41207 matches found
F5 BIG-IP 11.6 SSL Virtual Server - Ticketbleed Memory Disclosure
F5 BIG-IP 11.6 SSL Virtual Server - Ticketbleed Memory Disclosure -- coding: utf-8 -- !/usr/bin/python Exploit Title: Ticketbleed Google Dork: n/a Date: Exploit: 02/13/17, Advisory Published: 02/09/17 Exploit Author: @0x00string Vendor Homepage: https://f5.com/ Software Link:...
LG G4 - lghashstorageserver Directory Traversal
LG G4 - lghashstorageserver Directory Traversal Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=987 The lghashstorageserver binder service /system/bin/lghashstorageserver implementation on the LG G4 is vulnerable to path traversal, allowing an app to read and write 0x20 bytes fr...
ShadeYouVPN Client 2.0.1.11 - Local Privilege Escalation
ShadeYouVPN Client 2.0.1.11 - Local Privilege Escalation Exploit ShadeYouVPN.com Client v2.0.1.11 for Windows Privilege Escalation Date: 14.02.2017 Software Link: https://shadeyouvpn.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/...
LG G4 - Touchscreen Driver write_log Kernel ReadWrite
LG G4 - Touchscreen Driver writelog Kernel ReadWrite Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=990 The following function and variations on the same code is used to write to files from kernel code in various touchscreen drivers. This copy is from...
ntfs-3g - Unsanitized modprobe Environment Privilege Escalation
ntfs-3g - Unsanitized modprobe Environment Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1072 ntfs-3g is installed by default e.g. on Ubuntu and comes with a setuid root program /bin/ntfs-3g. When this program is invoked on a system whose kernel does not...
Google Android - Inter-process munmap in android.util.MemoryIntArray
Google Android - Inter-process munmap in android.util.MemoryIntArray Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1001 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the...
Google Android - android.util.MemoryIntArray Ashmem Race Conditions
Google Android - android.util.MemoryIntArray Ashmem Race Conditions Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1002 The MemoryIntArray class allows processes to share an in-memory array of integers by transferring an ashmem file descriptor. As the class implements the...
Joomla! Component JE Classify Ads 1.2 - pro_id SQL Injection
Joomla! Component JE Classify Ads 1.2 - proid SQL Injection Exploit Title: Joomla! Component JE Classify Ads 1.2 - SQL Injection Google Dork: inurl:index.php?option=comjeclassifyads Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Quiz 2.3 - SQL Injection
Joomla! Component JE Quiz 2.3 - SQL Injection Exploit Title: Joomla! Component JE Quiz 2.3 - SQL Injection Google Dork: inurl:index.php?option=comjequizmanagement Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Messanger - SQL Injection
Joomla! Component JE Messanger - SQL Injection Exploit Title: Joomla! Component JE Messanger - SQL Injection Google Dork: inurl:index.php?option=comjemessenger Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Portfolio Creator 1.2 - d_itemid SQL Injection
Joomla! Component JE Portfolio Creator 1.2 - ditemid SQL Injection Exploit Title: Joomla! Component JE Portfolio Creator v1.2 - SQL Injection Google Dork: inurl:index.php?option=comjeportfolio Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Awd Song 1.8 - SQL Injection
Joomla! Component JE Awd Song 1.8 - SQL Injection Exploit Title: Joomla! Component JE Awd Song 1.8 - SQL Injection Google Dork: inurl:index.php?option=comjeawdsong Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE auction 1.6 - eid SQL Injection
Joomla! Component JE auction 1.6 - eid SQL Injection Exploit Title: Joomla! Component JE auction 1.6 - SQL Injection Google Dork: inurl:index.php?option=comjeauction Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Ticket System 1.2 - SQL Injection
Joomla! Component JE Ticket System 1.2 - SQL Injection Exploit Title: Joomla! Component JE Ticket System v1.2 - SQL Injection Google Dork: inurl:index.php?option=comjeticket Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Form Creator 1.8 - Itemid SQL Injection
Joomla! Component JE Form Creator 1.8 - Itemid SQL Injection Exploit Title: Joomla! Component JE Form Creator v1.8 - SQL Injection Google Dork: inurl:index.php?option=comjeformcr Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component Hbooking 1.9.9 - h_id SQL Injection
Joomla! Component Hbooking 1.9.9 - hid SQL Injection Exploit Title: Joomla! Component Hbooking 1.9.9 - SQL Injection Google Dork: inurl:index.php?option=comhbooking Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE QuoteForm - Itemid SQL Injection
Joomla! Component JE QuoteForm - Itemid SQL Injection Exploit Title: Joomla! Component JE QuoteForm - SQL Injection Google Dork: inurl:index.php?option=comjequoteform Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
PHP Marketplace Script - SQL Injection
PHP Marketplace Script - SQL Injection Exploit Title : PHP Marketplace Script - Multiple SQL Injection Vulnerabilities Author : Yunus YILDIRIM Th3GundY Team : CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website : http://www.yunus.ninja Contact : [email protected] Vendor Homepage :...
