41207 matches found
WebKit - Universal XSS in WebCore::command
WebKit - Universal XSS in WebCore::command frame = document-frame; if !frame || frame-document != document // 1 return Editor::Command; document-updateStyleIfNeeded; // 2 return frame-editor.commandcommandName, userInterface ? CommandFromDOMWithUserInterface : CommandFromDOM; bool...
WebKit - Universal XSS Using Cached Pages
WebKit - Universal XSS Using Cached Pages VULNERABILITY DETAILS void FrameLoader::detachChildren ... SubframeLoadingDisabler subframeLoadingDisablermframe.document; // 1 Vector, 16 childrenToDetach; childrenToDetach.reserveInitialCapacitymframe.tree.childCount; for Frame child =...
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads
WebKit - UXSS Using JavaScript: URI and Synchronous Page Loads VULNERABILITY DETAILS void DocumentWriter::replaceDocumentconst String& source, Document ownerDocument ... beginmframe-document-url, true, ownerDocument; // 1 // begin might fire an unload event, which will result in a situation where...
TheSystem 1.0 - Command Injection
TheSystem 1.0 - Command Injection Exploit Title: thesystem Command Injection Author: Sadik Cetin Discovery Date: 2019-09-28 Vendor Homepage: https://github.com/kostasmitroglou/thesystem | https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem |...
Cisco Small Business 220 Series - Multiple Vulnerabilities
Cisco Small Business 220 Series - Multiple Vulnerabilities !/usr/bin/python2.7 """ Subject Realtek Managed Switch Controller RTL83xx PoC 2019 bashis https://www.realtek.com/en/products/communications-network-ics/category/managed-switch-controller Brief description 1. Boa/Hydra suffer of exploitab...
GoAhead 2.5.0 - Host Header Injection
GoAhead 2.5.0 - Host Header Injection Exploit Title: GoAhead Web server HTTP Header Injection. Shodan Query: Server: Goahead Discovered Date: 05/07/2019 Exploit Author: Ramikan Vendor Homepage: https://www.embedthis.com/goahead/ Affected Version: 2.5.0 may be others. Tested On Version: 2.5.0 in...
thesystem 1.0 - Cross-Site Scripting
thesystem 1.0 - Cross-Site Scripting Exploit Title: thesystem Persistent XSS Author: Anıl Baran Yelken Discovery Date: 2019-09-28 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10...
vBulletin 5.x - Remote Command Execution (Metasploit)
vBulletin 5.x - Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'vBulletin 5.x 0day pre-quth RCE exploit', 'Description' = %q vBulletin 5.x 0day pre-auth RCE...
phpIPAM 1.4 - SQL Injection
phpIPAM 1.4 - SQL Injection !/usr/bin/env python3 Exploit Title: phpIPAM Custom Field Filter SQL Injection Exploit Announcement Date: September 16, 2019 5:18 AM Exploit Creation Date: September 27, 2019 Exploit Author: Kevin Kirsche Vendor Homepage: https://phpipam.net Software Link:...
PHP 7.1 7.3 - json serializer disable_functions Bypass
PHP 7.1 7.3 - json serializer disablefunctions Bypass = 8; public function str2ptr&$str, $p = 0, $s = 8 $address = 0; for$j = $s-1; $j = 0; $j-- $address = 8; return $out; unable to leak ro segments public function leak1$addr global $spl1; $this-write$this-abc, 8, $addr - 0x10; return...
Mobatek MobaXterm 12.1 - Buffer Overflow (SEH)
Mobatek MobaXterm 12.1 - Buffer Overflow SEH Title: Mobatek MobaXterm 12.1 - Buffer Overflow SEH Author: Xavi Beltran Date: 2019-08-31 Vendor: xavibel.com Vedor Page: https://mobaxterm.mobatek.net/download.html Software Link: https://download.mobatek.net/1112019010310554/MobaXtermPortablev11.1.zi...
InoERP 0.7.2 - Persistent Cross-Site Scripting
InoERP 0.7.2 - Persistent Cross-Site Scripting Exploit Title: InoERP 0.7.2 - Persistent Cross-Site Scripting Google Dork: None Date: 2019-09-14 Exploit Author: strider Vendor: http://inoideas.org/ Software Link: https://github.com/inoerp/inoERP Version: 0.7.2 Tested on: Debian 10 Buster x64 / Kal...
WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting
WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Exploit Title: WordPress Theme Zoner Real Estate - 4.1.1 Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/themes/zoner/ Date: 2019-09-24 Exploit Author: m0ze Vendor Homepage: https://fruitfulcode.com/ Software...
thesystem App 1.0 - server_name SQL Injection
thesystem App 1.0 - servername SQL Injection Exploit Title: thesystem 1.0 - 'servername' SQL Injection Author: Sadik Cetin Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Teste...
thesystem App 1.0 - username SQL Injection
thesystem App 1.0 - username SQL Injection Exploit Title: thesystem App 1.0 - 'username' SQL Injection Author: Anıl Baran Yelken Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0...
thesystem App 1.0 - Persistent Cross-Site Scripting
thesystem App 1.0 - Persistent Cross-Site Scripting Exploit Title: thesystem App 1.0 - Persistent Cross-Site Scripting Author: İsmail Güngör Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested...
V-SOL GPONEPON OLT Platform 2.03 - Unauthenticated Configuration Download
V-SOL GPONEPON OLT Platform 2.03 - Unauthenticated Configuration Download Title: V-SOL GPON/EPON OLT Platform 2.03 - Unauthenticated Configuration Download Date: 2019-09-27 Author: LiquidWorm Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com...
V-SOL GPONEPON OLT Platform 2.03 - Remote Privilege Escalation
V-SOL GPONEPON OLT Platform 2.03 - Remote Privilege Escalation Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Remote Privilege Escalation Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested...
V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery
V-SOL GPONEPON OLT Platform 2.03 - Cross-Site Request Forgery Exploit Title: V-SOL GPON/EPON OLT Platform 2.03 - Cross-Site Request Forgery Author: LiquidWorm Discovery Date: 2019-09-26 Vendor: Guangzhou V-SOLUTION Electronic Technology Co., Ltd. Product web page: https://www.vsolcn.com Tested on...
Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting
Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Exploit Title: Duplicate-Post 3.2.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2019-06-11 Exploit Author: Unk9vvN Vendor Homepage: https://duplicate-post.lopo.it/ Software Link: https://wordpress.org/plugins/duplicate-post/...
all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting
all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting Exploit Title: all-in-one-seo-pack 3.2.7 - Persistent Cross-Site Scripting Google Dork: inurl:"\wp-content\plugins\all-in-one-seo-pack" Date: 2019-06-13 Exploit Author: Unk9vvN Vendor Homepage:...
inoERP 4.15 - download SQL Injection
inoERP 4.15 - download SQL Injection Exploit Title: inoERP 4.15 - 'download' SQL Injection Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: http://inoideas.org/ Version: 4.15 CVE: N/A A malicious query can be sent in base64 encoding to unserialize function. It can be...
Chamillo LMS 1.11.8 - Arbitrary File Upload
Chamillo LMS 1.11.8 - Arbitrary File Upload Exploit Title: Chamillo LMS 1.11.8 - Arbitrary File Upload Google Dork: "powered by chamilo" Date: 2018-10-05 Exploit Author: Sohel Yousef jellyfish security team Software Link: https://chamilo.org/en/download/ Version: Chamilo 1.11.8 or lower to 1.8...
citecodecrashers Pic-A-Point 1.1 - Consignment SQL Injection
citecodecrashers Pic-A-Point 1.1 - Consignment SQL Injection Exploit Title: citecodecrashers Pic-A-Point 1.1 - 'Consignment' SQL Injection Author: Cakes Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/citecodecrashers/Pic-A-Point Software Link:...
SpotIE Internet Explorer Password Recovery 2.9.5 - Key Denial of Service
SpotIE Internet Explorer Password Recovery 2.9.5 - Key Denial of Service Exploit Title: SpotIE Internet Explorer Password Recovery 2.9.5 - 'Key' Denial of Service Date: 2019-20-09 Exploit Author: Emilio Revelo Vendor Homepage: http://www.nsauditor.com/ Software Link :...
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution
NPMJS gitlabhook 0.0.17 - repository Remote Command Execution Exploit Title: NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution Date: 2019-09-13 Exploit Author: Semen Alexandrovich Lyhin Vendor Homepage: https://www.npmjs.com/package/gitlabhook Version: 0.0.17 Tested on: Kali Linux 2...
