41207 matches found
Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Services.exe Denial of Service (1)
Microsoft Windows NT 4.0SP1SP2SP3SP4SP5SP6 - Services.exe Denial of Service 1 source: https://www.securityfocus.com/bid/754/info A specially crafted packet can cause a denial of service on an NT 4.0 host, rendering local administration and network communication nearly unusable. This attack will...
Caldera OpenUnix 8.0UnixWare 7.1.1 HP HP-UX 11.0 Solaris 7.0 SunOS 4.1.4 - rpc.cmsd Buffer Overflow (1)
Caldera OpenUnix 8.0UnixWare 7.1.1 HP HP-UX 11.0 Solaris 7.0 SunOS 4.1.4 - rpc.cmsd Buffer Overflow 1 // source: https://www.securityfocus.com/bid/524/info There is a remotely exploitable buffer overflow vulnerability in rpc.cmsd which ships with Sun's Solaris and HP-UX versions 10.20, 10.30 and...
Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access
Compaq Client Management Agents 3.704.0 Insight Management Agents 4.21 A4.22 A4.30 A Intelligent Cluster Administrator 1.0 Management Agents for Workstations 4.20 A Server Management Agents 4.23 Survey Utility 2.0 - Web File Access source: https://www.securityfocus.com/bid/282/info A vulnerabilit...
eLection 2.0 - id SQL Injection
eLection 2.0 - id SQL Injection Title: eLection 2.0 - 'id' SQL Injection Date: 2020-02-21 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/election-by-tripath/ Software Link: https://sourceforge.net/projects/election-by-tripath/files/Version 2.0 Tested on Ubuntu 19/Ka...
SOPlanning 1.45 - Cross-Site Request Forgery (Add User)
SOPlanning 1.45 - Cross-Site Request Forgery Add User Exploit Title: SOPlanning 1.45 - Cross-Site Request Forgery Add User Date: 2020-02-14 Exploit Author: J3rryBl4nks Vendor Homepage: https://www.soplanning.org/en/ Software Link: https://sourceforge.net/projects/soplanning/files/soplanning/...
phpMyChat Plus 1.98 - pmc_username SQL Injection
phpMyChat Plus 1.98 - pmcusername SQL Injection Title: phpMyChat Plus 1.98 - 'pmcusername' SQL Injection Date: 2020-02-13 Exploit Author: J3rryBl4nks Vendor Homepage: http://ciprianmp.com/latest/ Software Link: https://sourceforge.net/projects/phpmychat/files/phpMyChatPlus/ Version MyChat Plus 1....
DVD Photo Slideshow Professional 8.07 - Name Buffer Overflow
DVD Photo Slideshow Professional 8.07 - Name Buffer Overflow Exploit Title: DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-10 Vendor Homepage : http://www.picture-on-tv.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps t...
usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init
usersctp - Out-of-Bounds Reads in sctploadaddressesfrominit ''' usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctploadaddressesfrominit function of usersctp that can lead to a number of out-of-bound reads. The input to...
Wago PFC200 - Authenticated Remote Code Execution (Metasploit)
Wago PFC200 - Authenticated Remote Code Execution Metasploit Exploit Title: Wago PFC200 - Authenticated Remote Code Execution Metasploit Date: 2020-02-05 Exploit Author: Nico Jansen 0x483d Vendor Homepage: https://www.wago.com/ Version: 'Wago PFC200 authenticated remote code execution',...
Hospital Management System 4.0 - Persistent Cross-Site Scripting
Hospital Management System 4.0 - Persistent Cross-Site Scripting Exploit Title: Hospital Management System 4.0 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-01-02 Exploit Author: FULLSHADE Vendor Homepage: https://phpgurukul.com/ Software Link:...
SpotAuditor 5.3.2 - Base64 Local Buffer Overflow (SEH)
SpotAuditor 5.3.2 - Base64 Local Buffer Overflow SEH Exploit Title: SpotAuditor 5.3.2 - 'Base64' Local Buffer Overflow SEH Exploit Author: Kirill Nikolaev Date: 2019-12-06 Vulnerable Software: SpotAuditor Vendor Homepage: http://www.nsauditor.com/ Version: 5.3.2 Software Link:...
Nsauditor 3.1.8.0 - Name Denial of Service (PoC)
Nsauditor 3.1.8.0 - Name Denial of Service PoC Exploit Title: Nsauditor 3.1.8.0 - 'Name' Denial of Service PoC Discovery by: SajjadBnd Date: 2019-11-30 Vendor Homepage: http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.8.0...
InduSoft Web Studio 8.1 SP1 - _Atributos_ Denial of Service (PoC)
InduSoft Web Studio 8.1 SP1 - Atributos Denial of Service PoC Exploit Title: InduSoft Web Studio 8.1 SP1 - "Atributos" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2019-11-23 Vendor Homepage: http://www.indusoft.com/ Software Link : http://www.indusoft.com/Products-Downloads Teste...
