Sophos Web Appliance 4.3.1.1 - Session Fixation

Sophos Web Appliance 4.3.1.1 - Session Fixation Exploit Title: Sophos Secure Web Appliance Session Fixation Vulnerability Date: 28/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: https://www.sophos.com/en-us/products/secure-web-gateway.aspx Version: Tested on Sophos W...

Joomla! Component OneVote! 1.0 - SQL Injection

Joomla! Component OneVote! 1.0 - SQL Injection Exploit Title: Joomla! Component OneVote! v1.0 - SQL Injection Google Dork: inurl:index.php?option=comonevote Date: 27.02.2017 Vendor Homepage: http://advcomsys.com/ Software:...

WePresent WiPG-1500 - Backdoor Account

WePresent WiPG-1500 - Backdoor Account Exploit Title: CVE-2017-6351 - WePresent undocumented privileged manufacturer backdoor account Date: 27/02/2017 Exploit Author: Quentin Olagne Vendor Homepage: http://www.wepresentwifi.com/ or http://www.awindinc.com/productswepresentwipg1500.html Software...

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free (PoC)

Linux Kernel 4.4.0 Ubuntu - DCCP Double-Free PoC // // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A trigger for CVE-2017-6074, crashes kernel. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. // https://github.com/xairy/kernel-exploits/tree/master/CVE-2017-6074 // //...

Linux Kernel 4.4.0 (Ubuntu) - DCCP Double-Free Privilege Escalation

Linux Kernel 4.4.0 Ubuntu - DCCP Double-Free Privilege Escalation // // EDB Note: More information http://seclists.org/oss-sec/2017/q1/471 // // A proof-of-concept local root exploit for CVE-2017-6074. // Includes a semireliable SMAP/SMEP bypass. // Tested on 4.4.0-62-generic 83-Ubuntu kernel. //...

Joomla! Component My MSG 3.2.1 - SQL Injection

Joomla! Component My MSG 3.2.1 - SQL Injection Exploit Title: Joomla! Component My MSG v3.2.1 - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software : https://www.cmsplugin.com/products/components/10-my-msg Demo:...

Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection

Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection Exploit Title: Joomla! Component Appointments for JomSocial v3.8.1 - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software :...

Joomla! Component JomSocial - SQL Injection

Joomla! Component JomSocial - SQL Injection Exploit Title: Joomla! Component JomSocial - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software : http://extensions.cmsplugin.com/extensions/j3demo/jomsocial Demo:...

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution

NETGEAR DGN2200v1v2v3v4 - dnslookup.cgi Remote Command Execution !/usr/bin/python Provides access to default user account, privileges can be easily elevated by using either: - a kernel exploit ex. memodipper was tested and it worked - by executing /bin/bd suid backdoor present on SOME but not all...

Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection

Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection Exploit Title: Joomla! Component Intranet Attendance Track v2.6.5 - SQL Injection Google Dork: inurl:index.php?option=comintranet Date: 25.02.2017 Vendor Homepage: http://thagatpam.in/ Software Buy:...

Joomla! Component Gnosis 1.1.2 - id SQL Injection

Joomla! Component Gnosis 1.1.2 - id SQL Injection Exploit Title: Joomla! Component Gnosis v1.1.2 - SQL Injection Google Dork: inurl:index.php?option=comgnosis Date: 25.02.2017 Vendor Homepage: http://hypermodern.org/ Software :...

Joomla! Component Spinner 360 1.3.0 - SQL Injection

Joomla! Component Spinner 360 1.3.0 - SQL Injection Exploit Title: Joomla! Component Spinner 360 v1.3.0 - SQL Injection Google Dork: N/A Date: 25.02.2017 Vendor Homepage: https://www.cmsplugin.com/ Software : https://www.cmsplugin.com/products/components/13-spinner360 Demo:...

Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass

Apple WebKit 10.0.2 - Cross-Origin or Sandboxed IFRAME Pop-up Blocker Bypass DOMWindow::openconst String& urlString, const AtomicString& frameName, const String& windowFeaturesString, DOMWindow& activeWindow, DOMWindow& firstWindow ... ---------------- 1 ----------------------- if...