WP Server Log Viewer 1.0 - logfile Persistent Cross-Site Scripting
WP Server Log Viewer 1.0 - logfile Persistent Cross-Site Scripting Exploit Title: WP Server Log Viewer 1.0 - 'logfile' Persistent Cross-Site Scripting Date: 2019-09-10 Exploit Author: strider Software Link: https://github.com/anttiviljami/wp-server-log-viewer Version: 1.0 Tested on: Debian 10...
Microsoft SharePoint 2013 SP1 - DestinationFolder Persistant Cross-Site Scripting
Microsoft SharePoint 2013 SP1 - DestinationFolder Persistant Cross-Site Scripting Exploit Title: Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistent Cross-Site Scripting Author: Davide Cioccia Discovery Date: 2019-09-25 Vendor Homepage: https://www.microsoft.com Software Link:...
YzmCMS 5.3 - Host Header Injection
YzmCMS 5.3 - Host Header Injection Exploit Title: YzmCMS 5.3 - 'Host' Header Injection Exploit Author: Debashis Pal Vendor Homepage: http://www.yzmcms.com/ Source: https://github.com/yzmcms/yzmcms Version: YzmCMS V5.3 CVE : N/A Tested on: Windows 7 SP164bit,XAMPP: 7.3.9 About YzmCMS =============...
Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service
Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service There's a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric. I've...
File Sharing Wizard 1.5.0 - POST SEH Overflow
File Sharing Wizard 1.5.0 - POST SEH Overflow import socket from struct import Exploit Title: File sharing wizard 'post' remote SEH overflow Date: 9/23/2019 Exploit Author: x00pwn Software Link: https://file-sharing-wizard.soft112.com/ Version: 1.5.0 Tested on: Windows 7 CVE : CVE-2019-16724...
DeviceViewer 3.12.0.1 - creating user Denial of Service
DeviceViewer 3.12.0.1 - creating user Denial of Service !/usr/bin/python Exploit Title: DeviceViewer 3.12.0.1 - 'creating user' DOS buffer overflow Date: 9/23/2019 Exploit Author: x00pwn Vendor Homepage: http://www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe...
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds When an NSKeyedUnarchiver decodes an object, it first allocates the object using allocWithZone, and then puts the object into a dictionary for temporary objects. It then calls the appropriate initWithCoder: on the allocated...
YjV2XfO8XULm45N
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
Gila CMS 1.11.1 - Local File Inclusion
Gila CMS 1.11.1 - Local File Inclusion Exploit Title: Authenticated Local File InclusionLFI in GilaCMS Google Dork: N/A Date: 04-08-2019 Exploit Author: Sainadh Jamalpur Vendor Homepage: https://github.com/GilaCMS/gila Software Link: https://github.com/GilaCMS/gila Version: 1.10.9 Tested on: XAMP...
Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure
Hisilicon HiIpcam V100R003 Remote ADSL - Credentials Disclosure !/usr/bin/perl -w Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure Copyright 2019 c Todor Donev Hisilicon HiIpcam V100R003 Remote ADSL Credentials Disclosure =============================================================...
HPE Intelligent Management Center 7.3 E0506P09 - Information Disclosure
HPE Intelligent Management Center 7.3 E0506P09 - Information Disclosure !/opt/local/bin/python2.7 Exploit Title: HPE Intelligent Management Center dbman Command 10001 Information Disclosure Date: 22-09-2019 Exploit Author: Rishabh Sharma Linkedin: rishabh2241991 Vendor Homepage: www.hpe.com...
vBulletin 5.0 5.5.4 - widget_php Unauthenticated Remote Code Execution
vBulletin 5.0 5.5.4 - widgetphp Unauthenticated Remote Code Execution !/usr/bin/python vBulletin 5.x 0day pre-auth RCE exploit This should work on all versions from 5.0.0 till 5.5.4 Google Dorks: - site:.vbulletin.net - "Powered by vBulletin Version 5.5.4" import requests import sys if lensys.arg...
