Zyxel_ EMG2926 V1.00(AAQT.4)b8 - OS Command Injection

Zyxel EMG2926 V1.00AAQT.4b8 - OS Command Injection Exploit Title: Zyxel, EMG2926 /expert/maintenance/diagnostic/nslookup?nslookupbutton=nslookupbutton&pingip=google.ca%3b%20cat%20/etc/passwd&serverip= HTTP/1.1 Host: 192.168.0.1 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 Macintosh; Intel...

Pixie 1.0.4 - Arbitrary File Upload

Pixie 1.0.4 - Arbitrary File Upload Exploit Title: File Extension Filter Bypass in File Manager Pixie 1.0.4 With Low Privilege Google Dork: no Date: 02-April-2017 Exploit Author: @runggareksya, @dvnrcy, @dickysofficial Vendor Homepage: http://www.getpixie.co.uk Software Link:...

Linux Kernel (PonyOS 4.0) - fluttershy LD_LIBRARY_PATH Local Privilege Escalation

Linux Kernel PonyOS 4.0 - fluttershy LDLIBRARYPATH Local Privilege Escalation !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running...

Microsoft Xbox One 10.0.14393.2152 - Code Execution (PoC)

Microsoft Xbox One 10.0.14393.2152 - Code Execution PoC For Xbox-SystemOS version: 10.0.14393.2152 rs1xboxrel1610 161208-1218 fre, 12/14/2016 Other versions will most likely need modifications to the script. Credits: - https://github.com/theori-io/chakra-2016-11 -...

Membership Formula - order SQL Injection

Membership Formula - order SQL Injection Exploit Title: Membership Formula - Best Membership Site PHP Script - SQL Injection Google Dork: N/A Date: 31.03.2017 Vendor Homepage: http://www.zeescripts.com/ Software:...

Splunk Enterprise - Information Disclosure

Splunk Enterprise - Information Disclosure + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SPLUNK-ENTERPRISE-INFORMATION-THEFT.txt + ISR: ApparitionSec Vendor: =============== www.splunk.com Product: ==================...

Apple macOSIOS 10.12.2 (16C67) - mach_msg Heap Overflow

Apple macOSIOS 10.12.2 16C67 - machmsg Heap Overflow / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1083 When sending ool memory via |machmsg| with |deallocate| flag or |MACHMSGVIRTUALCOPY| flag, |machmsg| performs moving the memory to the destination process instead of copyi...

EyesOfNetwork (EON) 5.1 - SQL Injection

EyesOfNetwork EON 5.1 - SQL Injection Exploit Title: EyesOfNetwork EON 5.1 Unauthenticated SQL Injection in eonweb leading to remote root Google Dork: intitle:EyesOfNetwork intext:"sponsored by AXIANS" Date: 29/03/2017 Exploit Author: Dany Bach Vendor Homepage: https://www.eyesofnetwork.com/...

DiskBoss Enterprise 7.8.16 - Import Command Local Buffer Overflow

DiskBoss Enterprise 7.8.16 - Import Command Local Buffer Overflow !/usr/bin/env python Exploit Title: DiskBoss Enterprise v7.8.16 - 'Import Command' Buffer Overflow Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage: http://www.diskboss.com...

Disk Sorter Enterprise 9.5.12 - Import Command Local Buffer Overflow

Disk Sorter Enterprise 9.5.12 - Import Command Local Buffer Overflow !/usr/bin/env python Exploit Title: DiskSorter Enterprise 9.5.12 - 'Import Command' Buffer Overflow SEH Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage:...

Opensource Classified Ads Script - keyword SQL Injection

Opensource Classified Ads Script - keyword SQL Injection Exploit Title: Opensource Classified Ads Script - SQL Injection Google Dork: N/A Date: 29.03.2017 Vendor Homepage: http://www.2daybiz.com/ Software: http://www.professionalclassifiedscript.com/downloads/opensource-classified-ads-script-2/...

Sync Breeze Enterprise 9.5.16 - GET Remote Buffer Overflow (SEH)

Sync Breeze Enterprise 9.5.16 - GET Remote Buffer Overflow SEH !/usr/bin/env python Exploit Title: Sync Breeze Enterprise v9.5.16 - Remote buffer overflow SEH Date: 2017-03-29 Exploit Author: Daniel Teixeira Vendor Homepage: http://syncbreeze.com Software Link:...

