41207 matches found
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion =========================================================================================== Exploit Title: Karenderia CMS 5.1 - LFI Vuln. Dork: N/A Date: 04-07-2019 Exploit Author: Mehmet EMIROGLU Software Link:...
Symantec DLP 15.5 MP1 - Cross-Site Scripting
Symantec DLP 15.5 MP1 - Cross-Site Scripting Exploit Title: Persistent XSS on Symantec DLP = 15.5 MP1 Date: 2019-06-21 Exploit Author: Chapman Schleiss Vendor Homepage: https://www.symantec.com/ Software Link: https://support.symantec.com/us/en/mysymantec.html Version: = 15.5 MP1 CVE : 2019-9701...
Centreon 19.04 - Remote Code Execution
Centreon 19.04 - Remote Code Execution !/usr/bin/python ''' Exploit Title: Centreon v19.04 authenticated Remote Code Execution Date: 28/06/2019 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2019-13024 Vendor Homepage: https://www.centreon.com/ Software link: https://download.centreon.com Versio...
PowerPanel Business Edition - Cross-Site Scripting
PowerPanel Business Edition - Cross-Site Scripting Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Version: 3.4.0 Tested on: Ubuntu 16.04 CVE...
ZoneMinder 1.32.3 - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting Exploit Title: ZoneMinder 1.32.3 - Stored Cross Site Scripting filters Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://zoneminder.com Software Link: https://github.com/ZoneMinder/zoneminder/releases Version: 1.32.3 Test...
SAP Crystal Reports - Information Disclosure
SAP Crystal Reports - Information Disclosure Exploit Title: Sensitive Information Disclosure in SAP Crystal Reports Date: 2019-04-10 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 Version: SAP Crystal...
CyberPanel 1.8.4 - Cross-Site Request Forgery
CyberPanel 1.8.4 - Cross-Site Request Forgery Title: CyberPanel Administrator Account Takeover fetch'https://SERVERIP:8090/users/saveModifications', method: 'POST', credentials: 'include', headers: 'Content-Type': 'text/plain', body:...
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
FaceSentry Access Control System 6.4.8 - Remote Root Exploit !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 5...
WorkSuite PRM 2.4 - password SQL Injection
WorkSuite PRM 2.4 - password SQL Injection =========================================================================================== Exploit Title: WorkSuite PRM 2.4 - 'password' SQL Inj. Dork: N/A Date: 01-05-2019 Exploit Author: Mehmet EMİROĞLU Vendor Homepage:...
Sahi pro 8.x - Directory Traversal
Sahi pro 8.x - Directory Traversal Exploit Title: Sahi pro 8.x Directory traversal Date: 2019-06-25 Exploit Author: Operat0r Vendor Homepage: https://sahipro.com/ Software Link: https://sahipro.com/downloads-archive/ Version: 8.0 Tested on: Linux Ubuntu / Windows 7 CVE: CVE-2019-13063 An issue wa...
Varient 1.6.1 - SQL Injection
Varient 1.6.1 - SQL Injection =========================================================================================== Exploit Title: Varient 1.6.1 SQL Inj. Dork: N/A Date: 29-06-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://varient.codingest.com/ Software Link:...
Linux Mint 18.3-19.1 - yelp Command Injection (Metasploit)
Linux Mint 18.3-19.1 - yelp Command Injection Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit from github repro: https://github.com/b1ack0wl/linuxmintpoc class MetasploitModule "Linux Mint 'yelp' UR...
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0...
FaceSentry Access Control System 6.4.8 - Remote SSH Root
FaceSentry Access Control System 6.4.8 - Remote SSH Root !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2...
CiuisCRM 1.6 - eventType SQL Injection
CiuisCRM 1.6 - eventType SQL Injection =========================================================================================== Exploit Title: CiuisCRM 1.6 - 'eventType' SQL Inj. Dork: N/A Date: 27-05-2019 Exploit Author: Mehmet EMİROĞLU Vendor Homepage:...
