Itech Job Portal Script 9.13 - Multiple Vulnerabilities

Itech Job Portal Script 9.13 - Multiple Vulnerabilities Exploit Title : Itech Job Portal Script - Multiple Vulnerabilities Author : Yunus YILDIRIM Th3GundY Team : CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website : http://www.yunus.ninja Contact : [email protected] Vendor Homepage...

Alstrasoft Video Share Enterprise 4.72 - SQL Injection

Alstrasoft Video Share Enterprise 4.72 - SQL Injection Exploit Title: AlstraSoft Video Share Enterprise v4.72 Script - SQL Injection Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy: http://www.alstrasoft.com/videoshare.htm Demo:...

Alstrasoft FMyLife Pro 1.02 - Cross-Site Request Forgery (Add Admin)

Alstrasoft FMyLife Pro 1.02 - Cross-Site Request Forgery Add Admin Exploit Title: AlstraSoft FMyLife Pro v1.02 Script - Cross-Site Request Forgery Add Admin Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy: http://www.alstrasoft.com/fmylife-pro.htm Demo:...

Alstrasoft Forum Pay Per Post Exchange Script 2.01 - SQL Injection

Alstrasoft Forum Pay Per Post Exchange Script 2.01 - SQL Injection Exploit Title: AlstraSoft Forum Pay Per Post Exchange v2.01 Script - SQL Injection Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy: http://www.alstrasoft.com/forum-pay-per-post-exchange.h...

Alstrasoft Template Seller Pro 3.25e - tempid SQL Injection

Alstrasoft Template Seller Pro 3.25e - tempid SQL Injection !/usr/bin/perl -w Exploit Title: AlstraSoft Template Seller Pro v3.25e Script buy.php- Remote SQL Injection Vulnerability Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy:...

Alstrasoft EPay Enterprise 5.17 - SQL Injection

Alstrasoft EPay Enterprise 5.17 - SQL Injection Exploit Title: Alstrasoft EPay Enterprise v5.17 Script - SQL Injection Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.alstrasoft.com/ Software Buy: http://www.alstrasoft.com/epayenterprise.htm Demo: http://blizsoft.com/enterprise/...

iScripts AutoHoster 3.0 - siteid SQL Injection

iScripts AutoHoster 3.0 - siteid SQL Injection Exploit Title: iScripts AutoHoster v3.0 Script - SQL Injection Google Dork: N/A Date: 04.02.2017 Vendor Homepage: http://www.iscripts.com/ Software Buy: http://www.iscripts.com/autohoster/ Demo: http://www.demo.iscripts.com/autohoster/demo/ Version:...

Netwave IP Camera - Password Disclosure

Netwave IP Camera - Password Disclosure !/usr/bin/python2.7 spiritnullatsigaint.org Run the exploit against the victim to get WIFI password If the victim is vulnerable to memory leak it will try to extract the username and password for the weblogin magic for you bash: wget -qO-...

ntfs-3g (Debian 9) - Local Privilege Escalation

ntfs-3g Debian 9 - Local Privilege Escalation !/bin/bash echo "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@" echo "@ CVE-2017-0359, PoC by Kristian Erik Hermansen @" echo "@ ntfs-3g local privilege escalation to root @" echo "@ Credits to Google Project Zero @" echo "@ Affects: Debian 9/8/...

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery

Zoneminder 1.291.30 - Cross-Site Scripting SQL Injection Session Fixation Cross-Site Request Forgery Source: https://www.foxmole.com/advisories/foxmole-2016-07-05.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 === FOXMOLE - Security Advisory 2016-07-05 === Zoneminder multiple vulnerabilities...

CUPS 2.0.3 - Remote Command Execution

CUPS 2.0.3 - Remote Command Execution !/usr/bin/python Exploit Title: CUPS Reference Count Over Decrement Remote Code Execution Google Dork: n/a Date: 2/2/17 Exploit Author: @0x00string Vendor Homepage: cups.org Software Link: https://github.com/apple/cups/releases/tag/release-2.0.2 Version: 2.0....

