Alibaba Clone B2B Script - Arbitrary File Disclosure

Alibaba Clone B2B Script - Arbitrary File Disclosure Exploit Title: Alibaba Clone B2B Script File Read Vulnerability Date: 2016-06-22 Exploit Author: Meisam Monsef [email protected] or [email protected] Vendor Homepage: http://alibaba-clone.com/ Version: All Versions Tested on: CentOS and...

Microsoft Internet Explorer 11 (Windows 10) - VBScript Memory Corruption (MS16-051)

Microsoft Internet Explorer 11 Windows 10 - VBScript Memory Corruption MS16-051 Source: https://github.com/theori-io/cve-2016-0189 CVE-2016-0189 Proof-of-Concept exploit for CVE-2016-0189 VBScript Memory Corruption in IE11 Tested on Windows 10 IE11. Write-up http://theori.io/research/cve-2016-018...

PCMan FTP Server 2.0.7 - ls Remote Buffer Overflow (Metasploit)

PCMan FTP Server 2.0.7 - ls Remote Buffer Overflow Metasploit =begin Exploit Title: WordPress Shopping Cart 3.0.4 Unrestricted File Upload Date: 22-06-2016 Software Link: https://www.exploit-db.com/apps/9fceb6fefd0f3ca1a8c36e97b6cc925d-PCMan.7z Exploit Author: quanyechavshuo Contact:...

Wolf CMS 0.8.2 - Arbitrary File Upload (Metasploit)

Wolf CMS 0.8.2 - Arbitrary File Upload Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Wolfcms 0.8.2 Arbitrary PHP File Upload Vulnerability', 'Description' = %q Th...

Banshee 2.6.2 - .mp3 Crash (PoC)

Banshee 2.6.2 - .mp3 Crash PoC ''' Title: ==== Banshee 2.6.2 Local Buffer Overflow Vulnerability Credit: ====== Name: Ilca Lucian Contact: [email protected] [email protected] CVE: ===== Unknown for moment Product: ======= Play your music and videos. Keep up with your podcasts and Internet...

DarkComet Server - Arbitrary File Download (Metasploit)

DarkComet Server - Arbitrary File Download Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'DarkComet Server Remote File Download Exploit', 'Description' = %q This...

Linux Kernel - ecryptfs proc$pidenviron Local Privilege Escalation

Linux Kernel - ecryptfs proc$pidenviron Local Privilege Escalation Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=836 Stacking filesystems, including ecryptfs, protect themselves against deep nesting, which would lead to kernel stack overflow, by tracking the recursion depth of...

Microsoft Windows - Custom Font Disable Policy Bypass

Microsoft Windows - Custom Font Disable Policy Bypass Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=779 Windows: Custom Font Disable Policy Bypass Platform: Windows 10 Only Class: Security Feature Bypass Summary: It’s possible to bypass the ProcessFontDisablePolicy check in...

YetiForce CRM 3.1 - Persistent Cross-Site Scripting

YetiForce CRM 3.1 - Persistent Cross-Site Scripting Exploit Title: YetiForce CRM Accounts' select your prefered user, and then in the 'Comments' section input; Either refresh the current page, or navigate back to 'Accounts'...

Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion (MS16-063)

Microsoft Internet Explorer 11 - Garbage Collector Attribute Type Confusion MS16-063 !-- CVE-2016-0199 / MS16-063: MSIE 11 garbage collector attribute type confusion ============================================================================ This information is available in an easier to read...

SAP NetWeaver AS JAVA 7.1 7.5 - ctcprotocol Servlet XML External Entity

SAP NetWeaver AS JAVA 7.1 7.5 - ctcprotocol Servlet XML External Entity Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: XXE Sent: 20.10.2015 Reported: 21.10.2015 Vendor response: 21.10.2015 Date of Public Advisory: 08.03.2016...

Joomla! Component com_publisher - SQL Injection

Joomla! Component compublisher - SQL Injection Exploit Title: Joomla compublisher component SQL Injection vulnerability Exploit Author: s0nk3y Date: 21-06-2016 Software Link: http://extensions.joomla.org/extension/publisher-pro Category: webapps Version: All Tested on: Ubuntu 16.04 1. Description...

Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: Radiant CMS 1.1.3 - Mutiple Persistant XSS Vulnerabilities Exploit Author: David Silveiro Exploit Author Github: github.com/davidsilveiro Exploit Author Twitter: twitter.com/davidsilveiro Vendor Homepage:...

SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal

SAP NetWeaver AS JAVA 7.1 7.5 - Directory Traversal Application: SAP NetWeaver AS JAVA Versions Affected: SAP NetWeaver AS JAVA 7.1 - 7.5 Vendor URL: http://SAP.com Bug: Directory traversal Sent: 29.09.2015 Reported: 29.09.2015 Vendor response: 30.09.2015 Date of Public Advisory: 08.03.2016...

IonizeCMS 1.0.8 - Cross-Site Request Forgery (Add Admin)

IonizeCMS 1.0.8 - Cross-Site Request Forgery Add Admin document.forms0.submit;...

Yona CMS - Cross-Site Request Forgery

Yona CMS - Cross-Site Request Forgery document.forms0.submit;...

Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds ReadsMemory Disclosure (MS16-074)

Microsoft Windows - gdi32.dll Multiple DIB-Related EMF Record Handlers Heap Out-of-Bounds ReadsMemory Disclosure MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=757 As clearly visible in the EMF Enhanced Metafile image format specification MS-EMF, there are multiple...

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption (MS16-074)

Microsoft Windows Kernel - ATMFD.dll NamedEscape 0x250C Pool Corruption MS16-074 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=785 The Adobe Type Manager Font Driver ATMFD.DLL responsible for handling PostScript and OpenType fonts in the Windows kernel provides a channel of...

WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation

WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation /Functions/UpdateAdmin-Databases.php file. Remote attackers are able to request crafted data of the POST method request with the vulnerable ´accesrole´ parameter. The security risk of the privilege scalation web vulnerability ...

Joomla! Component com_bt_media 1.0 - SQL Injection

Joomla! Component combtmedia 1.0 - SQL Injection Exploit Title : Joomla combtmedia - SQL Injection Exploit Author : Persian Hack Team Vendor Homepage : http://extensions.joomla.org/extension/bt-media-gallery Category: Webapps Tested on: Win Version: 1.0 Date: 2016/06/19 PoC: categories0= Paramete...

ACROS Security 0patch 2016.05.19.539 - 0PatchServicex64.exe Unquoted Service Path Privilege Escalation

ACROS Security 0patch 2016.05.19.539 - 0PatchServicex64.exe Unquoted Service Path Privilege Escalation ACROS Security 0patch 0PatchServicex64.exe Unquoted Service Path Privilege Escalation Vendor: ACROS, d.o.o. Product web page: https://www.0patch.com Affected version: 2016.05.19.539 Summary:...

Tomabo MP4 Player 3.11.6 - Local Stack Overflow (SEH) (Metasploit)

Tomabo MP4 Player 3.11.6 - Local Stack Overflow SEH Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Tomabo M3U SEH Based Stack Buffer Overflow', 'Description' = %q...

WordPress Plugin Premium SEO Pack 1.9.1.3 - wp_options Overwrite

WordPress Plugin Premium SEO Pack 1.9.1.3 - wpoptions Overwrite Vendor Homepage: http://aa-team.com/ Software Link: http://codecanyon.net/item/premium-seo-pack-wordpress-plugin/6109437?srank=2 Version: 1.9.1.3 Tested on: Debian 8, PHP 5.6.17-3 Type: Authenticated customer, subscriber wpoptions...

sNews CMS 1.7.1 - Multiple Vulnerabilities

sNews CMS 1.7.1 - Multiple Vulnerabilities + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SNEWS-RCE-CSRF-XSS.txt + ISR: APPARITIONSEC Vendor: ============ snewscms.com Product: ================ sNews CMS v1.7.1 Vulnerability Type:...

Symphony CMS 2.6.7 - Session Fixation

Symphony CMS 2.6.7 - Session Fixation + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/SYMPHONY-CMS-SESSION-FIXATION.txt + ISR: APPARITIONSEC Vendor: ==================== www.getsymphony.com Product: ==================...

Airia - Arbitrary File Upload

Airia - Arbitrary File Upload Exploit Title: Airia - Webshell Upload Vulnerability Date: 2016-06-20 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ytyng.com Software Link: https://github.com/ytyng/airia/archive/master.zip Version: Latest commit Tested on: Debia...