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware...
LibreNMS 1.46 - addhost Remote Code Execution
LibreNMS 1.46 - addhost Remote Code Execution !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP...
Mozilla Spidermonkey - IonMonkey Array.prototype.pop Type Confusion
Mozilla Spidermonkey - IonMonkey Array.prototype.pop Type Confusion The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: ...
AZADMIN CMS 1.0 - SQL Injection
AZADMIN CMS 1.0 - SQL Injection + Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files:...
SAPIDO RB-1732 - Remote Command Execution
SAPIDO RB-1732 - Remote Command Execution Exploit Title: SAPIDO RB-1732 command line execution Date: 2019-6-24 Exploit Author: k1nm3n.aotoi Vendor Homepage: http://www.sapido.com.tw/ Software Link: http://www.sapido.com.tw/CH/data/Download/firmware/rb1732/tc/RB-1732TCv2.0.43.bin Version: RB-1732...
Fortinet FCM-MB40 - Cross-Site Request Forgery Remote Command Execution
Fortinet FCM-MB40 - Cross-Site Request Forgery Remote Command Execution Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE...
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Exploit Title: Live Chat Unlimited v2.8.3 Stored XSS Injection Google Dork: inurl:"wp-content/plugins/screets-lcx" Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: https://screets.com/ Software Link:...
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting Exploit Title: iLive - Intelligent WordPress Live Chat Support Plugin v1.0.4 Stored XSS Injection Google Dork: - Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: http://www.ilive.wpapplab.com/ Software Link:...
BlogEngine.NET 3.3.63.3.7 - path Directory Traversal
BlogEngine.NET 3.3.63.3.7 - path Directory Traversal Exploit Title: Directory Traversal on BlogEngine.NET Date: 24 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10717 1. Description ============== BlogEngine.NET is...
SuperDoctor5 - NRPE Remote Code Execution
SuperDoctor5 - NRPE Remote Code Execution SuperMicro implemented a Remote Command Execution plugin in their implementation of NRPE in SuperDocter 5, which is their monitoring utility for SuperMicro chassis'. This is an intended feature but leaves the system open by default to unauthenticated remo...
SeedDMS versions 5.1.11 - Remote Command Execution
SeedDMS versions 5.1.11 - Remote Command Execution Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4: Now...
GrandNode 4.40 - Path Traversal Arbitrary File Download
GrandNode 4.40 - Path Traversal Arbitrary File Download Exploit Title: GrandNode Path Traversal & Arbitrary File Download Unauthenticated Date: 06/23/3019 Exploit Author: Corey Robinson https://twitter.com/CRobSec Vendor Homepage: https://grandnode.com/ Software Link:...
dotProject 2.1.9 - SQL Injection
dotProject 2.1.9 - SQL Injection Exploit Title: dotProject 2.1.9 - Multiple Sql Injection Poc Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://dotproject.net Software Link: https://github.com/dotproject/dotProject/archive/v2.1.9.zip Version: 2.1.9 Category: Webapps Tested on...
SeedDMS 5.1.11 - out.UsrMgr.php Cross-Site Scripting
SeedDMS 5.1.11 - out.UsrMgr.php Cross-Site Scripting Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.UsrMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 20-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org...
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation Windows: Windows Font Cache Service Insecure Sections EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The...
Microsoft Windows - CmpAddRemoveContainerToCLFSLog Arbitrary FileDirectory Creation
Microsoft Windows - CmpAddRemoveContainerToCLFSLog Arbitrary FileDirectory Creation Windows: CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Use...
SeedDMS 5.1.11 - out.GroupMgr.php Cross-Site Scripting
SeedDMS 5.1.11 - out.GroupMgr.php Cross-Site Scripting Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 17-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org...
GSearch 1.0.1.0 - Denial of Service (PoC)
GSearch 1.0.1.0 - Denial of Service PoC Exploit Title: GSearch v1.0.1.0 - Denial of Service PoC Date: 6/23/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NDTMZKLC693 Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run th...
