41207 matches found
Microsoft Compiled HTML Help Uncompiled .chm File - XML External Entity Injection
Microsoft Compiled HTML Help Uncompiled .chm File - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-HTML-HELP-UNCOMPILED-CHM-FILE-XML-EXTERNAL-ENTITY-INJECTION.txt + ISR:...
Zoho ManageEngine ServiceDesk Plus 9.3 - SiteLookup.do Cross-Site Scripting
Zoho ManageEngine ServiceDesk Plus 9.3 - SiteLookup.do Cross-Site Scripting Exploit Title: Zoho ManageEngine ServiceDesk Plus 9.3 Cross-Site Scripting via SiteLookup.do Date: 2019-06-04 Exploit Author: Tarantula Team - VinCSS a member of Vingroup Vendor Homepage:...
Solaris 789 (SPARC) - dtprintinfo Local Privilege Escalation (2)
Solaris 789 SPARC - dtprintinfo Local Privilege Escalation 2 / raptordtprintnamesparc2.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this...
LG Supersign EZ CMS - Remote Code Execution (Metasploit)
LG Supersign EZ CMS - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Supersign EZ CMS RCE', 'Description' = %q LG SuperSignEZ CMS, that many LG SuperSign TVs...
Pegasus CMS 1.0 - extra_fields.php Plugin Remote Code Execution
Pegasus CMS 1.0 - extrafields.php Plugin Remote Code Execution Exploit Title: Pegasus extrafields.php Plugin Remote Code Execution Date: 14 March 2019 Exploit Author: R3zk0n Vendor Homepage: https://www.wisdom.com.au/web/pegasus-cms Software Link: N/A Version: 1.0 Tested on: Linux CVE : N/A The...
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor Custom Binary)
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution Persistent Backdoor Custom Binary !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vend...
C4G Basic Laboratory Information System (BLIS) 3.4 - SQL Injection
C4G Basic Laboratory Information System BLIS 3.4 - SQL Injection Exploit Title: C4G Basic Laboratory Information System BLIS 3.4 - Multiples SQL Injection Date: 01/31/2019 Software Links/Project: https://github.com/C4G/BLIS | http://blis.cc.gatech.edu/index.php Version: C4G Basic Laboratory...
BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure
BEWARD N100 H.264 VGA IP Camera M2.1.6 - RTSP Stream Disclosure BEWARD N100 H.264 VGA IP Camera M2.1.6 Unauthenticated RTSP Stream Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: M2.1.6.04C014 Summary: The N100 compact color IP camera with support...
macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem / It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and...
Advanced Host Monitor 11.90 Beta - Registration number Denial of Service (PoC)
Advanced Host Monitor 11.90 Beta - Registration number Denial of Service PoC Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-30 Vendor Homepage: https://www.ks-soft.net Software Link :...
NTPsec 1.1.2 - config (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
NTPsec 1.1.2 - config Authenticated Out-of-Bounds Write Denial of Service PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated out of bounds write proof of concept DoS Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Websit...
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting Exploit Title: MyBB OUGC Awards Plugin v1.8.3 - Cross-Site Scripting Date: 12/31/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=396 Version: 1.8.3 Tested on...
Netatalk 3.1.12 - Authentication Bypass (PoC)
Netatalk 3.1.12 - Authentication Bypass PoC import socket import struct import sys if lensys.argv != 3: sys.exit0 ip = sys.argv1 port = intsys.argv2 sock = socket.socketsocket.AFINET, socket.SOCKSTREAM print "+ Attempting connection to " + ip + ":" + sys.argv2 sock.connectip, port dsipayload =...
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-02 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link:...
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Date: 2018-11-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link:...
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)
TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Exploit Title: TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Date: 2018-11-07 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com...
OpenSLP 2.0.0 - Multiple Vulnerabilities
OpenSLP 2.0.0 - Multiple Vulnerabilities / | | | / / | . | . | -| | -| | . | ||/ || |||||| | || || 2018-11-07 MORE BUGS IN OPENSLP-2.0.0 ========================== I discovered some bugs in openslp-2.0.0 back in January, 2018. One of them I disclosed in June...
School Equipment Monitoring System 1.0 - login SQL Injection
School Equipment Monitoring System 1.0 - login SQL Injection Exploit Title: School Equipment Monitoring System 1.0 - 'login' SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...
Delta Sql 1.8.2 - Arbitrary File Upload
Delta Sql 1.8.2 - Arbitrary File Upload Exploit Title: Delta Sql 1.8.2 - Arbitrary File Upload Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://deltasql.sourceforge.net/ Software Link: https://sourceforge.net/projects/deltasql/files/latest/download Software Link:...