Sync Breeze Enterprise 9.5.16 - Import Command Local Buffer Overflow

Sync Breeze Enterprise 9.5.16 - Import Command Local Buffer Overflow !/usr/bin/env python Exploit Title: Sync Breeze Enterprise 9.5.16 - 'Import Command' Buffer Overflow SEH Date: 2017-03-29 Exploit Author: Daniel Teixeira Author Homepage: www.danielteixeira.com Vendor Homepage:...

DzSoft PHP Editor 4.2.7 - File Enumeration

DzSoft PHP Editor 4.2.7 - File Enumeration + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/DZSOFT-v4.2.7-PHP-EDITOR-FILE-ENUMERATION.txt + ISR: ApparitionSec Vendor: ============== www.dzsoft.com Product:...

MikroTik RouterBoard 6.38.5 - Denial of Service

MikroTik RouterBoard 6.38.5 - Denial of Service !/usr/local/bin/perl use Socket; $srchost =3D $ARGV0;=20 $srcport =3D $ARGV1;=20 $dsthost =3D $ARGV2;=20 $dstport =3D $ARGV3;=20 if!defined $srchost or !defined $srcport or !defined $dsthost or !defin= ed $dstport=20 =09 =09print "Usage: $0 \n";...

Intermec PM43 Industrial Printer - Local Privilege Escalation

Intermec PM43 Industrial Printer - Local Privilege Escalation TITLE: Intermec Industrial Printers Local root with Busybox jailbreak Date: March 28th, 2017 Author: Bourbon Jean-marie kmkz from AKERVA company | @kmkzsecurity Product Homepage: http://www.intermec.com/products/prtrpm43a/ Firmware...

VX Search Enterprise 9.5.12 - Verify Email Buffer Overflow

VX Search Enterprise 9.5.12 - Verify Email Buffer Overflow author = ''' Created: ScrR1pTK1dd13 Name: Greg Priest Mail: [email protected] Exploit Title: VX Search Enterprise v9.5.12 email verify exploit Date: 2017.03.28 Exploit Author: Greg Priest Version: VX Search Enterprise v9.5.12...

Microsoft Outlook - HTML Email Denial of Service

Microsoft Outlook - HTML Email Denial of Service Source: https://justhaifei1.blogspot.ca/2017/03/an-interesting-outlook-bug.html When you send this email to someone, when he/she just read the email, Outlook will crash. MSRC told me that they think it's a non-exploitable bug and it seems that they...

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory

Samba 4.5.2 - Symlink Race Permits Opening Files Outside Share Directory Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1039 The Samba server is supposed to only grant access to configured share directories unless "wide links" are enabled, in which case the server is allowed to...

Nuxeo 6.07.17.27.3 - Remote Code Execution (Metasploit)

Nuxeo 6.07.17.27.3 - Remote Code Execution Metasploit =begin Description Nuxeo Platform is a content management system for enterprises CMS. It embeds an Apache Tomcat server, and can be managed through a web interface. One of its features allows authenticated users to import files to the platform...

EyesOfNetwork (EON) 5.0 - Remote Code Execution

EyesOfNetwork EON 5.0 - Remote Code Execution CVE-2017-6087 EON 5.0 Remote Code Execution Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. Remote Code Execution authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to execute...

CouponPHP CMS 3.1 - code SQL Injection

CouponPHP CMS 3.1 - code SQL Injection Exploit Title: CouponPHP Script v3.1 - SQL Injection Google Dork: N/A Date: 27.03.2017 Vendor Homepage: http://couponphp.com/ Software: http://couponphp.com/demos Demo: http://newdemo2.couponphp.com Demo: http://newdemo3.couponphp.com Version: 3.1 Tested on:...

Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow

Disk Sorter Enterprise 9.5.12 - Local Buffer Overflow + Title: Disk Sorter Server v9.5.12 - Local Stack-based buffer overflow + Credits / Discovery: Nassim Asrir + Author Email: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE: N/A Vendo...

Professional Bus Booking Script - hid_Busid SQL Injection

Professional Bus Booking Script - hidBusid SQL Injection Exploit Title: Professional Bus Booking Script - SQL Injection Google Dork: N/A Date: 27.03.2017 Vendor Homepage: http://travelbookingscript.com/ Software: http://travelbookingscript.com/professional-bus-booking-script.html Demo:...