Microsoft Edge Internet Explorer - HandleColumnBreakOnColumnSpanningElement Type Confusion

Microsoft Edge Internet Explorer - HandleColumnBreakOnColumnSpanningElement Type Confusion .class1 float: left; column-count: 5; .class2 column-span: all; columns: 1px; table border-spacing: 0px; function boom document.styleSheets0.media.mediaText = "aaaaaaaaaaaaaaaaaaaa"; th1.align = "right"; !-...

Joomla! Component AJAX Search for K2 2.2 - SQL Injection

Joomla! Component AJAX Search for K2 2.2 - SQL Injection Exploit Title: Joomla! Component AJAX Search for K2 v2.2 - SQL Injection Google Dork: inurl:index.php?option=comk2ajaxsearch Date: 24.02.2017 Vendor Homepage: http://taleia.software/ Software Buy:...

Joomla! Component GPS Tools 4.0.1 - SQL Injection

Joomla! Component GPS Tools 4.0.1 - SQL Injection Exploit Title: Joomla! Component GPS Tools v4.0.1 - SQL Injection Google Dork: inurl:index.php?option=comgpstools Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy:...

Joomla! Component Community Polls 4.5.0 - SQL Injection

Joomla! Component Community Polls 4.5.0 - SQL Injection Exploit Title: Joomla! Component Community Polls v4.5.0 - SQL Injection Google Dork: inurl:index.php?option=comcommunitypolls Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy:...

Joomla! Component Community Quiz 4.3.5 - SQL Injection

Joomla! Component Community Quiz 4.3.5 - SQL Injection Exploit Title: Joomla! Component Community Quiz v4.3.5 - SQL Injection Google Dork: inurl:index.php?option=comcommunityquiz Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy:...

Joomla! Component JooDatabase 3.1.0 - SQL Injection

Joomla! Component JooDatabase 3.1.0 - SQL Injection Exploit Title: Joomla! Component JooDatabase v3.1.0 - SQL Injection Google Dork: inurl:index.php?option=comjoodb Date: 24.02.2017 Vendor Homepage: https://feenders.de/ Software Buy:...

Apple WebKit 10.0.2 - FrameLoader::clear Universal Cross-Site Scripting

Apple WebKit 10.0.2 - FrameLoader::clear Universal Cross-Site Scripting domWindow; mframe.document-domWindow-resetUnlessSuspendedForDocumentSuspension; mframe.script.clearWindowShellnewDocument-domWindow, mframe.document-pageCacheState == Document::AboutToEnterPageCache; / Apple WebKit: UXSS via...

Apple WebKit 10.0.2 - Frame::setDocument Universal Cross-Site Scripting

Apple WebKit 10.0.2 - Frame::setDocument Universal Cross-Site Scripting && newDocument ASSERT!newDocument || newDocument-frame == this; if mdoc && mdoc-pageCacheState != Document::InPageCache mdoc-prepareForDestruction; mdoc = newDocument.copyRef; ... Before setting |mdoc| to |newDocument|, it...

Joomla! Component JO Facebook Gallery 4.5 - SQL Injection

Joomla! Component JO Facebook Gallery 4.5 - SQL Injection Exploit Title: Joomla! Component JO Facebook Gallery v4.5 - SQL Injection Google Dork: inurl:index.php?option=comjofacebookgallery Date: 24.02.2017 Vendor Homepage: http://joomcore.com/joomla32/ Software Buy:...

memcache-viewer - Cross-Site Scripting

memcache-viewer - Cross-Site Scripting Exploit Title: memcache-viewer - Stored XSS Date: 2017-02-24 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/chrisjameskirkham/memcache-viewer Software Link:...

Joomla! Component Community Surveys 4.3 - SQL Injection

Joomla! Component Community Surveys 4.3 - SQL Injection Exploit Title: Joomla! Component Community Surveys v4.3 - SQL Injection Google Dork: inurl:index.php?option=comcommunitysurveys Date: 24.02.2017 Vendor Homepage: http://corejoomla.com/ Software Buy:...

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution Arbitrary File Read

Apple macOS HelpViewer 10.12.1 - XSS Leads to Arbitrary File Execution Arbitrary File Read / OSX: HelpViewer XSS leads to arbitrary file execution and arbitrary file read. HelpViewer is an application and using WebView to show a help file. You can see it simply by the command: open...