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection Exploit Title: iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20 – XML External Entity Injection Google Dork: N/A Date: 2018-09-27 Exploit Author: Sureshbabu Narvaneni Author Blog : https://nullnews.in Vendor...
WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free
WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free function eventhandler2 try var var00138 = svgvar00013.parentNode; catche try htmlvar00006.setAttribute"onfocusin", "eventhandler2"; catche try svgvar00001.aftervar00138; catche function eventhandler5 try...
Vox TG790 ADSL Router - Cross-Site Scripting
Vox TG790 ADSL Router - Cross-Site Scripting Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are ab...
WebkitGTK+ 2.20.3 - ImageBufferCairo::getImageData() Buffer Overflow (PoC)
WebkitGTK+ 2.20.3 - ImageBufferCairo::getImageData Buffer Overflow PoC Exploit Title: WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData' Buffer Overflow PoC Date: 2018-08-15 Exploit Author: PeregrineX Vendor Homepage: https://webkitgtk.org/ & https://webkit.org/wpe/ Software Link:...
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection
Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML...
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External...
GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)
GetGo Download Manager 6.2.1.3200 - Denial of Service PoC Exploit Title: GetGo Download Manager 6.2.1.3200 - Buffer Overflow Denial of Service Date: 2018-07-25 Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2017-17849 Tested On: Windows 7 x86, Windows 10 x64 Details The...
Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla Component Ek Rishta 2.10 - SQL Injection Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Date: 2018-06-14 Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download:...
Splunk 7.0.1 - Information Disclosure
Splunk 7.0.1 - Information Disclosure Exploit Title: Splunk 7.0.1 - Information Disclosure Date: 2018-05-23 Exploit Author: KoF2002 Vendor Homepage: https://www.splunk.com/ Version: 6.2.3 - 7.01 MAYBE ALL VERSION AFFECTED Tested on: Linux OS CVE : CVE-2018-11409 Splunk through 6.2.3 7.0.1 allows...
CloudMe Sync 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)
CloudMe Sync 1.11.0 - Buffer Overflow SEH DEP Bypass Exploit: CloudMe Sync netstat -nao | find "8888" TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 2640 C:\tasklist | find "2640" CloudMe.exe 2640 Console 1 36,632 K Attacking Machine: root@kali:/Desktop python cloudme.py CloudMe Sync v1.10.9 Buffer Overflo...
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family...
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free Pwn2Own 2017 PoC char initialdnd = "tools.capability.dndversion 4"; static const int cbObj = 0x100; char seconddnd = "tools.capability.dndversion 2"; char chgver = "vmx.capability.dndversion"; char calltransport = "dnd.transport "; char...
WampServer 3.1.2 - Cross-Site Request Forgery
WampServer 3.1.2 - Cross-Site Request Forgery Exploit Title: WampServer 3.1.2 CSRF to add or delete any virtual hostsremotely Date: 31-03-2018 Software Link: http://www.wampserver.com/en/ Version: 3.1.2 Tested On: Windows 10 Exploit Author: Vipin Chaudhary Contact: http://twitter.com/vipinxsec...
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link:...
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution
ACL Analytics 11.X - 13.0.0.579 - Arbitrary Code Execution Exploit Title: Arbitrary Code Execution Google Dork: N/A Date: 03-07-2018 Exploit Author: Clutchisback1 Vendor Homepage: https://www.acl.com Software Link: https://www.acl.com/products/acl-analytics/ Version: 11.x - 13.0.0.579 Tested on:...
Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit
Xion 1.0.125 - .m3u Local SEH-Based Unicode Venetian Exploit !/usr/bin/perl Title: Xion 1.0.125 .m3u File Local SEH-based Unicode The “Venetian” Exploit Vulnerability Type: Execute Code, Overflow UTF-16LE buffer, Memory corruption Date: Feb 18, 2018 Author: James Anderson synthetic Original...
Joomla Component ccNewsletter 2.x.x id - SQL Injection
Joomla Component ccNewsletter 2.x.x id - SQL Injection Exploit Title: Joomla Component ccNewsletter 2.x.x 'id' - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://www.chillcreations.com/ Software Link: https://extensions.joomla.org/extension/ccnewsletter/ Version: 2.x Stable...
Trend Micro Threat Discovery Appliance 2.6.1062r1 - dlp_policy_upload.cgi Remote Code Execution
Trend Micro Threat Discovery Appliance 2.6.1062r1 - dlppolicyupload.cgi Remote Code Execution !/usr/local/bin/python """ Trend Micro Threat Discovery Appliance /opt/TrendMicro/MinorityReport/bin/ Then, all we do is create /engptnstores/prod/sensorSDK/data/si/dlpkill.sh with malicious code and get...