Apple Safari - Out-of-Bounds Read when Calling Bound Function

Apple Safari - Out-of-Bounds Read when Calling Bound Function var ba; function s alert"in s"; ba = this; function g alert"in g"; return...

Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode

Apple Safari - Builtin JavaScript Allows Function.caller to be Used in Strict Mode var q; function g //print"in g"; //printarguments.caller; //printg.caller; q = g.caller; //printg.caller; return 7; var a = 1, 2, 3; Object.defineProperty Array.prototype, "...

Apple Safari - DateTimeFormat.format Type Confusion

Apple Safari - DateTimeFormat.format Type Confusion var date = new DateDate.UTC2012, 11, 20, 3, 0, 0; var i = new Intl.DateTimeFormat; //printi; var q; function f //print"in f"; //printf.caller; q = f.caller; return 10; try i.formatvalueOf : f; catche //print"problem"; //printq; q.call0x77777777;...

Microsoft IIS 6.0 - WebDAV ScStoragePathFromUrl Remote Buffer Overflow

Microsoft IIS 6.0 - WebDAV ScStoragePathFromUrl Remote Buffer Overflow ''' Description:Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services IIS 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a lo...

inoERP 0.6.1 - Cross-Site Scripting Cross-Site Request Forgery SQL Injection Session Fixation

inoERP 0.6.1 - Cross-Site Scripting Cross-Site Request Forgery SQL Injection Session Fixation === FOXMOLE - Security Advisory 2017-01-25 === inoERP - Multiple Issues Affected Versions ================= inoERP 0.6.1 Issue Overview ============== Vulnerability Type: SQL Injection, Cross Site...

QNAP QTS 4.2.4 - Domain Privilege Escalation

QNAP QTS 4.2.4 - Domain Privilege Escalation QNAP QTS Domain Privilege Escalation Vulnerability Name Sensitive Data Exposure in QNAP QTS Systems Affected QNAP QTS NAS all model and all versions 4.2.4 Severity High 7.9/10 Impact CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L Vendor...

EyesOfNetwork (EON) 5.0 - SQL Injection

EyesOfNetwork EON 5.0 - SQL Injection CVE-2017-6088 EON 5.0 Multiple SQL Injection Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. SQL injection authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to inject arbitrary SQL...

Parcel Delivery Booking Script 1.0 - SQL Injection

Parcel Delivery Booking Script 1.0 - SQL Injection Exploit Title: Parcel Delivery Booking Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/parcel-delivery-booking-script Demo:...

B2B Marketplace Script 2.0 - SQL Injection

B2B Marketplace Script 2.0 - SQL Injection Exploit Title: B2B Marketplace Script v2.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://eaglescripts.com/php-b2b-marketplace-script-v2 Demo: http://demob2b.xyz/ Version: 2.0 Tested on: Win...

Courier Tracking Software 6.0 - SQL Injection

Courier Tracking Software 6.0 - SQL Injection Exploit Title: Courier Tracking Software v6.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/courier-tracking-software-ver-6 Demo:...

Just Another Video Script 1.4.3 - SQL Injection

Just Another Video Script 1.4.3 - SQL Injection Exploit Title: Just Another Video Script 1.4.3 - SQL Injection Google Dork: N/A Date: 25.03.2017 Vendor Homepage: http://justanothervideoscript.com/ Software: http://justanothervideoscript.com/demo Demo: http://javsdemo.com/ Version: 1.4.3 Tested on...

Microsoft Visual Studio 2015 update 3 - Denial of Service

Microsoft Visual Studio 2015 update 3 - Denial of Service / Exploit Title: Microsoft Visual Studio 2015 update 3 – Stack overflow Date: 2017-03-26 Exploit Author: Peter Baris Vendor Homepage: http://www.saptech-erp.com.au Software Link:...

Alibaba Clone Script - SQL Injection

Alibaba Clone Script - SQL Injection Exploit Title: Alibaba Clone Script - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://b2bbusinessdirectoryscript.com/alibaba-clone-script.html Demo: http://thealidemox.com Version: N/A Tested on: Win...