Joomla! Component UserExtranet 1.3.1 - SQL Injection

Joomla! Component UserExtranet 1.3.1 - SQL Injection Exploit Title: Joomla! Component UserExtranet v1.3.1 - SQL Injection Google Dork: inurl:index.php?option=comuserextranet Date: 23.02.2017 Vendor Homepage: http://www.beesto.com/ Software Buy:...

Joomla! Component MultiTier 3.1 - SQL Injection

Joomla! Component MultiTier 3.1 - SQL Injection Exploit Title: Joomla! Component MultiTier v3.1 - SQL Injection Google Dork: inurl:index.php?option=commultitier Date: 23.02.2017 Vendor Homepage: http://www.beesto.com/ Software Buy:...

NetGain Enterprise Manager 7.2.562 - Ping Command Injection

NetGain Enterprise Manager 7.2.562 - Ping Command Injection...

Joomla! Component Store for K2 3.8.2 - SQL Injection

Joomla! Component Store for K2 3.8.2 - SQL Injection Exploit Title: Joomla! Component Store for K2 v3.8.2 - SQL Injection Google Dork: inurl:index.php?option=comk2store Date: 23.02.2017 Vendor Homepage: http://jworkplace.com/ Software Buy:...

Joomla! Component RealEstateManager 3.9 - SQL Injection

Joomla! Component RealEstateManager 3.9 - SQL Injection Exploit Title: Joomla! Component RealEstateManager v3.9 - SQL Injection Google Dork: inurl:index.php?option=comrealestatemanager Date: 22.02.2017 Vendor Homepage: http://ordasoft.com/ Software Buy:...

Joomla! Component VehicleManager 3.9 - SQL Injection

Joomla! Component VehicleManager 3.9 - SQL Injection Exploit Title: Joomla! Component VehicleManager v3.9 - SQL Injection Google Dork: inurl:index.php?option=comvehiclemanager Date: 22.02.2017 Vendor Homepage: http://ordasoft.com/ Software Buy:...

Disk Savvy Enterprise 9.4.18 - Remote Buffer Overflow (SEH)

Disk Savvy Enterprise 9.4.18 - Remote Buffer Overflow SEH Exploit Title: DiskSavvy Enterprise 9.4.18 - Remote buffer overflow - SEH overwrite with WoW64 egghunters Date: 2017-02-22 Exploit Author: Peter Baris Vendor Homepage: www.saptech-erp.com.au Software Link:...

Google Chrome - layout Out-of-Bounds Read

Google Chrome - layout Out-of-Bounds Read content contain: size layout; function leak document.execCommand"selectAll"; opt.text = ""; aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa...

EasyCom For PHP 4.0.0 - Denial of Service

EasyCom For PHP 4.0.0 - Denial of Service + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-SQL-IPLUG-DENIAL-OF-SERVICE.txt + ISR: ApparitionSec Vendor: ================ easycom-aura.com Product: =========== SQL iPl...

Fibaro Home Center 2 - Remote Command Execution Privilege Escalation

Fibaro Home Center 2 - Remote Command Execution Privilege Escalation !/usr/bin/python import requests import argparse import urllib import base64 import tarfile import os parser = argparse.ArgumentParserdescription='Fibaro RCE' parser.addargument'--rhost' parser.addargument'--lhost'...

Joomla! Component ContentMap 1.3.8 - contentid SQL Injection

Joomla! Component ContentMap 1.3.8 - contentid SQL Injection Exploit Title: Joomla! Component ContentMap v1.3.8 - SQL Injection Google Dork: inurl:index.php?option=comcontentmap Date: 22.02.2017 Vendor Homepage: https://www.turismo.eu/ Software Buy:...

Joomla! Component BookLibrary 3.6.1 - SQL Injection

Joomla! Component BookLibrary 3.6.1 - SQL Injection Exploit Title: Joomla! Component BookLibrary v3.6.1 - SQL Injection Google Dork: inurl:index.php?option=combooklibrary Date: 22.02.2017 Vendor Homepage: http://ordasoft.com/ Software Buy:...