Itech Multi Vendor Script 6.49 - SQL Injection

Itech Multi Vendor Script 6.49 - SQL Injection Exploit Title : Itech Multi Vendor Script - Multiple SQL Injections Author : Yunus YILDIRIM Th3GundY Team : CT-Zer0 @CRYPTTECH - https://www.crypttech.com Website : http://www.yunus.ninja Contact : [email protected] Vendor Homepage :...

Posnic Stock Management System - SQL Injection

Posnic Stock Management System - SQL Injection --==IndiSh3LL==-- body font-family: Tahoma; color: white; background: 444444; input border : solid 2px ; border-color : black; BACKGROUND-COLOR: 444444; font: 8pt Verdana; color: white; submit BORDER: buttonhighlight 2px outset; BACKGROUND-COLOR:...

SlimarUSER Management 1.0 - id SQL Injection

SlimarUSER Management 1.0 - id SQL Injection Exploit Title: SlimarUSER Management v1.0 – 'id' Parameter SQL Injection Date: 03.02.2017 Vendor Homepage: http://slimar.org Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits Overview...

Itech Movie Portal Script 7.37 - SQL Injection

Itech Movie Portal Script 7.37 - SQL Injection Exploit Title: Itech Movie Portal Script v7.37 - SQL Injection Google Dork: N/A Date: 02.02.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://itechscripts.com/movie-portal-script/ Demo: http://movie-portal.itechscripts.com Version:...

Itech Travel Portal Script 9.35 - SQL Injection

Itech Travel Portal Script 9.35 - SQL Injection Exploit Title: Itech Travel Portal Script v9.35 - SQL Injection Google Dork: N/A Date: 02.02.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://www.itechscripts.com/travel-portal-script/ Demo: http://travel.itechscripts.com/ Version...

Itech Inventory Management Software 3.77 - SQL Injection

Itech Inventory Management Software 3.77 - SQL Injection Exploit Title: Itech Inventory Management Software v3.77 - SQL Injection Google Dork: N/A Date: 02.02.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://www.itechscripts.com/inventory-management-software/ Demo:...

WordPress 4.7.04.7.1 - Content Injection (Ruby)

WordPress 4.7.04.7.1 - Content Injection Ruby Exploit Title: WP Content Injection Date: 31 Jan' 2017 Exploit Author: Harsh Jaiswal Vendor Homepage: http://wordpress.org Version: Wordpress 4.7 - 4.7.1 Patched in 4.7.2 Tested on: Backbox ubuntu Linux Based on...

WordPress 4.7.04.7.1 - Content Injection (Python)

WordPress 4.7.04.7.1 - Content Injection Python 2017 - @leonjza Wordpress 4.7.0/4.7.1 Unauthenticated Content Injection PoC Full bug description: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html Usage example: List available posts: $ python inject.py...

Property Listing Script - propid Blind SQL Injection

Property Listing Script - propid Blind SQL Injection Exploit Title: Property Listing Script – Time-Based Blind Injection Date: 02.02.2017 Vendor Homepage: http://phprealestatescript.org/ Software Link: http://phprealestatescript.org/property-listing-script.html Exploit Author: Kaan KAMIS Contact:...

Itech Auction Script 6.49 - pid SQL Injection

Itech Auction Script 6.49 - pid SQL Injection Exploit Title: Itech Auction Script v6.49 – 'pid' Parameter SQL Injection Google Dork: N/A Date: 02.02.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://itechscripts.com/auction-script/ Demo: http://auction.itechscripts.com/ Version:...

Ghostscript 9.20 - Filename Command Execution

Ghostscript 9.20 - Filename Command Execution + + Credits: John Page AKA hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/GHOSTSCRIPT-FILENAME-COMMAND-EXECUTION.txt + ISR: ApparitionSec + Vendor: =============== ghostscript.com Product:...