Adrenalin Core HCM 5.4.0 - strAction Reflected Cross-Site Scripting
Adrenalin Core HCM 5.4.0 - strAction Reflected Cross-Site Scripting Exploit Title: Adrenalin Core HCM 5.4.0 - 'strAction' Reflected Cross-Site Scripting Google Dork: NA Date: 2018-09-06 Exploit Author: Rishu Ranjan Cy83rl0gger Vendor Homepage: https://www.myadrenalin.com/ Software Link:...
Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting
Jenkins build-metrics plugin 1.3 - label Cross-Site Scripting Exploit Title: Jenkins build-metrics plugin 1.3 - 'label' Cross-Site Scripting Date: 2019-11-06 Exploit Author: vesche Austin Jackson Vendor Homepage: https://plugins.jenkins.io/build-metrics Version: Jenkins build-metrics plugin 1.3 a...
Ajenti 2.1.31 - Remote Code Exection (Metasploit)
Ajenti 2.1.31 - Remote Code Exection Metasploit Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires...
Joomla! 3.4.6 - Remote Code Execution (Metasploit)
Joomla! 3.4.6 - Remote Code Execution Metasploit Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0...
Podman Varlink 1.5.1 - Remote Code Execution
Podman Varlink 1.5.1 - Remote Code Execution Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on:...
Ajenti 2.1.31 - Remote Code Execution
Ajenti 2.1.31 - Remote Code Execution Title: Ajenti 2.1.31 - Remote Code Execution Author: Jeremy Brown Date: 2019-10-13 Software Link: https://github.com/ajenti/ajenti CVE: N/A Tested on: Ubuntu Linux !/usr/bin/python ajentix.py Ajenti Remote Command Execution Exploit ------- Details -------...
PHP 7.0 7.3 (Unix) - gc disable_functions Bypass
PHP 7.0 7.3 Unix - gc disablefunctions Bypass = 0; $j-- $address = 8; return $out; function write&$str, $p, $v, $n = 8 $i = 0; for$i = 0; $i = 8; function leak$addr, $p = 0, $s = 8 global $abc, $helper; write$abc, 0x68, $addr + $p - 0x10; $leak = strlen$helper-a; if$s != 8 $leak %= 2 $s 8 - 1;...
SQL Server Password Changer 1.90 - Denial of Service
SQL Server Password Changer 1.90 - Denial of Service Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Date: 29.08.2019 Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested...
Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables
Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables -----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used i...
D-Link DIR-600M - Authentication Bypass (Metasploit)
D-Link DIR-600M - Authentication Bypass Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CVE-2019-13101 D-Link DIR-600M Incorrect Access Control', 'Description' = %q This module...
Windows PowerShell - Unsanitized Filename Command Execution
Windows PowerShell - Unsanitized Filename Command Execution ''' + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-POWERSHELL-UNSANITIZED-FILENAME-COMMAND-EXECUTION.txt + ISR: Apparition Security Vendor...
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass
CentOS Control Web Panel 0.9.8.836 - Authentication Bypass Exploit Title: CWP CentOS Control Web Panel ||//...
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass Remote Command Execution
Citrix SD-WAN Appliance 10.2.2 - Authentication Bypass Remote Command Execution Exploit Title: Citrix SD-WAN Appliance 10.2.2 Auth Bypass and Remote Command Execution Date: 2019-07-12 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.citrix.com Product: Citrix SD-WAN Software Link:...
WordPress Plugin Like Button 1.6.0 - Authentication Bypass
WordPress Plugin Like Button 1.6.0 - Authentication Bypass Exploit Title: WP Like Button 1.6.0 - Auth Bypass Date: 05-Jul-19 Exploit Author: Benjamin Lim Vendor Homepage: http://www.crudlab.com Software Link: https://wordpress.org/plugins/wp-like-button/ Version: 1.6.0 CVE : CVE-2019-13344 1...
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Linux - Use-After-Free via race Between modifyldt and BR Exception / When a BR exception is raised because of an MPX bounds violation, Linux parses the faulting instruction and computes the linear address of its memory operand. If the userspace instruction is in 32-bit code, this involves looking...
BlogEngine.NET 3.3.63.3.7 - XML External Entity Injection
BlogEngine.NET 3.3.63.3.7 - XML External Entity Injection Exploit Title: Out-of-band XML External Entity Injection on BlogEngine.NET Date: 19 June 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10718 1. Description...
Cyberoam General Authentication Client 2.1.2.7 - Server Address Denial of Service (PoC)
Cyberoam General Authentication Client 2.1.2.7 - Server Address Denial of Service PoC Exploit Title: Cyberoam General Authentication Client 2.1.2.7 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-23 Vendor Homepage: https://www.cyberoam.com Software Link:...
