41207 matches found
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...
FLIR Brickstream 3D+ - RTSP Stream Disclosure
FLIR Brickstream 3D+ - RTSP Stream Disclosure FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842 Api: 1.0.0 Node: 0.10.33 Onvif: 0.1.1.47 Summary: The Brickstream...
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting Exploit Title: ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting Date: 2018-09-11 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link :...
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection Exploit Title: iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20 – XML External Entity Injection Google Dork: N/A Date: 2018-09-27 Exploit Author: Sureshbabu Narvaneni Author Blog : https://nullnews.in Vendor...
WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free
WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free function eventhandler2 try var var00138 = svgvar00013.parentNode; catche try htmlvar00006.setAttribute"onfocusin", "eventhandler2"; catche try svgvar00001.aftervar00138; catche function eventhandler5 try...
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege
Microsoft Windows - Double Dereference in NtEnumerateKey Elevation of Privilege Windows: Double Dereference in NtEnumerateKey Elevation of Privilege Platform: Windows 10 1803 not vulnerable in earlier versions Class: Elevation of Privilege Summary: A number of registry system calls do not correct...
XAMPP Control Panel 3.2.2 - Denial of Service (PoC)
XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Title: XAMPP Control Panel 3.2.2 - Denial of Service PoC Exploit Author: Gionathan "John" Reale Date: 2018-09-14 Software: XAMPP Version: 3.2.2 / 7.2.9 Newest version at time of writing Download:...
mooSocial Store Plugin 2.6 - SQL Injection
mooSocial Store Plugin 2.6 - SQL Injection Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL:...
Vox TG790 ADSL Router - Cross-Site Scripting
Vox TG790 ADSL Router - Cross-Site Scripting Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are ab...
TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
TP-Link WR840N 0.9.1 3.16 - Denial of Service PoC Exploit Title: TP-Link WR840N 0.9.1 3.16 - Denial of Service PoC Exploit Author: Aniket Dinda Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q...
WebkitGTK+ 2.20.3 - ImageBufferCairo::getImageData() Buffer Overflow (PoC)
WebkitGTK+ 2.20.3 - ImageBufferCairo::getImageData Buffer Overflow PoC Exploit Title: WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData' Buffer Overflow PoC Date: 2018-08-15 Exploit Author: PeregrineX Vendor Homepage: https://webkitgtk.org/ & https://webkit.org/wpe/ Software Link:...
Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation
Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation / Exploit Title: Solaris/OpenSolaris AVS kernel code execution Google Dork: if applicable Date: 24/7/2018 Exploit Author: mu-b Vendor Homepage: oracle.com Software Link: Version: Solaris 10, Solaris Sun Opensolaris include include include...
GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)
GetGo Download Manager 6.2.1.3200 - Denial of Service PoC Exploit Title: GetGo Download Manager 6.2.1.3200 - Buffer Overflow Denial of Service Date: 2018-07-25 Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2017-17849 Tested On: Windows 7 x86, Windows 10 x64 Details The...
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Denial of Service
Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 buil...
Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow
Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow Exploit Title: Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 Date: 14-12-2017 Exploit Author: Maurice Heumann Contact: https://twitter.com/momo5502?lang=en Website: https://momo5502.co...
Splunk 7.0.1 - Information Disclosure
Splunk 7.0.1 - Information Disclosure Exploit Title: Splunk 7.0.1 - Information Disclosure Date: 2018-05-23 Exploit Author: KoF2002 Vendor Homepage: https://www.splunk.com/ Version: 6.2.3 - 7.01 MAYBE ALL VERSION AFFECTED Tested on: Linux OS CVE : CVE-2018-11409 Splunk through 6.2.3 7.0.1 allows...
School Management System CMS 1.0 - username SQL Injection
School Management System CMS 1.0 - username SQL Injection Exploit Title: School Management System CMS 1.0 - Admin Login SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage:...
VirtueMart 3.1.14 - Persistent Cross-Site Scripting
VirtueMart 3.1.14 - Persistent Cross-Site Scripting Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting Date: 2018-02-25 Software Link: http://virtuemart.net/ Exploit Author: Mattia Furlani CVE: CVE-2018-7465 Category: webapps 1. Description An XSS issue was discovered in VirtueMar...
Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass
Interspire Email Marketer 6.1.6 - Remote Admin Authentication Bypass ''' Exploit Title: Interspire Email Marketer - Remote Admin Authentication Bypass Google Dork: intitle:"Control Panel" + emailmarketer Date: 4-22-18 Exploit Author: devcoinfet Vendor Homepage: www.interspire.com/emailmarketer...
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free (Pwn2Own 2017) (PoC)
VMware Workstation 12.5.2 - Drag n Drop Use-After-Free Pwn2Own 2017 PoC char initialdnd = "tools.capability.dndversion 4"; static const int cbObj = 0x100; char seconddnd = "tools.capability.dndversion 2"; char chgver = "vmx.capability.dndversion"; char calltransport = "dnd.transport "; char...