Itech News Portal Script 6.28 - sc SQL Injection

Itech News Portal Script 6.28 - sc SQL Injection Exploit Title: Itech News Portal Script v6.28 - 'sc' Parameter SQL Injection Google Dork: N/A Date: 02.02.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://itechscripts.com/news-portal-script/ Demo:...

Google Android - rkp_set_init_page_ro RKP Memory Corruption

Google Android - rkpsetinitpagero RKP Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=984 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the...

LogoStore - query SQL Injection

LogoStore - query SQL Injection Exploit Title: LogoStore - SQL Injection Date: 27.01.2017 Software Link: https://codecanyon.net/item/logostore-buy-and-sell-logos-online/19379630 Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web Application Exploits...

Google Android - RKP EL1 Code Loading Bypass

Google Android - RKP EL1 Code Loading Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=981 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure that the HLOS kernel...

Apple WebKit - HTMLKeygenElement Type Confusion

Apple WebKit - HTMLKeygenElement Type Confusion var range = document.caretRangeFromPoint50, 50; var shadowtreecontainer = range.commonAncestorContainer; shadowtreecontainer.prepend"foo"; keygenelement.disabled = true;...

QNAP NVRNAS Devices - Buffer Overflow (PoC)

QNAP NVRNAS Devices - Buffer Overflow PoC Device Model: QNAP VioStor NVR, QNAP NAS, Fujitsu Celvin NAS May be additional re-branded Attack Vector: Remote Attack Models: 1. Classic Heap Overflows 2. Classic Stack Overflow 3. Heap Feng Shui Overflow 4. "Heack Combo" Heap / Stack Combination Overflo...

Google Android - RKP Information Disclosure via s2-remapping Physical Ranges

Google Android - RKP Information Disclosure via s2-remapping Physical Ranges Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=982 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant...

Google Android - cfp_ropp_new_key_reenc cfp_ropp_new_key RKP Memory Corruption

Google Android - cfproppnewkeyreenc cfproppnewkey RKP Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=979 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to...

Microsoft Windows 10 - SMBv3 Tree Connect (PoC)

Microsoft Windows 10 - SMBv3 Tree Connect PoC Full Proof of Concept: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/41222.zip import sys, struct, SocketServer from odict import OrderedDict from datetime import datetime from calendar import timegm class Packet:...

Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation

Google Android - Unprotected MSRs in EL1 RKP Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=980 As part of Samsung KNOX, Samsung phones include a security hypervisor called RKP Real-time Kernel Protection, running in EL2. This hypervisor is meant to ensure...

Google Chrome - HTMLKeygenElement::shadowSelect() Type Confusion

Google Chrome - HTMLKeygenElement::shadowSelect Type Confusion var range = document.caretRangeFromPoint50, 50; var shadowtreecontainer = range.commonAncestorContainer; shadowtreecontainer.prepend"foo"; keygenelement.disabled = true;...

Apple WebKit - HTMLFormElement::reset() Use-After Free

Apple WebKit - HTMLFormElement::reset Use-After Free function go output.value = "aaa"; output.appendChildinserteddiv; document.getElementById"output".addEventListener'DOMSubtreeModified', function forvar i=0; i foo associatedElement downcastassociatedElement.reset; The issue is that while...

Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled

Apple WebKit - Type Confusion in RenderBox with Accessibility Enabled function boom m.append"aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"; m.setAttribute"aria-labeledby", "t"; d.open = false; foo firstChild; The function expects that the first child is going to be of type...

Billion TrueOnline ZyXEL Routers - Multiple Vulnerabilities

Billion TrueOnline ZyXEL Routers - Multiple Vulnerabilities Multiple vulnerabilities in TrueOnline / ZyXEL / Billion routers Discovered by Pedro Ribeiro [email protected], Agile Information Security ========================================================================== Disclosure: 26/12/2016 /...

