Solaris 10 113 (Intel) - dtprintinfo Local Privilege Escalation

Solaris 10 113 Intel - dtprintinfo Local Privilege Escalation / raptordtprintnameintel.c - dtprintinfo 0day, Solaris/Intel Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this...

Huawei eSpace Meeting 1.1.11.103 - cenwpoll.dll SEH Buffer Overflow (Unicode)

Huawei eSpace Meeting 1.1.11.103 - cenwpoll.dll SEH Buffer Overflow Unicode !/usr/bin/env python -- coding: utf-8 -- Huawei eSpace Meeting cenwpoll.dll Unicode Stack Buffer Overflow with SEH Overwrite Vendor: Huawei Technologies Co., Ltd. Product web page: https://www.huawei.com Affected...

eLabFTW 1.8.5 - Arbitrary File Upload Remote Code Execution

eLabFTW 1.8.5 - Arbitrary File Upload Remote Code Execution !/usr/bin/env python Exploit Title : eLabFTW 1.8.5 'EntityController' Arbitrary File Upload / RCE Date : 5/18/19 Exploit Author : liquidsky JMcPeters Vulnerable Software : eLabFTW 1.8.5 Vendor Homepage : https://www.elabftw.net/ Version ...

BulletProof FTP Server 2019.0.0.50 - DNS Address Denial of Service (PoC)

BulletProof FTP Server 2019.0.0.50 - DNS Address Denial of Service PoC Exploit Title: BulletProof FTP Server 2019.0.0.50 - 'DNS Address' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-18 Vendor Homepage: http://bpftpserver.com/ Software Link:...

Solaris 789 (SPARC) - dtprintinfo Local Privilege Escalation (1)

Solaris 789 SPARC - dtprintinfo Local Privilege Escalation 1 / raptordtprintnamesparc.c - dtprintinfo 0day, Solaris/SPARC Copyright c 2004-2019 Marco Ivaldi 0day buffer overflow in the dtprintinfo1 CDE Print Viewer, leading to local root. Many thanks to Dave Aitel for discovering this vulnerabili...

docPrint Pro 8.0 - Denial of Service (PoC)

docPrint Pro 8.0 - Denial of Service PoC -- coding: utf-8 -- Exploit Title: Document Converter docPrint Pro v8.0 - Denial of Service PoC Date: 19/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.verypdf.com Software: http://dl.verypdf.net/docprintprosetup.exe Version: 8.0 Tested on:...

CEWE Photoshow 6.4.3 - Password Denial of Service (PoC)

CEWE Photoshow 6.4.3 - Password Denial of Service PoC -- coding: utf-8 -- Exploit Title: CEWE PHOTO SHOW 6.4.3 - Denial of Service PoC Date: 16/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software: https://cewe-photoworld.com/creator-software/windows-download...

CEWE Photo Importer 6.4.3 - .jpg Denial of Service (PoC)

CEWE Photo Importer 6.4.3 - .jpg Denial of Service PoC -- coding: utf-8 -- Exploit Title: CEWE PHOTO IMPORTER 6.4.3 - Denial of Service PoC Date: 16/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://cewe-photoworld.com/ Software:...

Iperius Backup 6.1.0 - Privilege Escalation

Iperius Backup 6.1.0 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor Homepage: https://www.iperiusbackup.com/ Version: 6.1.0 Software Link:...

Sandboxie 5.30 - Programs Alerts Denial of Service (PoC)

Sandboxie 5.30 - Programs Alerts Denial of Service PoC -- coding: utf-8 -- Exploit Title: Sandboxie 5.30 - Denial of Service PoC Date: 16/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.sandboxie.com Software https://www.sandboxie.com/SandboxieInstall.exe Version: 5.30 Tested on:...

Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal Remote Code Execution

Cisco Prime Infrastructure Health Monitor HA TarArchive - Directory Traversal Remote Code Execution !/usr/bin/python """ Cisco Prime Infrastructure Health Monitor HA TarArchive Directory Traversal Remote Code Execution Vulnerability Steven Seeley mrme of Source Incite - 2019 SRC: SRC-2019-0034 CV...

