WordPress Plugin Google Review Slider 6.1 - tid SQL Injection

WordPress Plugin Google Review Slider 6.1 - tid SQL Injection Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/" Date: 2019-07-02 Exploit Author: Princy Edward Exploit Author Blog :...

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow (SEH)

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow SEH Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Buffer OverFlow SEH Google Dork: N/A Date: 2019-10-30 Exploit Author: Doan Nguyen 4ll4u Vendor Homepage:https://www.alloksoft.com/ Software Link:...

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning

MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Exploit Title: MikroTik RouterOS 6.45.6 - DNS Cache Poisoning Date: 2019-10-30 Exploit Author: Jacob Baines Vendor Homepage: https://mikrotik.com/ Software Link: https://mikrotik.com/download Version: 6.45.6 Stable and below or 6.44.5 Long-term and...

Citrix StoreFront Server 7.15 - XML External Entity Injection

Citrix StoreFront Server 7.15 - XML External Entity Injection Exploit Title: Citrix StoreFront Server 7.15 - XML External Entity Injection Date: 2019-08-28 Exploit Author: Vahagn Vardanya Vendor Homepage:https://www.citrix.com/downloads/storefront/ Software Link:...

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service

WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service Exploit Title: WMV to AVI MPEG DVD WMV Convertor 4.6.1217 - Denial of Service Date: 2019-10-30 Vendor Homepage:https://www.alloksoft.com/ Software Link: https://www.alloksoft.com/wmv.htm Exploit Author: Nithoshitha S Tested Version:...

Ajenti 2.1.31 - Remote Code Exection (Metasploit)

Ajenti 2.1.31 - Remote Code Exection Metasploit Exploit Title: Ajenti 2.1.31 - Remote Code Exection Metasploit Date: 2019-10-29 Exploit Author: Onur ER Vendor Homepage: http://ajenti.org/ Software Link: https://github.com/ajenti/ajenti Version: 2.1.31 Tested on: Ubuntu 19.10 This module requires...

JavaScriptCore - GetterSetter Type Confusion During DFG Compilation

JavaScriptCore - GetterSetter Type Confusion During DFG Compilation The following JavaScript program, found by Fuzzilli and slightly modified, crashes JavaScriptCore built from HEAD and the current stable release /System/Library/Frameworks/JavaScriptCore.framework/Resources/jsc: let...

iSeeQ Hybrid DVR WH-H4 2.0.0.P - (get_jpeg) Stream Disclosure

iSeeQ Hybrid DVR WH-H4 2.0.0.P - getjpeg Stream Disclosure Title: iSeeQ Hybrid DVR WH-H4 2.0.0.P - getjpeg Stream Disclosure Date: 2019-10-29 Author: LiquidWorm Vendor:iSeeQ Link: http://www.iseeq.co.kr CVE: N/A !/bin/bash iSeeQ Hybrid DVR WH-H4 1.03R / 2.0.0.P getjpeg Stream Disclosure Vendor:...

Microsoft Windows Server 2012 - Group Policy Security Feature Bypass

Microsoft Windows Server 2012 - Group Policy Security Feature Bypass Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R...

Win10 MailCarrier 2.51 - POP3 User Remote Buffer Overflow

Win10 MailCarrier 2.51 - POP3 User Remote Buffer Overflow Exploit Title: Win10 MailCarrier 2.51 - 'POP3 User' Remote Buffer Overflow Date: 2019-10-01 Author: Lance Biggerstaff Original Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Tested...

Intelligent Security System SecurOS Enterprise 10.2 - SecurosCtrlService Unquoted Service Path

Intelligent Security System SecurOS Enterprise 10.2 - SecurosCtrlService Unquoted Service Path Exploit Title: Intelligent Security System SecurOS Enterprise 10.2 - 'SecurosCtrlService' Unquoted Service Path Discovery Date: 2019-10-28 Exploit Author: Alberto Vargas Vendor Homepage:...

Microsoft Windows Server 2012 - Group Policy Remote Code Execution

Microsoft Windows Server 2012 - Group Policy Remote Code Execution Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Remote Code Execution Date: 2019-10-28 Exploit Author: Thomas Zuk Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2,...

rConfig 3.9.2 - Remote Code Execution

rConfig 3.9.2 - Remote Code Execution Exploit Title: rConfig 3.9.2 - Remote Code Execution Date: 2019-09-18 Exploit Author: Askar Vendor Homepage: https://rconfig.com/ Software link: https://rconfig.com/download Version: v3.9.2 Tested on: CentOS 7.7 / PHP 7.2.22 CVE : CVE-2019-16662...

