41207 matches found
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting
WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting Exploit Title: WordPress Plugin WooCommerce Product Feed = 2.2.18 - Cross-Site Scripting Date: 30 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage:...
Outlook Password Recovery 2.10 - Denial of Service
Outlook Password Recovery 2.10 - Denial of Service Exploit Title: Outlook Password Recovery v2.10 Denial of Service Exploit Date: 16.08.2019 Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/outlook-password-recovery.html Exploit Author: Velayutham Selvaraj...
Tableau - XML External Entity
Tableau - XML External Entity Exploit Title: Tableau XXE Google Dork: N/A Date: Reported to vendor July 2019, fix released August 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.tableau.com/ Software Link: Tableau Desktop downloads: https://www.tableau.com/products/desktop/download...
Agent Tesla Botnet - Arbitrary Code Execution (Metasploit)
Agent Tesla Botnet - Arbitrary Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Tesla Agent Remote Code Execution", 'Description' = %q This module exploits the command...
CISCO Small Business 200 300 500 Switches - Multiple Vulnerabilities
CISCO Small Business 200 300 500 Switches - Multiple Vulnerabilities Exploit Title: CISCO Small Business 200, 300, 500 Switches Multiple Vulnerabilities. Shodan query: /config/logoffpage.html Discovered Date: 07/03/2014 Reported Date: 08/04/2019 Exploit Author: Ramikan Website:...
LibreNMS 1.46 - addhost Remote Code Execution
LibreNMS 1.46 - addhost Remote Code Execution !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP...
UliCMS 2019.1 Spitting Lama - Persistent Cross-Site Scripting
UliCMS 2019.1 Spitting Lama - Persistent Cross-Site Scripting Exploit Title: UliCMS 2019.1 "Spitting Lama" - Stored Cross-Site Scripting Google Dork: intext:"by UliCMS" Date: 2019-05-12 Exploit Author: Unk9vvN Vendor Homepage: https://en.ulicms.de Software Link:...
Cyberoam General Authentication Client 2.1.2.7 - Server Address Denial of Service (PoC)
Cyberoam General Authentication Client 2.1.2.7 - Server Address Denial of Service PoC Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-23 Vendor Homepage: https://www.cyberoam.com Software Link:...
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition Privilege Escalation Windows: LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Window...
Microsoft Internet Explorer 11 - XML External Entity Injection
Microsoft Internet Explorer 11 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt + ISR: ApparitionSec Vendor...
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
ManageEngine ServiceDesk Plus 9.3 - User Enumeration Exploit Title: ManageEngine ServiceDesk Plus - 9.3 User enumeration vulnerability Date: 2019-03-29 Exploit Author: Operat0r Vendor Homepage: https://www.manageengine.com/ Software Link:...
FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)
FreeSMS 2.1.2 - SQL Injection Authentication Bypass Exploit Title: FreeSMS 2.1.2 - Authentication Bypass Date: 2019-04-03 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://freesms.sourceforge.io/ Software Link: https://sourceforge.net/projects/freesms/ Version: v2.1.2 Category: Webapps...
Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion
Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion ''' Exploit Title: Thomson Reuters Concourse & Firm Central 2.13.0097 - Directory Traversal & Local File Inclusion Date: 02/13/2019 Exploit Author: 0v3rride Vendor Homepage:...
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML !-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when...
FileZilla 3.40.0 - Local search Local site Denial of Service (PoC)
FileZilla 3.40.0 - Local search Local site Denial of Service PoC Exploit Title: FileZilla 3.40.0 - "Local search" Denial of Service PoC Discovery by: Mr Winst0n Discovery Date: February 20, 2019 Vendor Homepage: https://filezilla-project.org Software Link :...
Craft CMS 3.1.12 Pro - Cross-Site Scripting
Craft CMS 3.1.12 Pro - Cross-Site Scripting Exploit Title: Craft CMS 3.1.12 Pro - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://craftcms.com/ Software Link : https://github.com/craftcms/cms Software : Craft CMS 3.1.12 Pro Version : 3.1.12 Pro...
Ask Expert Script 3.0.5 - Cross Site Scripting SQL Injection
Ask Expert Script 3.0.5 - Cross Site Scripting SQL Injection Exploit Title: Ask Expert Script 3.0.5 - Cross Site Scripting / SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 19, 2019 Vendor Homepage: http://www.phpscriptsmall.com/ Software...
snapd 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (1)
snapd 2.37 Ubuntu - dirtysock Local Privilege Escalation 1 !/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository...
Joomla! Component vBizz 1.0.7 - SQL Injection
Joomla! Component vBizz 1.0.7 - SQL Injection Exploit Title: Joomla! Component vBizz 1.0.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/ Version:...