Joomla! Component MediaLibrary Basic 3.5 - SQL Injection

Joomla! Component MediaLibrary Basic 3.5 - SQL Injection Exploit Title: Joomla! Component MediaLibrary Basic v3.5 - SQL Injection Google Dork: inurl:index.php?option=combooklibrary Date: 22.02.2017 Vendor Homepage: http://ordasoft.com/ Software Buy:...

Teradici Management Console 2.2.0 - Privilege Escalation

Teradici Management Console 2.2.0 - Privilege Escalation Exploit Title: Teradici Management Console 2.2.0 - Web Shell Upload and Privilege Escalation Date: February 22nd, 2017 Exploit Author: hantwister Vendor Homepage:...

EasyCom For PHP 4.0.0 - Buffer Overflow (PoC)

EasyCom For PHP 4.0.0 - Buffer Overflow PoC + Credits: John Page AKA Hyp3rlinX + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/EASYCOM-PHP-API-BUFFER-OVERFLOW.txt + ISR: ApparitionSec Vendor: ================ easycom-aura.com Product:...

D-Link DCS Series Cameras - Insecure Crossdomain

D-Link DCS Series Cameras - Insecure Crossdomain Exploit Title: Insecure CrossDomain.XML in D-Link DCS Series Cameras Date: 22/02/2017 Exploit Author: SlidingWindow , Twitter: @KapilKhot Vendor Homepage: http://us.dlink.com/product-category/home-solutions/view/network-cameras/ Version: Tested on...

Adobe Flash - Use-After-Free in Applying Bitmap Filter

Adobe Flash - Use-After-Free in Applying Bitmap Filter Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1007 The attached swf causes a use-after-free in applying bitmap filters. Proof of Concept:...

ProjectSend r754 - Insecure Direct Object Reference

ProjectSend r754 - Insecure Direct Object Reference Document Title: =============== ProjectSend r754 - IDOR & Authentication Bypass Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2031 Release Date: ============= 2017-02-21 Vulnerability...

Adobe Flash - YUVPlane Decoding Heap Overflow

Adobe Flash - YUVPlane Decoding Heap Overflow Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1008 The attached FLV file causes a heap overflow in YUVPlane decoding. To reproduce, put LoadMP4.swf and yuvplane.flv on a server, and visit 127.0.0.1/LoadMP4.swf?file=yvplane.flv. Pro...

Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection

Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection Exploit Title: Joomla! Component J-BusinessDirectory v4.6.8 - SQL Injection Google Dork: inurl:index.php?option=comjbusinessdirectory Date: 21.02.2017 Vendor Homepage: http://www.cmsjunkie.com/ Software Buy:...

Grails PDF Plugin 0.6 - XML External Entity Injection

Grails PDF Plugin 0.6 - XML External Entity Injection Exploit Title: Grails PDF Plugin 0.6 XXE Date: 21/02/2017 Vendor Homepage: http://www.grails.org/plugin/pdf Software Link: https://github.com/aeischeid/grails-pdfplugin Exploit Author: Charles FOL Contact: https://twitter.com/ambionics Website...

Joomla! Component Magic Deals Web 1.2.0 - SQL Injection

Joomla! Component Magic Deals Web 1.2.0 - SQL Injection Exploit Title: Joomla! Component Magic Deals Web v1.2.0 - SQL Injection Google Dork: inurl:index.php?option=commagicdealsweb Date: 21.02.2017 Vendor Homepage: http://jasonwebdesign.com/ Software Buy:...

Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection

Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection Exploit Title: Joomla! Component AppointmentBookingPro v4.0.1 - SQL Injection Google Dork: inurl:index.php?option=comrsapptpro3 Date: 21.02.2017 Vendor Homepage: http://appointmentbookingpro.com/ Software Buy:...

Lock Photos AlbumVideos Safe 4.3 - Directory Traversal

Lock Photos AlbumVideos Safe 4.3 - Directory Traversal Document Title: =============== Lock Photos Album&Videos Safe v4.3 - Directory Traversal Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2032 Release Date: ============= 2017-02-21...

Adobe Flash - SWF Stack Corruption

Adobe Flash - SWF Stack Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1013 The attached fuzzed swf causes stack corruption when it is loaded, likely due to the parsing of the SWF file. Proof of Concept:...