EA Origin 10.5.38 - Remote Code Execution
EA Origin 10.5.38 - Remote Code Execution Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on:...
Tuneclone 2.20 - Local SEH Buffer Overflow
Tuneclone 2.20 - Local SEH Buffer Overflow Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.- Run python co...
WebERP 4.15 - SQL injection
WebERP 4.15 - SQL injection Exploit Title: Blind SQL injection in WebERP. Date: June 10, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unserialize...
BlogEngine.NET 3.3.63.3.7 - XML External Entity Injection
BlogEngine.NET 3.3.63.3.7 - XML External Entity Injection Exploit Title: Out-of-band XML External Entity Injection on BlogEngine.NET Date: 19 June 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10718 1. Description...
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Linux - Use-After-Free via race Between modifyldt and BR Exception / When a BR exception is raised because of an MPX bounds violation, Linux parses the faulting instruction and computes the linear address of its memory operand. If the userspace instruction is in 32-bit code, this involves looking...
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1...
BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description...
Serv-U FTP Server 15.1.7 - Local Privilege Escalation (1)
Serv-U FTP Server 15.1.7 - Local Privilege Escalation 1 / CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation vulnerability found by: Guy Levin @vastart - twitter.com/vastart https://blog.vastart.dev to compile and run: gcc servu-pe-cve-2019-12181.c -o pe && ./pe / include include include int main...
Sahi pro 7.x8.x - Directory Traversal
Sahi pro 7.x8.x - Directory Traversal Exploit Title: Sahi pro :/s/dyn/Loghighlight?href=../../../../windows/win.ini&n=1selected...
Sahi pro 8.x - SQL Injection
Sahi pro 8.x - SQL Injection Exploit Title: Sahi pro :/s/dyn/pro/DBReports?sql=SELECT DISTINCT memoryused AS ROWSTATUS, SCRIPTREPORTS.SCRIPTREPORTID,SCRIPTREPORTS.SCRIPTNAME,SUITEREPORTS. FROM SUITEREPORTS,SCRIPTREPORTS...
Sahi pro 8.x - Cross-Site Scripting
Sahi pro 8.x - Cross-Site Scripting Exploit Title: Sahi pro alertdocument.cookie”.start; log“testing stored XSS injection”; $tc1.end; Step 2 : Execute the created script poc.sah using sahi GUI controller . Step 3 : navigate to the web logs console http://:/logs using the browser for the executed...
RedwoodHQ 2.5.5 - Authentication Bypass
RedwoodHQ 2.5.5 - Authentication Bypass -- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link:...
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Produ...
CleverDog Smart Camera DOG-2W DOG-2W-V4 - Multiple Vulnerabilities
CleverDog Smart Camera DOG-2W DOG-2W-V4 - Multiple Vulnerabilities 1. Advisory Information ======================================== Title: Clever Dog Smart Camera Vendor Homepage: http://www.cleverdog.com.cn/ Tested on Camera types : DOG-2W, DOG-2W-V4 Vulnerability: Hardware- Multiple...
Thunderbird ESR 60.7.XXX - parser_get_next_char Heap-Based Buffer Overflow
Thunderbird ESR 60.7.XXX - parsergetnextchar Heap-Based Buffer Overflow X41 D-Sec GmbH Security Advisory: X41-2019-002 Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched...
AROX School-ERP Pro - Unauthenticated Remote Command Execution (Metasploit)
AROX School-ERP Pro - Unauthenticated Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "AROX School-ERP Pro Unauthenticated Remote Code Execution", 'Descriptio...
Exim 4.87 - 4.91 - Local Privilege Escalation
Exim 4.87 - 4.91 - Local Privilege Escalation !/bin/bash raptoreximwiz - "The Return of the WIZard" LPE exploit Copyright c 2019 Marco Ivaldi A flaw was found in Exim versions 4.87 to 4.91 inclusive. Improper validation of recipient address in delivermessage function in /src/deliver.c may lead to...