Microsoft Edge - OpenProcess() ACG Bypass
Microsoft Edge - OpenProcess ACG Bypass Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02...
Barco ClickShare CSE-200 - Remote Denial of Service
Barco ClickShare CSE-200 - Remote Denial of Service !/usr/bin/python Exploit Title: Barco ClickShare CSE-200 - Remote Denial of Service Date: 11-04-2018 Hardware Link: https://www.barco.com/de/product/clickshare-cse-200 Exploit Author: Florian Hauser Contact: florian DOT g DOT hauser AT gmail DOT...
DLink DIR-601 - Admin Password Disclosure
DLink DIR-601 - Admin Password Disclosure Exploit Title: DLink DIR-601 Unauthenticated Admin password disclosure Google Dork: N/A Date: 12/24/2017 Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windo...
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
Frog CMS 0.9.5 - Cross-Site Request Forgery Add User Exploit Title: Cross Site Request Forgery- Frog CMS Date: 31-03-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Versio...
Systematic SitAware - NVG Denial of Service
Systematic SitAware - NVG Denial of Service Exploit Title: SitAware NVG Denial of Service Date: 03/31/2018 Exploit Author: 2u53 Vendor Homepage: https://systematic.com/defence/products/c2/sitaware/ Version: 6.4 SP2 Tested on: Windows Server 2012 R2 CVE: CVE-2018-9115 Remarks: PoC needs bottlypy:...
Microsoft Windows Remote Assistance - XML External Entity Injection
Microsoft Windows Remote Assistance - XML External Entity Injection Exploit Title: Microsoft Windows Remote Assistance XXE Date: 27/03/2018 Exploit Author: Nabeel Ahmed Tested on: Windows 7 x64, Windows 10 x64 CVE : CVE-2018-0878 Category: Remote Exploits Invitation.msrcincident...
Easy Avi Divx Xvid to DVD Burner 2.9.11 - .avi Denial of Service
Easy Avi Divx Xvid to DVD Burner 2.9.11 - .avi Denial of Service !/usr/bin/python Exploit Title : Easy Avi Divx Xvid to DVD Burner v2.9.11 - Local Denial of Service Exploit Author : Hashim Jawad Twitter : @ihack4falafel Author Website : ihack4falafel.com Vendor Homepage :...
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow
Allok Quicktime to AVI MPEG DVD Converter 4.6.1217 - Stack-Based Buffer Overflow SWAMI KARUPASAMI THUNAI Exploit Title: Allok Video Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions...
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation
Google Software Updater macOS - Unsafe use of Distributed Objects Privilege Escalation / Google software updater ships with Chrome on MacOS and installs a root service com.google.Keystone.Daemon.UpdateEngine which lives here:...
TextPattern 4.6.2 - qty SQL Injection
TextPattern 4.6.2 - qty SQL Injection ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...
Sophos UTM 9.410 - loginuser confd Service Privilege Escalation
Sophos UTM 9.410 - loginuser confd Service Privilege Escalation KL-001-2018-007 : Sophos UTM 9 loginuser Privilege Escalation via confd Service Title: Sophos UTM 9 loginuser Privilege Escalation via confd Service Advisory ID: KL-001-2018-007 Publication Date: 2018.03.02 Publication URL:...
Joomla! Component Advertisement Board 3.1.0 - catname SQL Injection
Joomla! Component Advertisement Board 3.1.0 - catname SQL Injection Exploit Title: Joomla! Component Advertisement Board 3.1.0 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://ordasoft.com/ Software Link:...
GNU binutils 2.26.1 - Integer Overflow (PoC)
GNU binutils 2.26.1 - Integer Overflow PoC Exploit Title: Objdump - Integer Overflow Crash POC Date: 12.02.2018 Exploit Author: r4xis Tested Version: 2.26.1 Vuln Version: \nint mainprintf"HelloWorld!\n"; return 0;" f = open"helloWorld.c", 'w' f.writehello f.close os.system"gcc -c helloWorld.c -o...
Real Estate Custom Script - route SQL Injection
Real Estate Custom Script - route SQL Injection Exploit Title: Real Estate Custom Script - 'route' SQL Injection Date: 2018-01-31 Exploit Author: 8bitsec Vendor Homepage: https://codecanyon.net/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 1.0 Tested on:...
Advantech WebAccess 8.3 - SQL Injection
Advantech WebAccess 8.3 - SQL Injection !/usr/bin/python2.7 Exploit Title: Advantech WebAccess BWSCADARest Login Method SQL Injection Authentication Bypass Vulnerability Date: 01-13-2018 Exploit Author: Chris Lyne @lynerc Vendor Homepage: www.advantech.com Software Link:...
systemd (systemd-tmpfiles) 236 - fs.protected_hardlinks0 Local Privilege Escalation
systemd systemd-tmpfiles 236 - fs.protectedhardlinks0 Local Privilege Escalation Product: systemd systemd-tmpfiles Versions-affected: 236 and earlier Author: Michael Orlitzky Fixed-in: commit 5579f85 , version 237 Bug-report: https://github.com/systemd/systemd/issues/7736 Acknowledgments: Lennart...