Netman 204 - Backdoor Account Password Reset

Netman 204 - Backdoor Account Password Reset Exploit Title: Netman 204 Backdoor and weak password recovery function Google Dork: intitle:"Netman 204 login" Date: 31st Jan 2017 Exploit Author: Simon Gurney Vendor Homepage: blog.synack.co.uk Software Link:...

AlienVault OSSIMUSM 5.3.1 - Remote Code Execution (Metasploit)

AlienVault OSSIMUSM 5.3.1 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule "AlienVault OSSIM/USM Remote Code Execution", 'Description' = %q Th...

Viscosity 1.6.7 - Local Privilege Escalation

Viscosity 1.6.7 - Local Privilege Escalation Exploit Title: Viscosity for Windows 1.6.7 Privilege Escalation Date: 31.01.2017 Software Link: https://www.sparklabs.com/ Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: local 1...

WinAxePlus-8.7

WinAxe server is prone to a remote buffer overflow that could allow a malicious suer to execute arbitrary code in the context of the affected application. The exploit has been tested in Windows platforms and currently there is no fix or patch available for this program. Exploit Title: WinaXe Plus...

Itech Classifieds Script 7.27 - SQL Injection

Itech Classifieds Script 7.27 - SQL Injection Exploit Title: Itech Classifieds Script v7.27 - 'pid' Parameter SQL Injection Google Dork: N/A Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://itechscripts.com/classifieds-script/ Demo:...

NETGEAR Routers - Password Disclosure

NETGEAR Routers - Password Disclosure Trustwave SpiderLabs Security Advisory TWSL2017-003: Multiple Vulnerabilities in NETGEAR Routers Published: 01/30/2017 Version: 1.0 Vendor: NETGEAR http://www.netgear.com/ Product: Multiple products Finding 1: Remote and Local Password Disclosure Credit: Simo...

Caregiver Script 2.57 - SQL Injection

Caregiver Script 2.57 - SQL Injection Exploit Title: Caregiver Script v2.57 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/caregiver-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Categor...

Itech Real Estate Script 3.12 - id SQL Injection

Itech Real Estate Script 3.12 - id SQL Injection Exploit Title: Itech Real Estate Script v3.12 - 'id' Parameter SQL Injection Google Dork: N/A Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://itechscripts.com/real-estate-script/ Demo:...

PHP Product Designer Script - Arbitrary File Upload

PHP Product Designer Script - Arbitrary File Upload Exploit Title: PHP Product Designer Script - Arbitrary File Upload Google Dork: N/A Date: 30.01.2017 Vendor Homepage: https://codecanyon.net/item/php-product-designer/19334412 Software Buy: https://codecanyon.net/item/php-product-designer/193344...

Itech Multi Vendor Script 6.49 - pl SQL Injection

Itech Multi Vendor Script 6.49 - pl SQL Injection Exploit Title: Itech Multi Vendor Script 6.49 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/multi-vendor-shopping-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom...

Itech B2B Script 4.28 - SQL Injection

Itech B2B Script 4.28 - SQL Injection Exploit Title: Itech B2B Script v4.28 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/b2b-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website: http://k2an.com Category: Web...

Itech Dating Script 3.26 - send_gift.php SQL Injection

Itech Dating Script 3.26 - sendgift.php SQL Injection Exploit Title: Itech Dating Script v3.26 - 'sendgift.php' SQL Injection Google Dork: N/A Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Buy: http://itechscripts.com/dating-script/ Demo: http://dating.itechscripts.com/...

Itech News Portal Script 6.28 - inf SQL Injection

Itech News Portal Script 6.28 - inf SQL Injection Exploit Title: Itech News Portal Script v6.28 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/news-portal-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website:...

Itech Auction Script 6.49 - mcid SQL Injection

Itech Auction Script 6.49 - mcid SQL Injection Exploit Title: Itech Auction Script v6.49 – SQL Injection Date: 30.01.2017 Vendor Homepage: http://itechscripts.com/ Software Link: http://itechscripts.com/auction-script/ Exploit Author: Kaan KAMIS Contact: iletisimatk2andotcom Website:...