Oracle E-Business Suite 12.1.312.2.x - Open Redirect
Oracle E-Business Suite 12.1.312.2.x - Open Redirect Exploit Title: Oracle E-Business suite Open Redirect Google Dork: inurl:OAHTML/cabo/ Date: April 2017 Exploit Author: author Vendor Homepage: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html Software Link: download li...
Joomla! Component JEXTN Video Gallery 3.0.5 - id SQL Injection
Joomla! Component JEXTN Video Gallery 3.0.5 - id SQL Injection Exploit Title: Joomla! Component JEXTN Video Gallery 3.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link:...
WebKit - WebCore::SVGPatternElement::collectPatternAttributes Out-of-Bounds Read
WebKit - WebCore::SVGPatternElement::collectPatternAttributes Out-of-Bounds Read / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1350 There is an out-of-bounds read security vulnerability in WebKit. The vulnerability was confirmed on ASan build of WebKit nightly. PoC:...
Shadowsocks - Log File Command Execution
Shadowsocks - Log File Command Execution X41 D-Sec GmbH Security Advisory: X41-2017-008 Multiple Vulnerabilities in Shadowsocks ======================================= Overview -------- Confirmed Affected Versions: Latest commit 2ab8c6b on Sep 6 Confirmed Patched Versions: N/A Vendor: Shadowsocks...
OpenText Documentum Content Server - Privilege Escalation
OpenText Documentum Content Server - Privilege Escalation !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to gain privileges of superuser: Content Server allows to upload content...
FLIR Thermal Camera FFCPTD - Information Disclosure
FLIR Thermal Camera FFCPTD - Information Disclosure FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures Vendor: FLIR Systems, Inc. Product web page: http://www.flir.com Affected version: Firmware version: 8.0.0.64 Software version: 10.0.2.43 Release: 1.4.1, 1.4, 1.3.4 GA,...
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection
Joomla! Component Huge-IT Portfolio Gallery Plugin 1.0.6 - SQL Injection Exploit Title Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6 Date: 2016-09-16 Exploit Author: Larry W. Cashdollar, @larry0 Vendor Homepage: http://huge-it.com/joomla-portfolio-gallery/ Software Link...
Microsoft Edge Chakra - Heap Buffer Overflow
Microsoft Edge Chakra - Heap Buffer Overflow IsCoroutine ... else InterpreterStackFrame::Setup setupfunction, args; sizet varAllocCount = setup.GetAllocationVarCount; //printf"varAllocCount: %d%X\r\n", varAllocCount, varAllocCount; sizet varSizeInBytes = varAllocCount sizeofVar; // // Allocate a...
WebKit - WebCore::AccessibilityNodeObject::textUnderElement Use-After-Free
WebKit - WebCore::AccessibilityNodeObject::textUnderElement Use-After-Free function go li.hidden = true; dir.setAttribute"aria-labeledby", "map"; !-- ================================================================= ASan log: =================================================================...
Net Monitor for Employees Pro 5.3.4 - Unquoted Service Path Privilege Escalation
Net Monitor for Employees Pro 5.3.4 - Unquoted Service Path Privilege Escalation Exploit Title: Unquoted Service Path Privilege Escalation - Net Monitor for Employees Pro gmail.com, saeid Nsecurity.org Linkedin: https://www.linkedin.com/in/saeidatabaki Vendor Homepage: http://networklookout.com/...
Piwigo Plugin Facetag 0.0.3 - SQL Injection
Piwigo Plugin Facetag 0.0.3 - SQL Injection Exploit Title: Facetag Extension in Piwigo, Multiple SQL injection Date: 30-05-2017 Extension Version: 0.0.3 Software Link: http://piwigo.org/basics/downloads Extension link : http://piwigo.org/ext/extensionview.php?eid=845 Exploit Author: Touhid M.Shai...
Tecnovision DLX Spot - Authentication Bypass
Tecnovision DLX Spot - Authentication Bypass Exploit Title: DlxSpot - Player4 LED video wall - Admin Interface SQL Injection Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/...
Tecnovision DLX Spot - Arbitrary File Upload
Tecnovision DLX Spot - Arbitrary File Upload Exploit Title: DlxSpot - Player4 LED video wall - Arbitrary File Upload to RCE Google Dork: "DlxSpot - Player4" Date: 2017-05-14 Discoverer: Simon Brannstrom Authors Website: https://unknownpwn.github.io/ Vendor Homepage: http://www.tecnovision.com/...