Nagios XI 5.6.1 - SQL injection
Nagios XI 5.6.1 - SQL injection Exploit Title: Nagiosxi username sql injection Date: 22/05/2019 Exploit Author: JameelNabbo Website: jameelnabbo.com Vendor Homepage: https://www.nagios.com Software Link: https://www.nagios.com/products/nagios-xi/ Version: xi-5.6.1 Tested on: MacOSX CVE:...
Horde Webmail 5.2.22 - Multiple Vulnerabilities
Horde Webmail 5.2.22 - Multiple Vulnerabilities Title: Horde Webmail - XSS + CSRF to SQLi, RCE, Stealing Emails var url = "http://webmail.victimserver.com/trean/"; var params =...
Apple macOS 10.14.5 iOS 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized
Apple macOS 10.14.5 iOS 12.3 JavaScriptCore - Loop-Invariant Code Motion LICM in DFG JIT Leaves Stack Variable Uninitialized While fuzzing JavaScriptCore, I encountered the following modified and commented JavaScript program which crashes jsc from current HEAD and release: // Run with...
TwistedBrush Pro Studio 24.06 - Resize Image Denial of Service (PoC)
TwistedBrush Pro Studio 24.06 - Resize Image Denial of Service PoC -- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link...
Hyvikk Fleet Manager - Shell Upload
Hyvikk Fleet Manager - Shell Upload ======================================================================================== | Fleet Manager hyvikk Shell Upload Date: 29-04-2019 Title : Fleet Manager by hyvikk All versions | Author : saxgy1331 - Kaieteur-Falls-1331 | Vendor Homepage:...
Linux - page-_refcount Overflow via FUSE
Linux - page-refcount Overflow via FUSE Linux: page-refcount overflow via FUSE with 140GiB RAM usage Tested on: Debian Buster distro kernel "4.19.0-1-amd64 1 SMP Debian 4.19.12-1 2018-12-22" KVM guest with 160000MiB RAM A while back, there was some discussion about possible overflows of the...
UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting
UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting Exploit Title: UliCMS - 2019.2 , 2019.1 - Multiple Cross-Site Scripting Google Dork: intext:"by UliCMS" Exploit Author: Kağan EĞLENCE Vendor Homepage: https://en.ulicms.de/ Version: 2019.2 , 2019.1 CVE : CVE-2019-11398 Vulnerability 1 Url :...
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation
Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUMACCESS DesiredAccess Privilege Escalation Windows: LUAFV Delayed Virtualization MAXIMUMACCESS DesiredAccess EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service...
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal Authenticated Arbitrary File Deletion
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal Authenticated Arbitrary File Deletion Exploit Title: Joomla Core 1.5.0 through 3.9.4 - Directory Traversal && Authenticated Arbitrary File Deletion Date: 2019-March-13 Exploit Author: Haboob Team Web Site: haboob.sa Email: [email protected] Softwar...
Microsoft Internet Explorer 11 - XML External Entity Injection
Microsoft Internet Explorer 11 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt + ISR: ApparitionSec Vendor...
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
ManageEngine ServiceDesk Plus 9.3 - User Enumeration Exploit Title: ManageEngine ServiceDesk Plus - 9.3 User enumeration vulnerability Date: 2019-03-29 Exploit Author: Operat0r Vendor Homepage: https://www.manageengine.com/ Software Link:...
Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion
Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion ''' Exploit Title: Thomson Reuters Concourse & Firm Central 2.13.0097 - Directory Traversal & Local File Inclusion Date: 02/13/2019 Exploit Author: 0v3rride Vendor Homepage:...
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML
Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML !-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when...
TheCarProject 2 - Multiple SQL Injection
TheCarProject 2 - Multiple SQL Injection =========================================================================================== Exploit Title: TheCarProject v2 - 'manid' SQL Inj. Dork: N/A Date: 17-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://thecarproject.org/ Software...
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
Intel Modular Server System 10.18 - Cross-Site Request Forgery Change Admin Password history.pushState'', 't00t', 'index.php'...
XAMPP 5.6.8 - SQL Injection Persistent Cross-Site Scripting
XAMPP 5.6.8 - SQL Injection Persistent Cross-Site Scripting !-- Exploit Title: Cross Site Scripting in XAMPP 5.6.8 and previous Date: 17-02-2019 Exploit Author: Rafael Pedrero Vendor Homepage: https://sourceforge.net/projects/xampp/files/XAMPP%20Windows/5.6.8/ Software Link:...
Jenkins 2.150.2 - Remote Command Execution (Metasploit)
Jenkins 2.150.2 - Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Jenkins %q This module can run commands on the system using Jenkins user...
AMAC Address Change 5.4 - Denial of Service (PoC)
AMAC Address Change 5.4 - Denial of Service PoC Exploit Title: a-Mac Address Change v5.4 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://amac.paqtool.com/ Software Link : http://amac.paqtool.com/ Tested Version: 5.4 Tested on: Windows XP SP3...
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting Exploit Title: Cross-site Scripting XSS Date: 2019-01-15 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3...
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage:...