41207 matches found
Horde Webmail 5.2.22 - Multiple Vulnerabilities
Horde Webmail 5.2.22 - Multiple Vulnerabilities Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...
Instagram Auto Follow - Authentication Bypass
Instagram Auto Follow - Authentication Bypass Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Date: 2019-05-01 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux...
EPChallenge
Yet another crack me! it implements several protections for antidebugging. Objective: Find the flag to solve the crackme. // Author jsacco include include define DEBUGBREAKa ifa if IsDebuggerPresent debugbreak HINSTANCE ghInst; const wchart lpClassName = L"WinApp"; define LOCALMAXBUFFER 2048 HWND...
DeviceViewer 3.12.0.1 - user SEH Overflow
DeviceViewer 3.12.0.1 - user SEH Overflow Exploit Title: DeviceViewer v3.12.0.1 username field SEH overflow PoC Discovery Date: 25/04/2019 Exploit Author: Hayden Wright Vendor Homepage: www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on:...
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery Exploit Title: JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings aka a SetWiFiSetting request to cgi-bin/qcmapwebcgi Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage:...
Airbnb Clone Script - Multiple SQL Injection
Airbnb Clone Script - Multiple SQL Injection Exploit Title: Homey BNB Airbnb Clone Script - Multiple SQL Injection Date: 27.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.doditsolutions.com/airbnb-clone-script/ Demo Site: http://sitedemos.in/homeybnb/ Version: V4 Tested on...
Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion
Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion ''' Exploit Title: Thomson Reuters Concourse & Firm Central 2.13.0097 - Directory Traversal & Local File Inclusion Date: 02/13/2019 Exploit Author: 0v3rride Vendor Homepage:...
BigTree 4.3.4 CMS - Multiple SQL Injection
BigTree 4.3.4 CMS - Multiple SQL Injection =========================================================================================== Exploit Title: BigTree CMS - 'parent' SQL Inj. Dork: N/A Date: 24-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.bigtreecms.org/ Software...
The Company Business Website CMS - Multiple Vulnerabilities
The Company Business Website CMS - Multiple Vulnerabilities Exploit Title: The Company Business Website CMS - 'username' SQL Injection Date: 20.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.codester.com/items/6806/the-company-business-website-cms Demo Site:...
Netartmedia PHP Car Dealer - SQL Injection
Netartmedia PHP Car Dealer - SQL Injection Exploit Title: Netartmedia PHP Car Dealer- SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/autodealer/ Demo Site: https://www.phpscriptdemos.com/autodealer/ Version: Lastest Tested on: Kali...
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
Intel Modular Server System 10.18 - Cross-Site Request Forgery Change Admin Password history.pushState'', 't00t', 'index.php'...
Joomla! Component J2Store 3.3.7 - SQL Injection
Joomla! Component J2Store 3.3.7 - SQL Injection Exploit Title: J2Store Plugin for Joomla! 3.3.6 - SQL Injection Date: 19/02/2019 Author: Andrei Conache Twitter: @andreiconache Contact: andrei.conacheatprotonmail.com Software Link: https://www.j2store.org Version: 3.x-3.3.6 Tested on: Linux CVE:...
snapd 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (1)
snapd 2.37 Ubuntu - dirtysock Local Privilege Escalation 1 !/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository...
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins user...
devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery
devolo dLAN 550 duo+ Starter Kit - Cross-Site Request Forgery devolo dLAN 550 duo+ Starter Kit Cross-Site Request Forgery Vendor: devolo AG Product web page: https://www.devolo.com Affected version: dLAN 500 AV Wireless+ 3.1.0-1 i386 Summary: Devolo dLAN® 550 duo+ Starter Kit is Powerlineadapter...
AMAC Address Change 5.4 - Denial of Service (PoC)
AMAC Address Change 5.4 - Denial of Service PoC Exploit Title: a-Mac Address Change v5.4 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://amac.paqtool.com/ Software Link : http://amac.paqtool.com/ Tested Version: 5.4 Tested on: Windows XP SP3...
Joomla! Component vBizz 1.0.7 - Remote Code Execution
Joomla! Component vBizz 1.0.7 - Remote Code Execution Exploit Title: Joomla! Component vBizz 1.0.7 - Remote Code Execution Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting Exploit Title: Cross-site Scripting XSS Date: 2019-01-15 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3...
NTPsec 1.1.2 - ntp_control (Authenticated) NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - ntpcontrol Authenticated NULL Pointer Dereference PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated NULL pointer exception Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website:...