Interspire Email Marketer 6.20 - surveys_submit.php Remote Code Execution

Interspire Email Marketer 6.20 - surveyssubmit.php Remote Code Execution Exploit Title: Interspire Email Marketer 6.20 - Remote Code Execution Date: May 2019 Exploit Author: Numan Türle Vendor Homepage: https://www.interspire.com Software Link: https://www.interspire.com/emailmarketer Version: 6....

DeepSound 1.0.4 - SQL Injection

DeepSound 1.0.4 - SQL Injection =========================================================================================== Exploit Title: DeepSound 1.0.4 - SQL Inj. Dork: N/A Date: 15-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

ZOC Terminal 7.23.4 - Script Denial of Service (PoC)

ZOC Terminal 7.23.4 - Script Denial of Service PoC Exploit Title: ZOC Terminal v7.23.4 - 'Script' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version:...

VMware Workstation 15.1.0 - DLL Hijacking

VMware Workstation 15.1.0 - DLL Hijacking --------------------------------------------------------- Title: VMware Workstation DLL hijacking DLLIMPORT void SHGetFolderPathW MessageBox0, "s1kr10s", "VMWare-Poc", MBICONINFORMATION; exit0; --------------------------...

JetAudio jetCast Server 2.0 - Log Directory Local SEH Alphanumeric Encoded Buffer Overflow

JetAudio jetCast Server 2.0 - Log Directory Local SEH Alphanumeric Encoded Buffer Overflow Title: JetAudio jetCast Server 2.0 'Log Directory' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 13th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage:...

ZOC Terminal v7.23.4 - Private key file Denial of Service (PoC)

ZOC Terminal v7.23.4 - Private key file Denial of Service PoC Exploit Title: ZOC Terminal v7.23.4 - 'Private key file' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link:...

WeChat for Android 7.0.4 - vcodec2_hls_filter Denial of Service

WeChat for Android 7.0.4 - vcodec2hlsfilter Denial of Service Exploit Title: DoS Wechat with an emoji Date: 16-May-2019 Exploit Author: Hong Nhat Pham Vendor Homepage: http://www.tencent.com/en-us/index.html Software Link: https://play.google.com/store/apps/details?id=com.tencent.mm Version: 7.0....

Axessh 4.2 - Log file name Denial of Service (PoC)

Axessh 4.2 - Log file name Denial of Service PoC Exploit Title: Axessh 4.2 'Log file name' - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-14 Vendor Homepage: http://www.labf.com Software Link: http://www.labf.com/download/axessh.exe Tested Version: 4.2 Tested on:...

SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service

SEL AcSELerator Architect 2.2.24 - CPU Exhaustion Denial of Service !/usr/bin/env python coding: utf8 SEL AcSELerator Architect 2.2.24 Remote CPU Exhaustion Denial of Service Vendor: Schweitzer Engineering Laboratories, Inc. Product web page: https://www.selinc.com Affected version: 2.2.24.0 ICD...

ZOC Terminal v7.23.4 - Shell Denial of Service (PoC)

ZOC Terminal v7.23.4 - Shell Denial of Service PoC Exploit Title: ZOC Terminal v7.23.4 - 'Shell' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-15 Vendor Homepage: https://www.emtec.com Software Link: http://www.emtec.com/downloads/zoc/zoc7234x64.exe Tested Version:...

CommSy 8.6.5 - SQL injection

CommSy 8.6.5 - SQL injection Title: ====== CommSy 8.6.5 - SQL injection Researcher: =========== Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG CVE-ID: ======= CVE-2019-11880 Timeline: ========= 2019-04-15 Vulnerability discovered 2019-04-15 Asked for security contact and PGP key 2019-04-...