WordPress Core 5.2.4 - Cross-Origin Resource Sharing

WordPress Core 5.2.4 - Cross-Origin Resource Sharing Exploit Title: Wordpress 5.2.4 - Cross-Origin Resource Sharing Date: 2019-10-28 Exploit Author: Milad Khoshdel Software Link: https://wordpress.org/download/ Version: Wordpress 5.2.4 Tested on: Linux Apache/2 PHP/7.2 Vulnerable Page:...

ChaosPro 2.0 - Buffer Overflow (SEH)

ChaosPro 2.0 - Buffer Overflow SEH Exploit Title: ChaosPro 2.0 - Buffer Overflow SEH Date: 2019-10-27 Exploit Author: Chase Hatch SYANiDE Vendor Homepage: http://www.chaospro.de/ Software link: http://www.chaospro.de/cpro20.zip Version: 2.0 Tested on: Windows XP Pro OEM !/usr/bin/env python2 impo...

PHP-FPM + Nginx - Remote Code Execution

PHP-FPM + Nginx - Remote Code Execution PHuiP-FPizdaM What's this This is an exploit for a bug in php-fpm CVE-2019-11043. In certain nginx + php-fpm configurations, the bug is possible to trigger from the outside. This means that a web user may get code execution if you have vulnerable config see...

delpino73 Blue-Smiley-Organizer 1.32 - datetime SQL Injection

delpino73 Blue-Smiley-Organizer 1.32 - datetime SQL Injection Exploit Title: delpino73 Blue-Smiley-Organizer 1.32 - 'datetime' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: https://github.com/delpino73/Blue-Smiley-Organizer Software Link:...

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed

WebKit - Universal XSS in HTMLFrameElementBase::isURLAllowed VULNERABILITY DETAILS HTMLFrameElementBase.cpp: bool HTMLFrameElementBase::isURLAllowed const if mURL.isEmpty // 4 return true; return isURLAlloweddocument.completeURLmURL; bool HTMLFrameElementBase::isURLAllowedconst URL& completeURL...

Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery

Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Exploit Title: Intelbras Router WRN150 1.0.18 - Cross-Site Request Forgery Date: 2019-10-25 Exploit Author: Prof. Joas Antonio Vendor Homepage: https://www.intelbras.com/pt-br/ Software Link: http://en.intelbras.com.br/node/25896 Version...

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - start SQL Injection

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - start SQL Injection Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'start' SQL Injection Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Link:...

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - description Cross-Site Scripting

waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - description Cross-Site Scripting Exploit Title: waldronmatt FullCalendar-BS4-PHP-MySQL-JSON 1.21 - 'description' Cross-Site Scripting Date: 2019-10-28 Exploit Author: Cakes Vendor Homepage: waldronmatt/FullCalendar-BS4-PHP-MySQL-JSON Software Lin...

JumpStart 0.6.0.0 - jswpbapi Unquoted Service Path

JumpStart 0.6.0.0 - jswpbapi Unquoted Service Path Exploit Title: JumpStart 0.6.0.0 - 'jswpbapi' Unquoted Service Path Google Dork: N/A Date: 2019-09-09 Exploit Author: Roberto Escamilla Vendor Homepage:https://www.inforprograma.net/ Software Link: https://www.inforprograma.net/ Version: = 0.6.0....

Part-DB 0.4 - Authentication Bypass

Part-DB 0.4 - Authentication Bypass Exploit Title: Part-DB 0.4 - Authentication Bypass Date: 2019-10-26 Author: Marvoloo Vendor Homepage: https://github.com/Part-DB/Part-DB/ Software Link: https://github.com/Part-DB/Part-DB/archive/master.zip Version: 0.4 Tested on: Linux CVE : N/A Discription:...

ClonOs WEB UI 19.09 - Improper Access Control

ClonOs WEB UI 19.09 - Improper Access Control Exploit Title: ClonOs WEB UI 19.09 - Improper Access Control Date: 2019-10-19 Exploit Author: İbrahim Hakan Şeker Vendor Homepage: https://clonos.tekroutine.com/ Software Link: https://github.com/clonos/control-pane Version: 19.09 Tested on: ClonOs CV...