PEAR Archive_Tar 1.4.4 - PHP Object Injection
PEAR ArchiveTar 1.4.4 - PHP Object Injection PEAR ArchiveTar temptarname will be called in the destructor method. If another class with useful gadget is loaded, remote code execution may be possible. Steps to reproduce object injection and arbitrary file deletion: 1. Make sure that PHP & PEAR are...
Deepin Linux 15 - lastore-daemon Local Privilege Escalation
Deepin Linux 15 - lastore-daemon Local Privilege Escalation !/bin/bash Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in...
Netatalk 3.1.12 - Authentication Bypass (PoC)
Netatalk 3.1.12 - Authentication Bypass PoC import socket import struct import sys if lensys.argv != 3: sys.exit0 ip = sys.argv1 port = intsys.argv2 sock = socket.socketsocket.AFINET, socket.SOCKSTREAM print "+ Attempting connection to " + ip + ":" + sys.argv2 sock.connectip, port dsipayload =...
IBM Operational Decision Manager 8.x - XML External Entity Injection
IBM Operational Decision Manager 8.x - XML External Entity Injection Exploit Title: XML External Entity Injection XXE Date: 2018-12-18 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10744149 Version: v8.6 - v8.7 - v8.8 ...
Paramiko 2.4.1 - Authentication Bypass
Paramiko 2.4.1 - Authentication Bypass Exploit Title: Paramiko 2.4.1 - Authentication Bypass Date: 2018-10-27 Exploit Author: Adam Brown Vendor Homepage: https://www.paramiko.org Software Link: https://github.com/paramiko/paramiko/tree/v1.15.2 Version: 1.17.6, 1.18.x 1.18.5, 2.0.x 2.0.8, 2.1.x...
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 O...
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Date: 2018-09-05 Exploit Author: Marko Jokic Contact:...
WirelessHART Fieldgate SWG70 3.0 - Directory Traversal
WirelessHART Fieldgate SWG70 3.0 - Directory Traversal Exploit Title: WirelessHART Fieldgate SWG70 3.0 - Directory Traversal Date: 2018-08-29 Exploit Author: Hamit CİBO Vendor Homepage: http://endress.com Software Link:...
Tenda ADSL Router D152 - Cross-Site Scripting
Tenda ADSL Router D152 - Cross-Site Scripting Exploit Title: Tenda D152 ADSL Router - Cross-Site Scripting Exploit Author: Sandip Dey Date: 2018-07-21 Vendor Homepage: http://www.tendacn.com Hardware Link:...
NASA openVSP 3.16.1 - Denial of Service (PoC)
NASA openVSP 3.16.1 - Denial of Service PoC Exploit Title: NASA openVSP 3.16.1 - Denial of Service PoC Exploit Author : L0RD Date: 2018-08-28 Vendor Homepage : https://software.nasa.gov/software/LAR-17491-1 Software link: https://github.com/nasa/OpenVSP Version: 3.16.1 Tested on: Windows 10 CVE:...
Sitecore.Net 8.1 - Directory Traversal
Sitecore.Net 8.1 - Directory Traversal Exploit Title: Sitecore.Net 8.1 - Directory Traversal Date: 2018-04-23 CVE: CVE-2018-7669 Researcher: Chris Moberly at The Missing Link Security Vendor: Sitecore Version: CMS - 8.1 and up earlier versions untested Authentication required: Yes An issue was...
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External...
Microsoft Windows Kernel - win32k!NtUserConsoleControl Denial of Service (PoC)
Microsoft Windows Kernel - win32k!NtUserConsoleControl Denial of Service PoC / Exploit Title: Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service PoC Author: vportal Date: 2018-07-27 Vendor homepage: http://www.microsoft.com Version: Windows 7 x86 Tested on: Windows 7 x86...
Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit)
Micro Focus Secure Messaging Gateway SMG 471 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution",...
LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)
LFCMS 3.7.0 - Cross-Site Request Forgery Add Admin Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: administrator account can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203899.html Software Link:...
Monstra CMS 3.0.4 - Cross-Site Scripting (1)
Monstra CMS 3.0.4 - Cross-Site Scripting 1 Title: Monstra CMS www.target.com' url = input'Target : ' print' Required admin's PHPSESSID.' PHPSESSID = input'PHPSESSID : ' pagename = input'Pagename : ' script = input'Script : ' target = 'http://' + url + '/admin/index.php?id=pages&action=addpage'...
AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass
AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in...