Tomabo MP4 Converter 3.25.22 - Denial of Service (PoC)

Tomabo MP4 Converter 3.25.22 - Denial of Service PoC -- coding: utf-8 -- Exploit Title: MP4 Converter 3.25.22 - 'Name' Denial of Service PoC Date: 14/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.tomabo.com/ Software: http://www.tomabo.com/downloads/mp4-converter-setup.exe Version...

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting

Legrand BTicino Driver Manager F454 1.0.51 - Cross-Site Request Forgery Cross-Site Scripting input type="hidden" name="password2" value="newpass123" /...

Microsoft Windows - Win32k Local Privilege Escalation

Microsoft Windows - Win32k Local Privilege Escalation CVE-2019-0803 Win32k Elevation of Privilege Poc Reference ----------------------------- steal Security token https://github.com/mwrlabs/CVE-2016-7255 EDB Note: Download...

PasteShr 1.6 - Multiple SQL Injection

PasteShr 1.6 - Multiple SQL Injection =========================================================================================== Exploit Title: PasteShr - SQL İnj. Dork: N/A Date: 14-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

Sales ERP 8.1 - Multiple SQL Injection

Sales ERP 8.1 - Multiple SQL Injection =========================================================================================== Exploit Title: SalesERP v.8.1 SQL Inj. Dork: N/A Date: 13-05-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

TwistedBrush Pro Studio 24.06 - .srp Denial of Service (PoC)

TwistedBrush Pro Studio 24.06 - .srp Denial of Service PoC -- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - '.srp' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link...

TwistedBrush Pro Studio 24.06 - Resize Image Denial of Service (PoC)

TwistedBrush Pro Studio 24.06 - Resize Image Denial of Service PoC -- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - 'Resize Image' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link...

Schneider Electric U.Motion Builder 1.3.4 - track_import_export.php object_id Unauthenticated Command Injection

Schneider Electric U.Motion Builder 1.3.4 - trackimportexport.php objectid Unauthenticated Command Injection RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: Schneider Electric U.Motion Builder Vendor URL: www.schneider-electric.com Type: ...

D-Link DWL-2600AP - Multiple OS Command Injection

D-Link DWL-2600AP - Multiple OS Command Injection Document Title: =============== D-Link DWL-2600AP - Authenticated OS Command Injection Restore Configuration Product & Service Introduction: =============================== The D-Link DWL-2600AP has a web interface for configuration. You can use a...

Selfie Studio 2.17 - Resize Image Denial of Service (PoC)

Selfie Studio 2.17 - Resize Image Denial of Service PoC -- coding: utf-8 -- Exploit Title: Selfie Studio 2.17 - 'Resize Image' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link...

TwistedBrush Pro Studio 24.06 - Script Recorder Denial of Service (PoC)

TwistedBrush Pro Studio 24.06 - Script Recorder Denial of Service PoC -- coding: utf-8 -- Exploit Title: TwistedBrush Pro Studio 24.06 - 'Script Recorder' Denial of Service PoC Date: 13/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.pixarra.com Software Link...

PHP-Fusion 9.03.00 - Edit Profile Remote Code Execution (Metasploit)

PHP-Fusion 9.03.00 - Edit Profile Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "PHP-Fusion %q This module exploits command execution vulnerability in PHP-Fusi...

DNSS 2.1.8 - Denial of Service (PoC)

DNSS 2.1.8 - Denial of Service PoC Exploit Title: DNSS Domain Name Search Software 2.1.8 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-12 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/dnsssetup.exe Tested Version: 2.1.8 Teste...

SOCA Access Control System 180612 - Cross-Site Request Forgery (Add Admin)

SOCA Access Control System 180612 - Cross-Site Request Forgery Add Admin SOCA Access Control System 180612 CSRF Add Admin Exploit Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include Proximit...

SOCA Access Control System 180612 - Information Disclosure

SOCA Access Control System 180612 - Information Disclosure SOCA Access Control System 180612 Information Disclosure Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and...