WordPress Plugin Sliced Invoices 3.8.2 - post SQL Injection

WordPress Plugin Sliced Invoices 3.8.2 - post SQL Injection Exploit Title: Wordpress Sliced Invoices 3.8.2 - 'post' SQL Injection Date: 2019-10-22 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage:...

AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control

AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - Incorrect Access Control Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions...

AUO SunVeillance Monitoring System 1.1.9e - MailAdd SQL Injection

AUO SunVeillance Monitoring System 1.1.9e - MailAdd SQL Injection Exploit Title: AUO SunVeillance Monitoring System 1.1.9e - 'MailAdd' SQL Injection Date: 2019-10-24 Exploit Author: Luca.Chiou Vendor Homepage: https://www.auo.com/zh-TW Version: AUO SunVeillance Monitoring System all versions prio...

Rocket.Chat 2.1.0 - Cross-Site Scripting

Rocket.Chat 2.1.0 - Cross-Site Scripting Title: Rocket.Chat 2.1.0 - Cross-Site Scripting Author: 3H34N Date: 2019-10-22 Product: Rocket.Chat Vendor: https://rocket.chat/ Vulnerable Versions: Rocket.Chat 2. Open a chat session 3. Send payload with your web server url 4. Token will be written in...

IObit Uninstaller 9.1.0.8 - IObitUnSvr Unquoted Service Path

IObit Uninstaller 9.1.0.8 - IObitUnSvr Unquoted Service Path Title: IObit Uninstaller 9.1.0.8 - 'IObitUnSvr' Unquoted Service Path Author: Sainadh Jamalpur Date: 2019-10-22 Vendor Homepage: https://www.iobit.com Software Link: https://www.iobit.com/en/advanceduninstaller.php Version : 9.1.0.8...

Joomla! 3.4.6 - Remote Code Execution (Metasploit)

Joomla! 3.4.6 - Remote Code Execution Metasploit Exploit Title: Joomla! 3.4.6 - Remote Code Execution Metasploit Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0...

Moxa EDR-810 - Command Injection Information Disclosure

Moxa EDR-810 - Command Injection Information Disclosure During an engagement for a client, RandoriSec found 2 vulnerabilities on Moxa EDR-810 Series Secure Routers. The first one is a command injection vulnerability found on the CLI allowing an authenticated user to obtain root privileges. And th...

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream 2 We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 7f2c.8be8: Access violation - code...

winrar 5.80 64bit - Denial of Service

winrar 5.80 64bit - Denial of Service Exploit Title: winrar 5.80 64bit - Denial of Service Date: 2019-10-19 Exploit Author: alblalawi Vendor Homepage: https://win-rar.com/fileadmin/winrar-versions/winrar-x64-58b2.exe Version: 5.80 Tested on: Microsoft Windows Version 10.0.18362.418 64bit 1- open...

Solaris 11.4 - xscreensaver Privilege Escalation

Solaris 11.4 - xscreensaver Privilege Escalation @Mediaservice.net Security Advisory 2019-02 last updated on 2019-10-16 Title: Local privilege escalation on Solaris 11.x via xscreensaver Application: Jamie Zawinski's xscreensaver 5.39 distributed with Solaris 11.4 Jamie Zawinski's xscreensaver 5....

Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution

Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Exploit Title: Trend Micro Anti-Threat Toolkit 1.62.0.1218 - Remote Code Execution Date: 2019-10-19 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: 1.62.0.1218 and below Tested on: Microsoft Windows CVE: N/...

Joomla! 3.4.6 - Remote Code Execution

Joomla! 3.4.6 - Remote Code Execution Exploit Title: Joomla! 3.4.6 - Remote Code Execution Google Dork: N/A Date: 2019-10-02 Exploit Author: Alessandro Groppo Vendor Homepage: https//www.joomla.it/ Software Link: https://downloads.joomla.org/it/cms/joomla3/3-4-6 Version: 3.0.0 -- 3.4.6 Tested on:...

WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting

WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting Exploit Title: Wordpress FooGallery 1.8.12 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\foogallery" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://foo.gallery/ Software Link:...

BlackMoon FTP Server 3.1.2.1731 - BMFTP-RELEASE Unquoted Serive Path

BlackMoon FTP Server 3.1.2.1731 - BMFTP-RELEASE Unquoted Serive Path Exploit Title: BlackMoon FTP Server 3.1.2.1731 - 'BMFTP-RELEASE' Unquoted Serive Path Exploit Author: Debashis Pal Date: 2019-10-17 Vendor : Blackmoonftpserver Source:...