Airia - Cross-Site Request Forgery (Add Content)

Airia - Cross-Site Request Forgery Add Content document.forms.csrfpoc.submit;...

phpATM 1.32 (Windows) - Arbitrary File Upload Remote Command Execution

phpATM 1.32 Windows - Arbitrary File Upload Remote Command Execution ?php / Exploit Title : "phpATM = 1.32 Remote Command Execution Shell Upload on Windows Servers" Date : 17/06/2016 Author : Paolo Massenio - pmassenioATgmail Vendor : phpATM - http://phpatm.org/ Version : = 1.32 Tested on : Windo...

phpATM 1.32 - Multiple Vulnerabilities

phpATM 1.32 - Multiple Vulnerabilities !-- Exploit Title : "phpATM = 1.32 Multiple CSRF Vulnerabilities & Full Path Disclosure Vulnerability" Date : 17/06/2016 Author : Paolo Massenio - pmassenioATgmail Vendor : phpATM - http://phpatm.org/ Version : = 1.32 Tested on : Windows 10 with XAMPP 1 CSRF...

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload

WordPress Plugin Gravity Forms 1.8.19 - Arbitrary File Upload an Exploiter by AnonGuy\n"; $domain = @$argv1 == '' ? 'http://localhost/wordpress' : @$argv1; $url = "$domain/?gfpage=upload"; $shell = "$domain/wp-content/input3khan.php5"; $separator =...

Vicidial 2.11 - Scripts Persistent Cross-Site Scripting

Vicidial 2.11 - Scripts Persistent Cross-Site Scripting Exploit Title: Vicidial 2.11 Scripts - Authenticated Stored XSS Date: 0 day Exploit Author: David Silveiro Exploit Author Github: github.com/davidsilveiro Vendor Homepage: http://vicidial.org Software Link:...

ATCOM PBX IP01 IP08 IP4 IP2G4A - Authentication Bypass

ATCOM PBX IP01 IP08 IP4 IP2G4A - Authentication Bypass Title: ATCOM PBX system , auth bypass exploit Author: i-Hmx contact : [email protected] Home : sec4ever.com Tested on : ATCOM IP01 , IP08 , IP4G and ip2G4A Details The mentioned system is affected by auth bypass flaw that allow an attacker to...

Roxy Fileman 1.4.4 - Arbitrary File Upload

Roxy Fileman 1.4.4 - Arbitrary File Upload Exploit Title: Roxy Fileman = 1.4.4 Forbidden File Upload Vulnerability Google Dork: intitle:"Roxy file manager" Date: 15-06-2016 Exploit Author: Tyrell Sassen Vendor Homepage: http://www.roxyfileman.com/ Software Link:...

SlimCMS 0.1 - Cross-Site Request Forgery (Change Admin Password)

SlimCMS 0.1 - Cross-Site Request Forgery Change Admin Password input type="hidden" name="theme" value=...

Blat 3.2.14 - Stack Overflow

Blat 3.2.14 - Stack Overflow 1. Vulnerable Product Version: Blat v3.2.14 Link: blat.net 2. Vulnerability Information Impact: Attacker may gain administrative access / can perform a DOS Remotely Exploitable: No Locally Exploitable: May be possible 3. Product Details An open source Windows 32 & 64...

Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal

Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal Gemalto Sentinel License Manager 18.0.1 Directory Traversal Vulnerability Vendor: Gemalto NV | SafeNet, Inc Product web page: http://www.gemalto.com | http://www.safenet-inc.com Affected version: 18.0.1.55505 Summary: The...

Tiki Wiki CMS Calendar 6.159.11 LTS12.5 LTS14.2 - Remote Code Execution

Tiki Wiki CMS Calendar 6.159.11 LTS12.5 LTS14.2 - Remote Code Execution Exploit Title: Tiki-Calendar-RCE Google Dork: inurl:tiki-calendar.php Date: 2015-12-16 Exploit Author: Dany Ouellet Vendor Homepage: https://tiki.org/article414-Important-Security-Fix-for-all-versions-of-Tiki Software Link:...

SolarWinds Virtualization Manager - Local Privilege Escalation

SolarWinds Virtualization Manager - Local Privilege Escalation Product: Solarwinds Virtualization Manager Vendor: Solarwinds Vulnerable Versions: 6.3.1 Tested Version: 6.3.1 Vendor Notification: April 25th, 2016 Vendor Patch Availability to Customers: June 1st, 2016 Public Disclosure: June 14th,...