Joomla! Component JE K2 Multiple Form Story 1.3 - Itemid SQL Injection
Joomla! Component JE K2 Multiple Form Story 1.3 - Itemid SQL Injection Exploit Title: Joomla! Component JE K2 Multiple Form Story v1.3 - SQL Injection Google Dork: inurl:index.php?option=comjek2storymultipleform Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Directory 1.7 - ditemid SQL Injection
Joomla! Component JE Directory 1.7 - ditemid SQL Injection Exploit Title: Joomla! Component JE Directory Ads 1.7 - SQL Injection Google Dork: inurl:index.php?option=comjedirectory Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Video Rate 1.0 - SQL Injection
Joomla! Component JE Video Rate 1.0 - SQL Injection Exploit Title: Joomla! Component JE Video Rate 1.0 - SQL Injection Google Dork: inurl:index.php?option=comjevideorate Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Grid Folio - id SQL Injection
Joomla! Component JE Grid Folio - id SQL Injection Exploit Title: Joomla! Component JE Grid Folio - SQL Injection Google Dork: inurl:index.php?option=comjegridfolio Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Gallery 1.3 - photo_id SQL Injection
Joomla! Component JE Gallery 1.3 - photoid SQL Injection Exploit Title: Joomla! Component JE Gallery v1.3 - SQL Injection Google Dork: inurl:index.php?option=comjegallery Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Auto 1.5 - d_itemid SQL Injection
Joomla! Component JE Auto 1.5 - ditemid SQL Injection Exploit Title: Joomla! Component JE Auto 1.5 - SQL Injection Google Dork: inurl:index.php?option=comjeauto Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Tour 2.0 - SQL Injection
Joomla! Component JE Tour 2.0 - SQL Injection Exploit Title: Joomla! Component JE Tour 2.0 - SQL Injection Google Dork: inurl:index.php?option=comjetour Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Joomla! Component JE Property Finder 1.6.3 - SQL Injection
Joomla! Component JE Property Finder 1.6.3 - SQL Injection Exploit Title: Joomla! Component JE Property Finder 1.6.3 - SQL Injection Google Dork: inurl:index.php?option=comjepropertyfinder Date: 13.02.2017 Vendor Homepage: http://www.joomlaextension.biz/ Software Buy:...
Cimetrics BACnet Explorer 4.0 - XML External Entity Injection
Cimetrics BACnet Explorer 4.0 - XML External Entity Injection Cimetrics BACnet Explorer 4.0 XXE Vulnerability Vendor: Cimetrics, Inc. Product web page: https://www.cimetrics.com Affected version: 4.0.0.0 Summary: The BACnet Explorer is a BACnet client application that helps auto discover BACnet...
Viavi Real Estate - SQL Injection
Viavi Real Estate - SQL Injection Exploit Title: Viavi Real Estate - SQL Injection Google Dork: N/A Date: 12.02.2017 Vendor Homepage: http://viavilab.com/ Software Buy: https://codecanyon.net/item/viavi-real-estate/11217313 Demo: http://viavilab.com/codecanyon/realestatedemo/ Version: N/A Tested...
Quadz School Management System 3.1 - uisd SQL Injection
Quadz School Management System 3.1 - uisd SQL Injection Exploit Title: Quadz School Management System v3.1 - SQL Injection Google Dork: N/A Date: 12.02.2017 Vendor Homepage: http://awardcorporation.com/ Software Buy: https://codecanyon.net/item/quadz-school-management-system/10452009 Demo:...