D-Link DCS-936L Network Camera - Cross-Site Request Forgery

D-Link DCS-936L Network Camera - Cross-Site Request Forgery Exploit Title: D-Link DCS-936L network camera incomplete/weak CSRF protection vulnerability Date: 26/03/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage:...

Hotel Booking Script 1.0 - SQL Injection

Hotel Booking Script 1.0 - SQL Injection Exploit Title: Hotel & Tour Package Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/hotel-booking-script Demo: http://hotelbooking.phpscriptsdemo.com/ Version:...

Php Real Estate Property Script - SQL Injection

Php Real Estate Property Script - SQL Injection Exploit Title: Real Estate Property Pro Script - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/php-property-portal-script Demo: http://realpro.phpscriptsdemo.com/...

Tour Package Booking 1.0 - SQL Injection

Tour Package Booking 1.0 - SQL Injection Exploit Title: Tour Package Booking v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: www.eaglescripts.com/tour-package-booking-script Demo: http://tourbooking.phpscriptsdemo.com/ Version: 1.0 Test...

Delux Same Day Delivery Script 1.0 - SQL Injection

Delux Same Day Delivery Script 1.0 - SQL Injection Exploit Title: Delux Same Day Delivery Script v1.0 - SQL Injection Google Dork: N/A Date: 26.03.2017 Vendor Homepage: http://eagletechnosys.com/ Software: http://www.eaglescripts.com/delux-same-day-delivery Demo:...

Adult Tube Video Script - SQL Injection

Adult Tube Video Script - SQL Injection Exploit Title: Adult Tube Video Script - SQL Injection Google Dork: N/A Date: 25.03.2017 Vendor Homepage: http://www.boysofts.com/ Software: http://www3.boysofts.com/xxx/freeadultvideotubescript.zip Demo:...

Fortinet FortiClient 5.2.3 (Windows 10 x64 Pre-Anniversary) - Local Privilege Escalation

Fortinet FortiClient 5.2.3 Windows 10 x64 Pre-Anniversary - Local Privilege Escalation / Check this out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf Tested on: - Windows 10 Pro x64 Pre-Anniversary - hal.dll: 10.0.10240.16384 -...

Fortinet FortiClient 5.2.3 (Windows 10 x64 Post-Anniversary) - Local Privilege Escalation

Fortinet FortiClient 5.2.3 Windows 10 x64 Post-Anniversary - Local Privilege Escalation / Check these out: - https://www.coresecurity.com/system/files/publications/2016/05/Windows%20SMEP%20bypass%20U%3DS.pdf - https://labs.mwrinfosecurity.com/blog/a-tale-of-bitmaps/ Tested on: - Windows 10 Pro x6...

Miele Professional PG 8528 - Directory Traversal

Miele Professional PG 8528 - Directory Traversal Title: ====== Miele Professional PG 8528 - Web Server Directory Traversal Author: ======= Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2017-7240 Risk Information: ================= Risk Factor: Medium CVSS Base Score:...

NETGEAR WNR2000v5 - hidden_lang_avi Remote Stack Overflow (Metasploit)

NETGEAR WNR2000v5 - hiddenlangavi Remote Stack Overflow Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'time' class MetasploitModule 'NETGEAR WNR2000v5 Unauthenticated hiddenlanga...

Gr8 Gallery Script - SQL Injection

Gr8 Gallery Script - SQL Injection Exploit Title: Gr8 Gallery Script - SQL Injection Google Dork: N/A Date: 24.03.2017 Vendor Homepage: http://gr8script.com/ Software: http://gr8script.com/gr8gallery.php Demo: http://www.gr8script.com/gr8gallery/ Version: N/A Tested on: Win7 x64, Kali Linux x64...

Gr8 Tutorial Script - SQL Injection

Gr8 Tutorial Script - SQL Injection Exploit Title: Gr8 Tutorial Script - SQL Injection Google Dork: N/A Date: 24.03.2017 Vendor Homepage: http://gr8script.com/ Software: http://gr8script.com/gr8tutorialscript.php Demo: http://www.gr8script.com/gr8tutorial/ Version: N/A Tested on: Win7 x64, Kali...

Logsign 4.4.24.4.137 - Remote Command Injection (Metasploit)

Logsign 4.4.24.4.137 - Remote Command Injection Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Logsign Remote Command Injection', 'Description' = %q This module exploits an command...