86 - GDI Palette Objects Local Privilege Escalation MS17-017 E-DB Note: + Source: https://github.com/sensepost/gdi-palettes-exp + Binary: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/42432.exe include include include include //From...
GLPI 0.90.4 - SQL Injection
GLPI 0.90.4 - SQL Injection Exploit Title: Multiple SQL injection vulnerabilities in GLPI 0.90.4 Date: 2016/09/09 Exploit Author: Eric CARTER in/ericcarterengineer - CS c-s.fr Vendor Homepage: http://glpi-project.org Software Link: http://glpi-project.org/spip.php?article3 Version: 0.90.4 Tested...
Microsoft Windows - USP10!MergeLigRecords Uniscribe Font Processing Heap Memory Corruption
Microsoft Windows - USP10!MergeLigRecords Uniscribe Font Processing Heap Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1198 We have encountered a crash in the Windows Uniscribe user-mode library, in the memmove function called by USP10!MergeLigRecords, while...