41207 matches found
Apache Roller 5.0.3 - XML External Entity Injection (File Disclosure)
Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Exploit Title: Apache Roller 5.0.3 - XML External Entity Injection File Disclosure Google Dork: intext:"apache roller weblogger version vulnerableversionnumber" Date: 2018-09-05 Exploit Author: Marko Jokic Contact:...
FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution
FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution Exploit Title: FUJI XEROX DocuCentre-V 3065 Printer - Remote Command Execution Date: 2018-09-05 Exploit Author: vrsystem Vendor Homepage: https://www.fujixerox.com.cn/ Software Link: https://www.fujixerox.com.cn/ Version:...
NASA openVSP 3.16.1 - Denial of Service (PoC)
NASA openVSP 3.16.1 - Denial of Service PoC Exploit Title: NASA openVSP 3.16.1 - Denial of Service PoC Exploit Author : L0RD Date: 2018-08-28 Vendor Homepage : https://software.nasa.gov/software/LAR-17491-1 Software link: https://github.com/nasa/OpenVSP Version: 3.16.1 Tested on: Windows 10 CVE:...
Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure
Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure Exploit Title: Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure Date: 2018-07-16 WebPage: https://CTRLu.net/ Vendor Homepage: http://www.eaton.com/ Vendor Advisory:...
Zimbra 8.6.0_GA_1153 - Cross-Site Scripting
Zimbra 8.6.0GA1153 - Cross-Site Scripting Exploit Title: Xss Zimbra Mail server Google Dork: Date: 2018/08/10 Exploit Author: Dinbar78 Vendor Homepage: https://www.zimbra.com/ Version: 8.6.0GA1153 build 20141215151110 bug 103609 or CVE-2016-3411 Payload: es. https://...
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection
Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External...
VMware NSX SD-WAN Edge 3.1.2 - Command Injection
VMware NSX SD-WAN Edge 3.1.2 - Command Injection !/usr/bin/env python Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud Date: 2018-06-29 Exploit Author: paragonsec @ Critical Start Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start...
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting
DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Date: 2018-06-25 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W Category:...
DIGISOL DG-BR4000NG - Buffer Overflow (PoC)
DIGISOL DG-BR4000NG - Buffer Overflow PoC Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow PoC Date 2018-06-24 Vendor Homepage† http://www.digisol.com Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK Version: DIGISOL DG-BR4000NG Wireless Router Catego...
LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)
LFCMS 3.7.0 - Cross-Site Request Forgery Add Admin Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: administrator account can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203899.html Software Link:...
Library CMS 1.0 - SQL Injection
Library CMS 1.0 - SQL Injection Exploit Title: Library CMS 1.0 - SQL Injection Dork: N/A Date: 23.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor : Wecodex Solutions Vendor Homepage: https://www.wecodex.com/item/view/library-management-system-in-php-and-mysql/1 Version: 1.0 Category:...
AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass
AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in...
WordPress Plugin Form Maker 1.12.20 - CSV Injection
WordPress Plugin Form Maker 1.12.20 - CSV Injection Exploit Title: Wordpress Plugin Form Maker version 1.12.20 vulnerable to to Formula Injection CSV Injection Google Dork: N/A Date: 27-04-2018 Exploit Author: Jetty Sairam Software Link: https://wordpress.org/plugins/form-maker/ Affected Version:...
Open-AudIT 2.1 - CSV Macro Injection
Open-AudIT 2.1 - CSV Macro Injection Hi Guys, Exploit Title: Open-AudIT 2.1 - CSV Macro Injection Vulnerability Google Dork: N/A Date: 21-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: https://opmantek.com Software Link:...
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities
Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Exploit Author: bzyo CVE: CVE-2018-10077, CVE-2018-10078, CVE-2018-10079 Twitter: @bzyo Exploit Title: Geist WatchDog Console 3.2.2 - Multiple Vulnerabilities Date: 04-17-18 Vulnerable Software: WatchDog Console - 3.2.2 Vendor Homepage:...
Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix
Microsoft Windows - CiSetFileCache TOCTOU Incomplete Fix Windows: CiSetFileCache TOCTOU CVE-2017-11830 Incomplete Fix Platform: Windows 10 1709 including Win10S Class: Security Feature Bypass Summary: The fix for CVE-2017-11830 is insufficient to prevent a normal user application adding a cached...
WordPress Plugin Background Takeover 4.1.4 - Directory Traversal
WordPress Plugin Background Takeover 4.1.4 - Directory Traversal Exploit Title: WP Background Takeover, Directory Traversal = 4.1.4 Google Dork: inurl:/plugins/wpsite-background-takeover Date: 2018-03-08 Exploit Author: Colette Chamberland, Defiant, Inc. Vendor Homepage: https://99robots.com...
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass
FiberHome VDSL2 Modem HG 150-UB - Authentication Bypass Exploit Title: FiberHome VDSL2 Modem HG 150-UB Authentication Bypass Date: 04/03/2018 Exploit Author: Noman Riffat Vendor Homepage: http://www.fiberhome.com/ CVE : CVE-2018-9248, CVE-2018-9248 The vulnerability exists in plain text & hard...
DLink DIR-601 - Admin Password Disclosure
DLink DIR-601 - Admin Password Disclosure Exploit Title: DLink DIR-601 Unauthenticated Admin password disclosure Google Dork: N/A Date: 12/24/2017 Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windo...
Systematic SitAware - NVG Denial of Service
Systematic SitAware - NVG Denial of Service Exploit Title: SitAware NVG Denial of Service Date: 03/31/2018 Exploit Author: 2u53 Vendor Homepage: https://systematic.com/defence/products/c2/sitaware/ Version: 6.4 SP2 Tested on: Windows Server 2012 R2 CVE: CVE-2018-9115 Remarks: PoC needs bottlypy:...
Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow
Allok Video Joiner 4.6.1217 - Stack-Based Buffer Overflow SWAMI KARUPASAMI THUNAI Exploit Title: Alloksoft Video joiner 4.6.1217 - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Vulnerable...
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File ReadWrite Privilege Escalation
Microsoft Windows - Desktop Bridge Virtual Registry Arbitrary File ReadWrite Privilege Escalation Windows: Windows: Desktop Bridge Virtual Registry Arbitrary File Read/Write EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the virtual...
Contec Smart Home 4.15 - Unauthorized Password Reset
Contec Smart Home 4.15 - Unauthorized Password Reset Title : Contec smart home 4.15 Unauthorized Password Reset Shodan Dork : "content/smarthome.php" Vendor Homepage : http://contec.co.il Tested on : Google Chrome Tested version : 4.15 Date : 2018-03-14 Author : Z3ro0ne Contact :...
TextPattern 4.6.2 - qty SQL Injection
TextPattern 4.6.2 - qty SQL Injection ============================================= MGC ALERT 2018-002 - Original release date: February 12, 2018 - Last revised: March 12, 2018 - Discovered by: Manuel García Cárdenas - Severity: 7,1/10 CVSS Base Score - CVE-ID: CVE-2018-7474...
DEWESoft X3 SP1 (64-bit) - Remote Command Execution
DEWESoft X3 SP1 64-bit - Remote Command Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DEWESOFT-X3-REMOTE-INTERNAL-COMMAND-ACCESS.txt + ISR: Apparition Security Vendor: ============= www.dewesoft.com Product:...
ActivePDF Toolkit 8.1.0.19023 - Multiple Memory Corruptions
ActivePDF Toolkit 8.1.0.19023 - Multiple Memory Corruptions ActivePDF Toolkit 8.1.0 multiple RCE Introduction ============ The ActivePDF Toolkit is a Windows library which enhances business processes to stamp, stitch, merge, form-fill, add digital signatures, barcodes to PDF. Both .NET and native...
Joomla! Component PrayerCenter 3.0.2 - sessionid SQL Injection
Joomla! Component PrayerCenter 3.0.2 - sessionid SQL Injection Exploit Title: Joomla! Component PrayerCenter 3.0.2 - SQL Injection Dork: N/A Date: 22.02.2018 Vendor Homepage: http://www.mlwebtechnologies.com/ Software Link:...