NTPsec 1.1.2 - ntp_control (Authenticated) NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - ntpcontrol Authenticated NULL Pointer Dereference PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated NULL pointer exception Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website:...
Deepin Linux 15 - lastore-daemon Local Privilege Escalation
Deepin Linux 15 - lastore-daemon Local Privilege Escalation !/bin/bash Deepin Linux 15.5 lastore-daemon D-Bus Local Root Exploit The lastore-daemon D-Bus configuration on Deepin Linux 15.5 permits any user in the sudo group to install arbitrary packages without providing a password, resulting in...
Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure
Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS...
Meneame English Pligg 5.8 - search SQL Injection
Meneame English Pligg 5.8 - search SQL Injection Exploit Title: Meneame English Pligg 5.8 - 'search' SQL Injection Dork: N/A Date: 2018-11-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/meneame-english/ Software Link:...
Bosch Video Management System 8.0 - Configuration Client Denial of Service (PoC)
Bosch Video Management System 8.0 - Configuration Client Denial of Service PoC Exploit Title: Bosch Video Management System 8.0-Configuration Client-Denial of Service Poc Discovery by: Daniel Discovery Date: 2018-11-12 Software Name: Bosch Video Management System Software Version: 8.0 Vendor...
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Exploit Title: TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-17 Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.com Affected version: 1.6.18P12121101 Test...
D-Link Routers - Directory Traversal
D-Link Routers - Directory Traversal Directory Traversal CVE: CVE-2018-10822 CVSS v3: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Description: Directory traversal vulnerability in the web interface on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through...
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection
Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection Exploit Title: Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://multiplanet.gr/ Software Link:...
MedDream PACS Server Premium 6.7.1.1 - email SQL Injection
MedDream PACS Server Premium 6.7.1.1 - email SQL Injection Exploit Title: MedDream PACS Server Premium 6.7.1.1 - 'email' SQL Injection Date: 2018-05-23 Software https://www.softneta.com/products/meddream-pacs-server/downloads.html Version: MedDreamPACS Premium 6.7.1.1 Exploit Author: Carlos Avila...
Tenda ADSL Router D152 - Cross-Site Scripting
Tenda ADSL Router D152 - Cross-Site Scripting Exploit Title: Tenda D152 ADSL Router - Cross-Site Scripting Exploit Author: Sandip Dey Date: 2018-07-21 Vendor Homepage: http://www.tendacn.com Hardware Link:...
Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection
Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection ------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 20...
ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)
ObserverIP Scan Tool 1.4.0.1 - Denial of Service PoC Exploit Title: ObserverIP Scan Tool 1.4.0.1 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-16 Homepage: https://www.ambientweather.com Software Link:...
Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)
Cloudme 1.9 - Buffer Overflow DEP Metasploit Exploit Title: Cloudme 1.9 - Buffer Overflow DEP Metasploit Date: 2018-08-13 Exploit Author: Raymond Wellnitz Vendor Homepage: https://www.cloudme.com Version: 1.8.x/1.9.x Tested on: Windows 7 x64 CVE : 2018-6892 This module requires Metasploit:...
QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)
QNap QVR Client 5.0.3.23100 - Denial of Service PoC Exploit Title : QNap QVR Client 5.0.3.23100 - Denial of Service PoC Discovery by : Rodrigo Eduardo Rodriguez Discovery Date : 2018-08-06 Vendor Homepage: http://www.qnapsecurity.com/n/en/ Software Link :...
Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow
Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow Exploit Title: Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 Date: 14-12-2017 Exploit Author: Maurice Heumann Contact: https://twitter.com/momo5502?lang=en Website: https://momo5502.co...
VideoInsight WebClient 5 - SQL Injection
VideoInsight WebClient 5 - SQL Injection Title: VideoInsight WebClient 5 - SQL Injection Date: 2018-05-06 Author: vosec Vendor Homepage: https://www.security.us.panasonic.com/ Software Link: https://www.security.us.panasonic.com/video-management-software/web-client/ Version: 5 Tested on: Windows...
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing
Samsung Galaxy S7 Edge - Overflow in OMACP WbXml String Extension Processing OMACP is a protocol supported by many mobile devices which allows them to receive provisioning information over the mobile network. One way to provision a device is via a WAP push SMS message containing provisioning...
PaulPrinting CMS Printing 1.0 - SQL Injection
PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any...
VirtueMart 3.1.14 - Persistent Cross-Site Scripting
VirtueMart 3.1.14 - Persistent Cross-Site Scripting Exploit Title: VirtueMart 3.1.14 - Persistent Cross-Site Scripting Date: 2018-02-25 Software Link: http://virtuemart.net/ Exploit Author: Mattia Furlani CVE: CVE-2018-7465 Category: webapps 1. Description An XSS issue was discovered in VirtueMar...