Microsoft Windows 7 - win32k Bitmap Use-After-Free (MS16-062) (2)

Microsoft Windows 7 - win32k Bitmap Use-After-Free MS16-062 2 Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=747 The attached PoC crashes 32-bit Windows 7 with special pool enabled on win32k.sys. It might take several runs in order to reproduce. Tested the PoC on a single core...

Joomla! Component com_enmasse 5.1 6.4 - SQL Injection

Joomla! Component comenmasse 5.1 6.4 - SQL Injection Exploit Title: Joomla comenmasse - SQL Injection Author: Hamed Izadi IRAN Vendor Homepage : http://extensions.joomla.org/extensions/extension/social-web/social-buy/en-masse Category: Webapps Tested on: Win Versions: 5.1-6.4 Date: 2016/06/15...

w2wiki - Multiple Cross-Site Scripting Vulnerabilities

w2wiki - Multiple Cross-Site Scripting Vulnerabilities Exploit Title: w2wiki - Multiple XSSStored/Reflected Date: 2016-06-14 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/panicsteve/w2wiki , http://groups.google.com/group/w2wiki Software Link:...

AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation

AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation ---------------------------------------------------------------------------------------------------------- Exploit Title: AdobeUpdateService - Privilege Escalation Unquoted Service Path vulnerability Date: 18/05/2016 Exploi...

Dokeos 2.2.1 - Blind SQL Injection

Dokeos 2.2.1 - Blind SQL Injection Exploit Title: Dokeos Blind SQL Injection Date: 2016-06-14 Exploit Author: Mormoroth Exploit Author Blog: http://ha.cker.ir Vendor Homepage: http://www.dokeos.com/ Software Link: http://jaist.dl.sourceforge.net/project/dokeos/dokeos-2.1.1.zip Version: 2.2.1 Test...

Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities

Hyperoptic Tilgin Router HG23xx - Multiple Vulnerabilities Hyperoptic Tilgin Router HG23xx Multiple XSS And CSRF Vulnerabilities Vendor: Hyperoptic Ltd. | Tilgin AB Product web page: http://www.hyperoptic.com http://www.tilgin.com Affected version: HG2330, HG2302 and HG2301 Summary: Tilgin's HG23...

Google Chrome - GPU Process MailboxManagerImpl Double-Read

Google Chrome - GPU Process MailboxManagerImpl Double-Read Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=780 Several functions in the GPU command buffer service interact with the GPU mailbox manager gpu/commandbuffer/service/mailboxmanagerimpl.cc, passing a reference to shared...

Ultrabenosaurus ChatBoard - Cross-Site Request Forgery (Send Message)

Ultrabenosaurus ChatBoard - Cross-Site Request Forgery Send Message !-- Exploit Title: Ultrabenosaurus ChatBoard - CSRFSend Message Date: 2016-06-14 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ultrabenosaurus.ninja/ Software Link:...

PHPLive 4.4.8 4.5.4 - Password Recovery SQL Injection

PHPLive 4.4.8 4.5.4 - Password Recovery SQL Injection !/bin/env python Exploit title: Password Recovery Sql Injection Exploit Author: Tiago Carvalho Vendor Homepage: http://www.phplivesupport.com/?plk=osicodes-5-ykq-m Version : 4.4.8 - 4.5.4 Product Name: Phplive Tested on: Debian \ Kali linux...

Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting

Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting Exploit Title: Ultrabenosaurus ChatBoard - Stored XSS Date: 2016-06-14 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: http://ultrabenosaurus.ninja/ Software Link:...

jbFileManager - Directory Traversal

jbFileManager - Directory Traversal Exploit Title: jbFileManager - Path Traversalview/add/delete Date: 2016-06-15 Exploit Author: HaHwul Exploit Author Blog: www.hahwul.com Vendor Homepage: https://github.com/ismiranda/jbFileManager Software Link:...

BookingWizz Booking System 5.5 - Multiple Vulnerabilities

BookingWizz Booking System 5.5 - Multiple Vulnerabilities 1. ADVISORY INFORMATION ======================================== Title: BookingWizz Default username/password: admin/pass"; PR2 - Cross Site Scripting ======================================== File : eventList.php // Improper user input...