Web Companion versions 5.1.1035.1047 - WCAssistantService Unquoted Service Path

Web Companion versions 5.1.1035.1047 - WCAssistantService Unquoted Service Path Exploit Title: Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path Exploit Author: Debashis Pal Date: 2019-10-17 Vendor Homepage : https://webcompanion.com Source: https://webcompanion.co...

ThinVNC 1.0b1 - Authentication Bypass

ThinVNC 1.0b1 - Authentication Bypass Exploit Title: ThinVNC 1.0b1 - Authentication Bypass Date: 2019-10-17 Exploit Author: Nikhith Tumamlapalli Contributor WarMarX Vendor Homepage: https://sourceforge.net/projects/thinvnc/ Software Link:...

Restaurant Management System 1.0 - Remote Code Execution

Restaurant Management System 1.0 - Remote Code Execution Exploit Title: Restaurant Management System 1.0 - Remote Code Execution Date: 2019-10-16 Exploit Author: Ibad Shah Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link:...

WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting

WordPress Plugin Popup Builder 3.49 - Persistent Cross-Site Scripting Exploit Title: Wordpress Popup Builder 3.49 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\popupbuilder" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://popup-builder.com/ Software...

WorkgroupMail 7.5.1 - WorkgroupMail Unquoted Service Path

WorkgroupMail 7.5.1 - WorkgroupMail Unquoted Service Path Exploit Title : WorkgroupMail 7.5.1 - 'WorkgroupMail' Unquoted Service Path Date : 2019-10-15 Exploit Author : Cakes Vendor: Softalk Version : 7.5.1 Software: http://html.tucows.com/preview/195580/WorkgroupMail-Mail-Server?q=pop3 Tested on...

WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting

WordPress Plugin Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Exploit Title: Wordpress Soliloquy Lite 2.5.6 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\soliloquy-lite" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage: https://soliloquywp.com/ Softwa...

Accounts Accounting 7.02 - Persistent Cross-Site Scripting

Accounts Accounting 7.02 - Persistent Cross-Site Scripting Exploit Title: Express Accounts Accounting 7.02 - Persistent Cross-Site Scripting Exploit Author: Debashis Pal Date: 2019-10-16 Vendor Homepage: https://www.nchsoftware.com Source: https://www.nchsoftware.com/accounting/index.html Version...

Lavasoft 2.3.4.7 - LavasoftTcpService Unquoted Service Path

Lavasoft 2.3.4.7 - LavasoftTcpService Unquoted Service Path Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path Author: Luis MedinaL Date: 2019-10-15 Vendor Homepage: https://www.adaware.com/ Software Link : https://www.adaware.com/antivirus Version : 2.3.4.7 Tested on: Microsoft Window...

LiteManager 4.5.0 - romservice Unquoted Serive Path

LiteManager 4.5.0 - romservice Unquoted Serive Path Exploit Title : LiteManager 4.5.0 - 'romservice' Unquoted Serive Path Date : 2019-10-15 Exploit Author : Cakes Vendor: LiteManager Team Version : LiteManager 4.5.0 Software: http://html.tucows.com/preview/1594042/LiteManager-Free?q=remote+suppor...

Solaris xscreensaver 11.4 - Privilege Escalation

Solaris xscreensaver 11.4 - Privilege Escalation Exploit Title: Solaris xscreensaver 11.4 - Privilege Escalation Date: 2019-10-16 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.oracle.com/technetwork/server-storage/solaris11/ Version: Solaris 11.x Tested on: Solaris 11.4 and 11.3 X86...

Whatsapp 2.19.216 - Remote Code Execution

Whatsapp 2.19.216 - Remote Code Execution Exploit Title: Whatsapp 2.19.216 - Remote Code Execution Date: 2019-10-16 Exploit Author: Valerio Brussani @valbrux Vendor Homepage: https://www.whatsapp.com/ Version: include include include typedef uint8t byte; char gadgetp; void libc, lib; //dls...

Mikogo 5.2.2.150317 - Mikogo-Service Unquoted Serive Path

Mikogo 5.2.2.150317 - Mikogo-Service Unquoted Serive Path Exploit Title : Mikogo 5.2.2.150317 - 'Mikogo-Service' Unquoted Serive Path Date : 2019-10-15 Exploit Author : Cakes Vendor: LiteManager Team Version : LiteManager 4.5.0 Software: http://html.tucows.com/preview/518015/Mikogo?q=remote+suppo...