Microsoft Edge - OpenProcess() ACG Bypass
Microsoft Edge - OpenProcess ACG Bypass Each Edge Content process MicrosoftEdgeCP.exe needs to call SetProcessMitigationPolicy on itself to enable ACG. The callstack when this happens is: 00 KERNELBASE!SetProcessMitigationPolicy 01 MicrosoftEdgeCP!SetProcessDynamicCodePolicy+0xc0 02...
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery (Add Admin)
KYOCERA Net Admin 3.4 - Cross-Site Request Forgery Add Admin Vendor: KYOCERA Corporation Product https://global.kyocera.com Affected version: 3.4.0906 Summary: KYOCERA Net Admin is Kyocera's unified device management software that uses a web-based platform to give network administrators easy and...
WolfCMS 0.8.3.1 - Open Redirection
WolfCMS 0.8.3.1 - Open Redirection Exploit Title: WolfCMS 0.8.3.1 Open Redirection Vulnerability Google Dork: N/A Date: 04-04-2018 Exploit Author: Sureshbabu Narvaneni Author Blog : http://nullnews.in Vendor Homepage: http://www.wolfcms.org Software Link:...
WordPress Plugin Simple Fields 0.2 - 0.3.5 - LocalRemote File Inclusion Remote Code Execution
WordPress Plugin Simple Fields 0.2 - 0.3.5 - LocalRemote File Inclusion Remote Code Execution Exploit Title: Simple Fields 0.2 - 0.3.5 LFI/RFI/RCE Date: 2018-04-08 Exploit Author: Graeme Robinson Contact: @Grasec Vendor Homepage: http://simple-fields.com Software Link:...
Microsoft Windows Defender - mpengine.dll Memory Corruption
Microsoft Windows Defender - mpengine.dll Memory Corruption Windows Defender inspects a variety of different archive formats, among others RAR. Inspection of mpengine.dll revealed that the code responsible for processing RAR archives appears to be a forked and modified version of the original unr...
WampServer 3.1.2 - Cross-Site Request Forgery
WampServer 3.1.2 - Cross-Site Request Forgery Exploit Title: WampServer 3.1.2 CSRF to add or delete any virtual hostsremotely Date: 31-03-2018 Software Link: http://www.wampserver.com/en/ Version: 3.1.2 Tested On: Windows 10 Exploit Author: Vipin Chaudhary Contact: http://twitter.com/vipinxsec...
Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow
Allok QuickTime to AVI MPEG DVD Converter 3.6.1217 - Buffer Overflow Exploit Title: Allok Video Converter - Buffer Overflow Vulnerability Windows XP SP3 Date: 06-03-2018 Exploit Author: Mohan Ravichandran & Velayutham Selvaraj Organization : TwinTech Solutions Vulnerable Software: Allok Video...
Joomla! Component JomEstate PRO 3.7 - id SQL Injection
Joomla! Component JomEstate PRO 3.7 - id SQL Injection Exploit Title: Joomla! Component JomEstate PRO = 3.7 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: http://comdev.eu/ Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jomestate-pro/...
Online Voting System - Authentication Bypass
Online Voting System - Authentication Bypass Exploit Title: Online Voting System - Authentication Bypass Date: 02.02.2018 Vendor Homepage: http://themashabrand.com Software Link: http://themashabrand.com/p/votin Demo: http://localhost/Onlinevoting Version: 1.0 Category: Webapps Exploit Author:...
Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow (SEH)
Sync Breeze Enterprise 10.4.18 - Remote Buffer Overflow SEH Exploit Title: Sync Breeze Enterprise v10.4.18 Server - Unauthenticated Remote Buffer Overflow SEH Date: 29/01/2018 Exploit Author: Daniel Teixeira Vendor Homepage: http://www.syncbreeze.com Software Link:...
Joomla! Component Easydiscuss 4.0.21 - Cross-Site Scripting
Joomla! Component Easydiscuss 4.0.21 - Cross-Site Scripting Exploit Title: Joomla Plugin Easydiscuss inside the body, everything after the will be executed in the user’s browser. Works with every version up to 4.0.20 2. Proof of Concept Login with permissions to post a message, insert in the body...
Synology DiskStation Manager (DSM) 6.1.3-15152 - forget_passwd.cgi User Enumeration
Synology DiskStation Manager DSM 6.1.3-15152 - forgetpasswd.cgi User Enumeration Exploit Title: Synology DiskStation Manager DSM 6.1.3-15152 - 'forgetpasswd.cgi' User Enumeration Date: 01/05/2018 Exploit Author: Steve Kaun Vendor Homepage: https://www.synology.com Version: Before 6.1.3-15152 CVE ...