SpotMSN 2.4.6 - Denial of Service (PoC)

SpotMSN 2.4.6 - Denial of Service PoC Exploit Title: SpotMSN 2.4.6 - 'Name/Key' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-12 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/spotmsnsetup.exe Tested Version: 2.4.6 Tested on:...

XOOPS 2.5.9 - SQL Injection

XOOPS 2.5.9 - SQL Injection + Sql Injection on XOOPS CMS v.2.5.9 + Date: 12/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://xoops.org/ + Contact: [email protected] + Tested on: Windows 7 and Gnu/Linux + Dork: inurl:gerarpdf.php...

SOCA Access Control System 180612 - SQL Injection

SOCA Access Control System 180612 - SQL Injection SOCA Access Control System 180612 SQL Injection And Authentication Bypass Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and...

Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds ReadWrite

Google Chrome V8 - Turbofan JSCallReducer::ReduceArrayIndexOfIncludes Out-of-Bounds ReadWrite !-- Since commit https://chromium.googlesource.com/v8/v8.git/+/c22bb466d8934685d897708119543d099b9d2a9a turbofan supports inlining calls to array.includes and array.indexOf. The logic of the function is...

OpenProject 5.0.0 - 8.3.1 - SQL Injection

OpenProject 5.0.0 - 8.3.1 - SQL Injection SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated SQL Injection vulnerability product: OpenProject vulnerable version: 5.0.0 - 8.3.1 fixed version: 8.3.2 & 9.0.0...

PHPRunner 10.1 - Denial of Service (PoC)

PHPRunner 10.1 - Denial of Service PoC Exploit Title: PHPRunner 10.1 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: https://xlinesoft.com/ Software Link: https://xlinesoft.com/phprunner/download.htm Tested Version: 10.1 Tested on: Windows 7...

SpotIM 2.2 - Denial of Service (PoC)

SpotIM 2.2 - Denial of Service PoC -- coding: utf-8 -- Exploit Title: SpotIM 2.2 - 'Name/Key' Denial of Service PoC Date: 09/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com Software Link http://www.nsauditor.com/downloads/spotimsetup.exe Version: 2.2 Tested on: Windows...

ASPRunner.NET 10.1 - Denial of Service (PoC)

ASPRunner.NET 10.1 - Denial of Service PoC Exploit Title: ASPRunner.NET 10.1 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: https://xlinesoft.com/ Software Link: https://xlinesoft.com/asprunnernet/download.htm Tested Version: 10.1 Tested on:...

RICOH SP 4510DN Printer - HTML Injection

RICOH SP 4510DN Printer - HTML Injection Exploit Title: RICOH SP 4510DN Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.htm...

Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery

Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Exploit Title: Cortex Unshortenlink Analyzer 1.1 - Server-Side Request Forgery Date: 2/26/2019 Exploit Author: Alexandre Basquin Vendor Homepage: https://blog.thehive-project.org Software Link: https://github.com/TheHive-Project/Cort...

dotCMS 5.1.1 - HTML Injection

dotCMS 5.1.1 - HTML Injection Exploit Title: dotCMS 5.1.1 - HTML Injection Date: 2019-05-09 Exploit Author: Ismail Tasdelen Vendor Homepage: https://dotcms.com/ Software Link: https://github.com/dotCMS Software: dotCMS Product Version: 5.1.1 Vulernability Type: Code Injection Vulenrability: HTML...

SpotPaltalk 1.1.5 - Denial of Service (PoC)

SpotPaltalk 1.1.5 - Denial of Service PoC -- coding: utf-8 -- Exploit Title: SpotPaltalk 1.1.5 - 'Name/Key' Denial of Service PoC Date: 09/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com Software Link http://www.nsauditor.com/downloads/spotpaltalksetup.exe Version: 1.1...

jetCast Server 2.0 - Denial of Service (PoC)

jetCast Server 2.0 - Denial of Service PoC Exploit Title: jetCast Server 2.0 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-09 Vendor Homepage: http://www.jetaudio.com/ Software Link:...