Joomla! Component JS Autoz 1.0.9 - SQL Injection
Joomla! Component JS Autoz 1.0.9 - SQL Injection Exploit Title: Joomla! Component JS Autoz 1.0.9 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://www.joomsky.com/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/js-autoz/ Software...
Joomla! Component Kubik-Rubik Simple Image Gallery Extended (SIGE) 3.2.3 - Cross-Site Scripting
Joomla! Component Kubik-Rubik Simple Image Gallery Extended SIGE 3.2.3 - Cross-Site Scripting Exploit Title: Joomla! Component SIGE version 3. Solution: Update to version 3.3.0 https://downloads.kubik-rubik.de/joomla-extensions/plgsigev3.3.0.zip...
Advantech WebAccess 8.3.0 - Remote Code Execution
Advantech WebAccess 8.3.0 - Remote Code Execution Vulnerability Title: Advantech WebAccess Node8.3.0 "AspVBObj.dll" - Remote Code Execution Discovered by: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ CVE: CVE-2018-6911 Tested on: IE11 / Win10...
Oracle E-Business Suite 12.1.312.2.x - Open Redirect
Oracle E-Business Suite 12.1.312.2.x - Open Redirect Exploit Title: Oracle E-Business suite Open Redirect Google Dork: inurl:OAHTML/cabo/ Date: April 2017 Exploit Author: author Vendor Homepage: http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html Software Link: download li...
ImgHosting 1.5 - Cross-Site Scripting
ImgHosting 1.5 - Cross-Site Scripting Exploit Title: ImgHosting Image Storage System 1.5 - Cross-Site-Scripting Date: 12-01-2018 Exploit Author: Dennis Veninga Contact Author: d.veninga at networking4all.com Vendor Homepage: foxsash.com Version: 1.5 CVE-ID: CVE-2018-5479 ImgHosting – Image Storag...
Transmission - RPC DNS Rebinding
Transmission - RPC DNS Rebinding The transmission bittorrent client uses a client/server architecture, the user interface is the client and a daemon runs in the background managing the downloading, seeding, etc. Clients interact with the daemon using JSON RPC requests to a web server listening on...
Multiple CPUs - Information Leak Using Speculative Execution
Multiple CPUs - Information Leak Using Speculative Execution == INTRODUCTION == This is a bug report about a CPU security issue that affects processors by Intel, AMD and to some extent ARM. I have written a PoC for this issue that, when executed in userspace on an Intel Xeon CPU E5-1650 v3 machin...
Apple macOS - IOHIDSystem Kernel ReadWrite
Apple macOS - IOHIDSystem Kernel ReadWrite Sources: https://siguza.github.io/IOHIDeous/ https://github.com/Siguza/IOHIDeous/ IOHIDeous A macOS kernel exploit based on an IOHIDFamily 0day. Write-up here: https://siguza.github.io/IOHIDeous/ Notice The prefetch timing attack I'm using for hid for so...
SAP BusinessObjects launch pad - Server-Side Request Forgery
SAP BusinessObjects launch pad - Server-Side Request Forgery Exploit Title: SAP BusinessObjects launch pad SSRF Date: 2017-11-8 Exploit Author: Ahmad Mahfouz Category: Webapps Author Homepage: www.unixawy.com Description: Design Error in SAP BusinessObjects launch pad leads to SSRF attack...
Huawei Router HG532 - Arbitrary Command Execution
Huawei Router HG532 - Arbitrary Command Execution import threading, sys, time, random, socket, re, os, struct, array, requests from requests.auth import HTTPDigestAuth ips = opensys.argv1, "r".readlines cmd = "" Your MIPS SSHD rm = "\n \n \n $" + cmd + "\n$echo HUAWEIUPNP\n\n \n " class...
Sync Breeze 10.2.12 - Denial of Service
Sync Breeze 10.2.12 - Denial of Service ============================================= MGC ALERT 2017-007 - Original release date: November 30, 2017 - Last revised: December 14, 2017 - Discovered by: Manuel García Cárdenas - Severity: 7,5/10 CVSS Base Score - CVE-ID: CVE-2017-17088...