Itech B2B Script 4.29 - Multiple Vulnerabilities
Itech B2B Script 4.29 - Multiple Vulnerabilities Exploit Title : Itech scripts B2B Script v4.29 - Multiple Vulnerability Google Dork : - Date : 12/02/2017 Exploit Author : Marc Castejon Vendor Homepage : http://itechscripts.com/b2b-script/ Software Link: http://b2b.itechscripts.com Type : webapps...
Joomla! Component Soccer Bet 4.1.5 - userid SQL Injection
Joomla! Component Soccer Bet 4.1.5 - userid SQL Injection Exploit Title: Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection Google Dork: inurl:index.php?option=comsoccerbet Date: 12.02.2017 Vendor Homepage: http://www.jomsoccerbet.com/ Software Buy:...
TI Online Examination System 2.0 - SQL Injection
TI Online Examination System 2.0 - SQL Injection Exploit Title: TI Online Examination System v2.0 - SQL Injection Google Dork: N/A Date: 12.02.2017 Vendor Homepage: http://textusintentio.com/ Software Buy: https://codecanyon.net/item/ti-online-examination-system-v2/11248904 Demo:...
Viavi Product Review - id SQL Injection
Viavi Product Review - id SQL Injection Exploit Title: Viavi Product Review - SQL Injection Google Dork: N/A Date: 12.02.2017 Vendor Homepage: http://viavilab.com/ Software Buy: https://codecanyon.net/item/product-review/12406163 Demo: http://viavilab.com/codecanyon/productreviewdemo/ Version: N/...
WhizBiz 1.9 - SQL Injection
WhizBiz 1.9 - SQL Injection Exploit Title: WhizBiz - Business Directory CMS v1.9 - SQL Injection Google Dork: N/A Date: 12.02.2017 Vendor Homepage: http://webhelios.com/ Software Buy: https://codecanyon.net/item/whizbiz-business-directory-cms/12931569 Demo: http://whizbiz.webhelios.com/ Version:...
Kodi 17.1 - Arbitrary File Disclosure
Kodi 17.1 - Arbitrary File Disclosure Exploit Title: Kodi - Local File Inclusion Date: 12 February 2017 Exploit Author: Eric Flokstra Vendor Homepage: https://kodi.tv/ Software Link: https://kodi.tv/download/ Version: Kodi version 17.1 Krypton, Chorus version 2.4.2 Tested on: Linux Kodi formerly...
Domains Hostings Manager PRO 3.0 - entries SQL Injection
Domains Hostings Manager PRO 3.0 - entries SQL Injection Exploit Title: Domains & Hostings Manager PRO v 3.0 - SQL Injection Google Dork: N/A Date: 12.02.2017 Vendor Homepage: http://endavi.com/ Software Buy: https://codecanyon.net/item/advanced-domains-and-hostings-pro-v3-multiuser/10368735 Demo...
Viavi Movie Review - id SQL Injection
Viavi Movie Review - id SQL Injection Exploit Title: Viavi Movie Review - SQL Injection Google Dork: N/A Date: 12.02.2017 Vendor Homepage: http://viavilab.com/ Software Buy: https://codecanyon.net/item/movie-review/12729570 Demo: http://viavilab.com/codecanyon/moviereviewdemo/ Version: N/A Tested...
Cimetrics BACstac 6.2f - Local Privilege Escalation
Cimetrics BACstac 6.2f - Local Privilege Escalation Cimetrics BACstac Routing Service 6.2f Local Privilege Escalation Vendor: Cimetrics, Inc. Product web page: https://www.cimetrics.com Affected version: 6.2f Summary: BACstac belongs to product BACstacTM Networking Software and was developed by...
Linux Kernel 3.10.0 (CentOS 7) - Denial of Service
Linux Kernel 3.10.0 CentOS 7 - Denial of Service / Exploit Title: CentOS7 Kernel Crashing by rsyslog daemon vulnerability | DOS on CentOS7 Exploit Author: Hosein Askari FarazPajohan Vendor HomePage: https://www.centos.org/ Version : 7 Tested on: Parrot OS Date: 12-2-2017 Category: Operating Syste...