RISE 1.9 - search SQL Injection
RISE 1.9 - search SQL Injection Exploit Title: RISE Ultimate Project Manager 1.9 - SQL Injection Exploit Author: Ahmad Mahfouz Contact: http://twitter.com/eln1x Date: 30/12/2017 CVE: CVE-2017-17999 Vendor Homepage: http://fairsketch.com/ Version: 1.9 POST...
Photos in Wifi 1.0.1 - Path Traversal
Photos in Wifi 1.0.1 - Path Traversal Document Title: =============== Photos in Wifi 1.0.1 iOS - Path Traversal Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1600 Release Date: ============= 2018-01-04 Vulnerability Laboratory ID VL-I...
Trustwave SWG 11.8.0.27 - SSH Unauthorized Access
Trustwave SWG 11.8.0.27 - SSH Unauthorized Access Vulnerability Summary The following advisory describes an unauthorized access vulnerability that allows an unauthenticated user to add their own SSH key to a remote Trustwave SWG version 11.8.0.27. Trustwave Secure Web Gateway SWG “provides...
Sync Breeze 10.2.12 - Denial of Service
Sync Breeze 10.2.12 - Denial of Service ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...
Joomla! Component JEXTN Video Gallery 3.0.5 - id SQL Injection
Joomla! Component JEXTN Video Gallery 3.0.5 - id SQL Injection Exploit Title: Joomla! Component JEXTN Video Gallery 3.0.5 - SQL Injection Dork: N/A Date: 13.12.2017 Vendor Homepage: http://jextn.com/ Software Link:...
FS Indiamart Clone 1.0 - token id c SQL Injection
FS Indiamart Clone 1.0 - token id c SQL Injection Exploit Title: FS Indiamart Clone 1.0 - SQL Injection Dork: N/A Date: 08.12.2017 Vendor Homepage: https://fortunescripts.com/ Software Link: https://fortunescripts.com/product/indiamart-clone/ Demo: http://indiamart-clone.demonstration.co.in/...
Perspective ICM Investigation Case 5.1.1.16 - Privilege Escalation
Perspective ICM Investigation Case 5.1.1.16 - Privilege Escalation Exploit Title: Privilege Escalation - Perspective ICM Investigation & Case - 5.1.1.16 Date Reported to vendor: Jun 28, 2017 Date Accepted by vendor: Jun 11, 2017 Exploit Author: [email protected] Vendor Homepage:...
Kirby CMS 2.5.7 - Cross-Site Scripting
Kirby CMS 2.5.7 - Cross-Site Scripting Exploit Title: KirbyCMS 2.5.7 Stored Cross Site Scripting Vendor Homepage: https://getkirby.com/ Software Link: https://getkirby.com/try Discovered by: Ishaq Mohammed Contact: https://twitter.com/securityprince Website: https://about.me/security-prince...
Vastal I-Tech Dating Zone 0.9.9 - product_id SQL Injection
Vastal I-Tech Dating Zone 0.9.9 - productid SQL Injection Exploit Title: Vastal I-Tech Dating Zone 0.9.9 - 'productid' Parameter SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://vastal.com/ Software http://vastal.com/dating-zone-the-dating-software.html Demo:...
D-Park Pro 1.0 - SQL Injection
D-Park Pro 1.0 - SQL Injection Username: Password:...
Trend Micro OfficeScan 11.0XG (12.0) - Remote Code Execution (Metasploit)
Trend Micro OfficeScan 11.0XG 12.0 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Trend Micro OfficeScan Remote Code Execution", 'Description' = %q This modul...
Wireless Repeater BE126 - Local File Inclusion
Wireless Repeater BE126 - Local File Inclusion Exploit Title: WIFI Repeater BE126 – Local File Inclusion Date Publish: 23/08/2017 Exploit Authors: Hay Mizrachi, Omer Kaspi Contact: [email protected], [email protected] Vendor Homepage: http://www.twsz.com Category: Webapps Version: 1.0 Tested...
ClipBucket 2.8.3 - Multiple Vulnerabilities
ClipBucket 2.8.3 - Multiple Vulnerabilities @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title ClipBucket 2.8.3 - Multiple Vulnerabilities .:. Google Dorks .:. "Forged by ClipBucket" inurl:viewcollection.php?cid= .:. Date: August 15, 2017 .:...
Unitrends UEB 9.1 - Authentication Bypass Remote Command Execution
Unitrends UEB 9.1 - Authentication Bypass Remote Command Execution Exploit Title: Unauthenticated root RCE for Unitrends UEB 9.1 Date: 08/08/2017 Exploit Authors: Cale Smith, Benny Husted, Jared Arave Contact: https://twitter.com/iotennui || https://twitter.com/BennyHusted ||...