Perspective ICM Investigation Case 5.1.1.16 - Privilege Escalation
Perspective ICM Investigation Case 5.1.1.16 - Privilege Escalation Exploit Title: Privilege Escalation - Perspective ICM Investigation & Case - 5.1.1.16 Date Reported to vendor: Jun 28, 2017 Date Accepted by vendor: Jun 11, 2017 Exploit Author: [email protected] Vendor Homepage:...
Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow
Socusoft Photo 2 Video Converter 8.0.0 - Local Buffer Overflow Exploit Title: Socusoft Photo 2 Video Converter v8.0.0 Local Buffer Overflow Free and Professional variants Date: 01/12/2017 Exploit Author: Jason Magic ret2eax Vendor Homepage: www.socusoft.com Version: 8.0.0 Tested on: Windows Serve...
iTech Gigs Script 1.21 - SQL Injection
iTech Gigs Script 1.21 - SQL Injection Exploit Title: iTech Gigs Script 1.21 - SQL Injection Dork: N/A Date: 30.10.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/the-gigs-script/ Demo: http://gigs.itechscripts.com/ Version: 1.21 Category: Webapps Tested on:...
Mura CMS 6.2 - Server-Side Request Forgery XML External Entity Injection
Mura CMS 6.2 - Server-Side Request Forgery XML External Entity Injection Exploit Title: Mura CMS before 6.2 SSRF + XXE Date: 30-10-2017 Exploit Author: Anthony Cole Vendor Homepage: http://www.getmura.com/ Version: before 6.2 Contact: http://twitter.com/acole76 Website: http://twitter.com/acole76...
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Afian AB FileRun vulnerable version: 2017.03.18 fixed version: 2017.09.18 impact:...
OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection
OpenText Document Sciences xPression 4.5SP1 Patch 13 - documentId SQL Injection Title: OpenText Document Sciences xPression formerly EMC Document Sciences xPression - SQL Injection Author: Marcin Woloszyn Date: 27. September 2017 CVE: CVE-2017-14758 Affected Software: ================== OpenText...
PHPMyFAQ 2.9.8 - Cross-Site Scripting (1)
PHPMyFAQ 2.9.8 - Cross-Site Scripting 1 Exploit Title: phpMyFAQ 2.9.8 Stored XSS Vendor Homepage: http://www.phpmyfaq.de/ Software Link: http://download.phpmyfaq.de/phpMyFAQ-2.9.8.zip Exploit Author: Ishaq Mohammed Contact: https://twitter.com/securityprince Website:...
Digirez 3.4 - Cross-Site Request Forgery (Update Admin)
Digirez 3.4 - Cross-Site Request Forgery Update Admin !/usr/local/bin/python Exploit Title: Digirez 3.4 - Cross-Site Request Forgery Update User & Admin Dork: N/A Date: 18.09.2017 Vendor Homepage: http://www.digiappz.com/ Software Link: http://www.digiappz.com/index.asp Demo:...
Infinite Automation Mango Automation - Command Injection (Metasploit)
Infinite Automation Mango Automation - Command Injection Metasploit...
ZScada Modbus Buffer 2.0 - Stack Buffer Overflow (Metasploit)
ZScada Modbus Buffer 2.0 - Stack Buffer Overflow Metasploit require 'msf/core' class MetasploitModule 'ZScada Net Buffer Overflow', 'Description' = %q This module exploits a stack based buffer overflow found in Z-Scada Net 2.0. The vulnerability is triggered when parsing the response to a Modbus...
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting
Roteador Wireless Intelbras WRN150 - Cross-Site Scripting Exploit Title: XSS persistent on intelbras router with firmware WRN 250 Date: 07/09/2017 Exploit Author: Elber Tavares Vendor Homepage: http://intelbras.com.br/ Version: Intelbras Wireless N 150Mbps - WRN 240 Tested on: kali linux, windows...
REDDOXX Appliance Build 2032 2.0.625 - Arbitrary File Disclosure
REDDOXX Appliance Build 2032 2.0.625 - Arbitrary File Disclosure Advisory: Arbitrary File Disclosure with root Privileges via RdxEngine-API in REDDOXX Appliance RedTeam Pentesting discovered an arbitrary file disclosure vulnerability in the REDDOXX appliance software, which allows unauthenticated...