Joomla! Component onisQuotes 2.5 - tag SQL Injection
Joomla! Component onisQuotes 2.5 - tag SQL Injection Exploit Title: Joomla Component onisQuotes 2.5 - SQL Injection Date: 2017-02-11 Home : https://extensions.joomla.org/extensions/extension/news-display/quotes/onisquotes/ Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM...
Joomla! Component onisMusic 2 - tag SQL Injection
Joomla! Component onisMusic 2 - tag SQL Injection Exploit Title: Joomla Component onisMusic 2 - SQL Injection Date: 2017-02-11 Home : https://extensions.joomla.org/extensions/extension/multimedia/multimedia-players/onismusic/ Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM...
SonicDICOM PACS 2.3.2 - Cross-Site Scripting
SonicDICOM PACS 2.3.2 - Cross-Site Scripting SonicDICOM PACS 2.3.2 Multiple Stored Cross-Site Scripting Vulnerabilities Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of...
SonicDICOM PACS 2.3.2 - Privilege Escalation
SonicDICOM PACS 2.3.2 - Privilege Escalation SonicDICOM PACS 2.3.2 Remote Vertical Privilege Escalation Exploit Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Serv...
Joomla! Component onisPetitions 2.5 - tag SQL Injection
Joomla! Component onisPetitions 2.5 - tag SQL Injection Exploit Title: Joomla Component onisPetitions 2.5 - SQL Injection Date: 2017-02-11 Home : https://extensions.joomla.org/extensions/extension/contacts-and-feedback/polls/onispetitions/ Exploit Author: Persian Hack Team Discovered by : Mojtaba...
Joomla! Component Vik Booking 1.7 - SQL Injection
Joomla! Component Vik Booking 1.7 - SQL Injection Exploit Title: Joomla Component Vik Booking 1.7 - SQL Injection Date: 2017-02-11 Home : https://extensions.joomla.org/extension/vik-booking/ Exploit Author: Persian Hack Team Discovered by : Mojtaba MobhaM [email protected] Home :...
Joomla! Component Soccer Bet 4.1.5 - cat SQL Injection
Joomla! Component Soccer Bet 4.1.5 - cat SQL Injection Exploit Title: Joomla Component Soccer Bet 4.1.5 - SQL Injection Date: 2017-02-11 Home : https://extensions.joomla.org/extensions/extension/sports-a-games/tips-a-betts/soccer-bet/ Exploit Author: Persian Hack Team Discovered by : Mojtaba Mobh...
SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin)
SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery Add Admin SonicDICOM PACS 2.3.2 CSRF Add Admin Exploit Vendor: JIUN Corporation Product web page: https://www.sonicdicom.com Affected version: 2.3.2 and 2.3.1 Summary: SonicDICOM is PACS software that combines the capabilities of DICOM Server wit...
Joomla! Component Sponsor Wall 7.0 - wallid SQL Injection
Joomla! Component Sponsor Wall 7.0 - wallid SQL Injection Exploit Title: Joomla Component Sponsor Wall 7.0 - SQL Injection Date: 2017-02-11 Home : https://extensions.joomla.org/extensions/extension/ads-a-affiliates/sponsors/sponsor-wall/ Exploit Author: Persian Hack Team Discovered by : Mojtaba...
QWIKIA 1.1.1 - SQL Injection
QWIKIA 1.1.1 - SQL Injection Exploit Title: QWIKIA - Ask And Answer Platform 1.1.1 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://xandr.co/ Software Buy: http://xandr.co/portfolio/qwikia Demo: http://qwikia.xandr.co/ Version: 1.1.1 Tested on: Win7 x64, Kali Linux x64...
Multilanguage Estate Agency Pro 1.2 - SQL Injection
Multilanguage Estate Agency Pro 1.2 - SQL Injection Exploit Title: Multilanguage Estate Agency Pro 1.2 - SQL Injection Google Dork: N/A Date: 10.02.2017 Vendor Homepage: http://djrust26.hu/ Software Buy: https://codecanyon.net/item/multilanguage-estate-agency-pro-12/14521069 Demo:...