Microsoft Windows 10 - WSReset UAC Protection Bypass (propsys.dll)
Microsoft Windows 10 - WSReset UAC Protection Bypass propsys.dll // ref : https://medium.com/tenable-techblog/uac-bypass-by-mocking-trusted-directories-24a96675f6e include // uac bypass via wsreset.exe // @404death // EDB Note: Download...
LayerBB 1.1.4 - Cross-Site Request Forgery
LayerBB 1.1.4 - Cross-Site Request Forgery Exploit Title: LayerBB 1.1.3 - Multiple CSRF Date: 4/7/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com/downloads.php?view=file&id=30 Version: 1.1.3 Tested on: Ubuntu 18.04 CVE: CVE-2019-16531 1...
GOautodial 4.0 - CreateEvent Persistent Cross-Site Scripting
GOautodial 4.0 - CreateEvent Persistent Cross-Site Scripting Exploit Title: GOautodial 4.0 - 'CreateEvent' Persistent Cross-Site Scripting Author: Cakes Discovery Date: 2019-09-19 Vendor Homepage: https://goautodial.org/ Software Link:...
macOS 18.7.0 Kernel - Local Privilege Escalation
macOS 18.7.0 Kernel - Local Privilege Escalation macOS-Kernel-Exploit DISCLAIMER You need to know the KASLR slide to use the exploit. Also SMAP needs to be disabled which means that it's not exploitable on Macs after 2015. These limitations make the exploit pretty much unusable for in-the-wild...
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass Command Execution Exploit Title: Western Digital My Book World II NAS = 1.02.12 - Broken Authentication to RCE Google Dork: intitle:"My Book World Edition - MyBookWorld" Date: 19th Sep, 2019 Exploit Author: Noman Riffat, Nationa...
DIGIT CENTRIS 4 ERP - datum1 SQL Injection
DIGIT CENTRIS 4 ERP - datum1 SQL Injection Exploit Title: DIGIT CENTRIS 4 ERP - 'datum1' SQL Injection Date: 2019-09-19 Exploit Author: n1x MS-WEB Vendor Homepage: http://www.digit-rs.com/ Product Homepage: http://digit-rs.com/centris.html Version: Every version CVE : N/A Vulnerable parameters:...
Hospital-Management 1.26 - fname SQL Injection
Hospital-Management 1.26 - fname SQL Injection Exploit Title: Hospital-Management 1.26 - 'fname' SQL Injection Author: Cakes Discovery Date: 2019-09-18 Vendor Homepage: https://github.com/Mugerwa-Joseph/hospital-management Software Link:...
Counter-Strike Global Offensive 1.37.1.1 - vphysics.dll Denial of Service (PoC)
Counter-Strike Global Offensive 1.37.1.1 - vphysics.dll Denial of Service PoC CVE-2019-15943 Counter-Strike Global Offensive vphysics.dll before 1.37.1.1 allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, becaus...
Inteno IOPSYS Gateway - Improper Access Restrictions
Inteno IOPSYS Gateway - Improper Access Restrictions Exploit Title: Inteno IOPSYS Gateway 3DES Key Extraction - Improper Access Restrictions Date: 2019-06-29 Exploit Author: Gerard Fuguet [email protected] Vendor Homepage: https://www.intenogroup.com/ Version: EG200-WU7P1UADAMO3.16.4-1902261650...
CollegeManagementSystem-CMS 1.3 - batch SQL Injection
CollegeManagementSystem-CMS 1.3 - batch SQL Injection Exploit Title: CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection Author: Cakes Discovery Date: 2019-09-16 Vendor Homepage: https://github.com/SaloniKumari123/CollegeManagementSystem Software Link:...
docPrint Pro 8.0 - SEH Buffer Overflow
docPrint Pro 8.0 - SEH Buffer Overflow import struct Title: docPrint Pro v8.0 'User/Master Password' Local SEH Alphanumeric Encoded Buffer Overflow Date: September 14th, 2019 Author: Connor McGarr @33y0re https://connormcgarr.github.io Vendor Homepage: http://www.verypdf.com Software Link:...
Symantec Advanced Secure Gateway (ASG) ProxySG - Unrestricted File Upload
Symantec Advanced Secure Gateway ASG ProxySG - Unrestricted File Upload ===========Security Intelligence============ Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 Exploit Author: Pankaj Kumar Thakur Nepal ==========Table of Contents============== Overview Detailed...