VirtueMart 3.1.14 - Persistent Cross-Site Scripting
VirtueMart 3.1.14 - Persistent Cross-Site Scripting Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting Date: 2018-02-25 Software Link: http://virtuemart.net/ Exploit Author: Mattia Furlani CVE: CVE-2018-7465 Category: webapps 1. Description An XSS issue was discovered in VirtueMar...
GNU wget - Cookie Injection
GNU wget - Cookie Injection GNU Wget Cookie Injection CVE-2018-0494 ========================================= The latest version of this advisory is available at: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt Overview -------- GNU Wget is susceptible to a malicious web server...
Cobub Razor 0.8.0 - Physical Path Leakage
Cobub Razor 0.8.0 - Physical Path Leakage Exploit Title: Cobub Razor 0.8.0 Physical path Leakage Vulnerability Date: 2018-04-19 Exploit Author: Kyhvedn Vendor Homepage: http://www.cobub.com/ Software Link: https://github.com/cobub/razor Version: 0.8.0 CVE : CVE-2018-8770 PoC: URL:...
Microsoft Edge - OpenProcess() ACG Bypass
Microsoft Edge - OpenProcess ACG Bypass Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02...
WordPress Plugin Simple Fields 0.2 - 0.3.5 - LocalRemote File Inclusion Remote Code Execution
WordPress Plugin Simple Fields 0.2 - 0.3.5 - LocalRemote File Inclusion Remote Code Execution Exploit Title: Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE Date: 2018-04-08 Exploit Author: Graeme Robinson Contact: @Grasec Vendor Homepage: http://simple-fields.com Software Link:...
WampServer 3.1.2 - Cross-Site Request Forgery
WampServer 3.1.2 - Cross-Site Request Forgery Exploit Title: WampServer 3.1.2 CSRF to add or delete any virtual hostsremotely Date: 31-03-2018 Software Link: http://www.wampserver.com/en/ Version: 3.1.2 Tested On: Windows 10 Exploit Author: Vipin Chaudhary Contact: http://twitter.com/vipinxsec...
Frog CMS 0.9.5 - Cross-Site Request Forgery (Add User)
Frog CMS 0.9.5 - Cross-Site Request Forgery Add User Exploit Title: Cross Site Request Forgery- Frog CMS Date: 31-03-2018 Exploit Author: Samrat Das Contact: http://twitter.com/SamratDas93 Website: https://securitywarrior9.blogspot.in/ Vendor Homepage: https://github.com/philippe/FrogCMS Versio...
Tenda FH303A300 Firmware v5.07.68_EN - Remote DNS Change
Tenda FH303A300 Firmware v5.07.68EN - Remote DNS Change Tenda FH303/A300 Firmware V5.07.68EN Cookie Session Weakness Remote DNS Change PoC Copyright 2018 c Todor Donev https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Once modified, systems use foreign DNS servers, which are usual...
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection
Joomla! Component AcySMS 3.5.0 - CSV Macro Injection Exploit Title: Joomla! Component AcySMS 3.5.0 CSV Macro Injection Google Dork: N/A Date: 22-03-2018 Exploit Author: Sureshbabu Narvaneni Vendor Homepage: https://www.acyba.com Software Link:...
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File ReadWrite Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File ReadWrite Privilege Escalation Windows: Windows: Desktop Bridge Virtual Registry Arbitrary File Read/Write EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the virtual...
Vehicle Sales Management System - Multiple Vulnerabilities
Vehicle Sales Management System - Multiple Vulnerabilities Exploit Title: VSMS Multiple Vulnerabilities Google Dork: N/A Date: 16-3-2018 Exploit Author: Sing Vendor Homepage: https://sourceforge.net/projects/vsms-php/?source=typredirect Software Link:...
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
Joomla! Component Kubik-Rubik Simple Image Gallery Extended SIGE 3.2.3 - Cross-Site Scripting Exploit Title: Joomla! Component SIGE version 3. Solution: Update to version 3.3.0 https://downloads.kubik-rubik.de/joomla-extensions/plgsigev3.3.0.zip...
Joomla! Component JomEstate PRO 3.7 - id SQL Injection
Joomla! Component JomEstate PRO 3.7 - id SQL Injection Exploit Title: Joomla! Component JomEstate PRO = 3.7 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://comdev.eu/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jomestate-pro/...
Pdfium - Pattern Shading Integer Overflows
Pdfium - Pattern Shading Integer Overflows This vulnerability relies on several minor oversights in the handling of shading patterns in pdfium, I'll try to detail all of the issues that could be fixed to harden the code against similar issues. The DrawXShading functions in cpdfrenderstatus.cpp re...