RICOH SP 4520DN Printer - HTML Injection

RICOH SP 4520DN Printer - HTML Injection Exploit Title: RICOH SP 4520DN Printer - HTML Injection Date: 2019-05-06 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link: https://www.ricoh-europe.com/products/office-printers-fax/single-function-printers/sp-4520dn.htm...

CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection

CyberArk Enterprise Password Vault 10.7 - XML External Entity Injection Exploit Title: CyberArk XML External Entity XXE Injection in SAML authentication Date: 10/05/2019 Exploit Author: Marcelo Toran @spamv Vendor Homepage: https://www.cyberark.com Version: =10.7 CVE : CVE-2019-7442...

Lyric Maker 2.0.1.0 - Denial of Service (PoC)

Lyric Maker 2.0.1.0 - Denial of Service PoC -- coding: utf-8 -- Exploit Title: Lyric Maker 2.0.1.0 - Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.jetaudio.com/ Software Link...

Zoho ManageEngine ADSelfService Plus 5.7 5702 build - Cross-Site Scripting

Zoho ManageEngine ADSelfService Plus 5.7 5702 build - Cross-Site Scripting + Zoho ManageEngine ADSelfService Plus 5.7 &searchType=contains&searchBy=ALLFIELDS&actionId=Search HTTP/1.1 &adscsrf= 4- Stored XSS in self-update layout im...

Convert Video jetAudio 8.1.7 - Denial of Service (PoC)

Convert Video jetAudio 8.1.7 - Denial of Service PoC -- coding: utf-8 -- Exploit Title: Convert Video jetAudio 8.1.7 - Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.jetaudio.com/ Software Link...

Lyric Video Creator 2.1 - .mp3 Denial of Service (PoC)

Lyric Video Creator 2.1 - .mp3 Denial of Service PoC -- coding: utf-8 -- Exploit Title: Lyric Video Creator 2.1 - '.mp3' Denial of Service PoC Date: 08/05/2019 Author: Alejandra Sánchez Vendor Homepage: https://lyricvideocreator.com/ Software Link:...

jetAudio 8.1.7.20702 Basic - Enter URL Denial of Service (PoC)

jetAudio 8.1.7.20702 Basic - Enter URL Denial of Service PoC Exploit Title: jetAudio 8.1.7.20702 Basic - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-05-07 Vendor Homepage: http://www.jetaudio.com/ Software Link: http://www.jetaudio.com/download/ Tested Version:...

NetNumber Titan ENUMDNSNP 7.9.1 - Path Traversal Authorization Bypass

NetNumber Titan ENUMDNSNP 7.9.1 - Path Traversal Authorization Bypass Exploit Title: NetNumber Titan ENUM/DNS/NP - Path Traversal - Authorization Bypass Google Dork: N/A Date: 4/29/2019 Exploit Author: MobileNetworkSecurity Vendor Homepage: https://www.netnumber.com/products/data Software Link: N...

MiniFtp - parseconf_load_setting Buffer Overflow

MiniFtp - parseconfloadsetting Buffer Overflow Exploit Title: MiniFtp parseconfloadsetting local-bufferoverflow 318 bytes Google Dork: None Date: 11.04.2019 Exploit Author: strider Vendor Homepage: https://github.com/skyqinsc/MiniFtp Software Link: https://github.com/skyqinsc/MiniFtp Tested on:...

Lotus Domino 8.5.3 - EXAMINE Stack Buffer Overflow DEPASLR Bypass (NSAs EMPHASISMINE)

Lotus Domino 8.5.3 - EXAMINE Stack Buffer Overflow DEPASLR Bypass NSAs EMPHASISMINE Here is a working version of the NSA's EMPHASISMINE for IMAP Server Lotus Domino 8.5.3 FP0 DEP/ASLR bypass Replace breakpoints with msfvenom payload ALPHANUMERIC I love you Alison Thompson OAM @ThirdWaveORG Author...

Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting

Prinect Archive System 2015 Release 2.6 - Cross-Site Scripting Details ================ Software: Prinect Archive System Version: v2015 Release 2.6 Homepage: https://www.heidelberg.com Advisory report: https://github.com/alt3kx/CVE-2019-10685 CVE:...

Easy Chat Server 3.1 - message Denial of Service (PoC)

Easy Chat Server 3.1 - message Denial of Service PoC !/usr/bin/python --------------------------------------------------------- Title: Easy Chat Server Version 3.1 - DOS Date: 2019-05-07 Author: Miguel Mendez Z Team: www.exploiting.cl Vendor: http://www.echatserver.com Software Link:...

Admin Express 1.2.5.485 - Folder Path Local SEH Alphanumeric Encoded Buffer Overflow

Admin Express 1.2.5.485 - Folder Path Local SEH Alphanumeric Encoded Buffer Overflow Title: Admin Express v1.2.5.485 'Folder Path' Local SEH Alphanumeric Encoded Buffer Overflow Date: May 6th, 2019 Author: Connor McGarr https://connormcgarr.github.io Vendor Homepage:...

microASP (Portal+) CMS - pagina.phtml?explode_tree SQL Injection

microASP Portal+ CMS - pagina.phtml?explodetree SQL Injection + Sql Injection on microASP Portal+ CMS + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: http://www.microasp.it/ + Contact: [email protected] + Tested on: Windows 7 and...

ReadyAPI 2.5.0 2.6.0 - Remote Code Execution

ReadyAPI 2.5.0 2.6.0 - Remote Code Execution https://twitter.com/gscamelo Vendor Homepage: https://smartbear.com/product/ready-api Software Link: https://smartbear.com/product/ready-api/overview/ Github: https://github.com/gscamelo/CVE-2018-20580 Version: 2.5.0 and 2.6.0 Tested on: Windows CVE :...

iOS 12.1.3 - cfprefsd Memory Corruption

iOS 12.1.3 - cfprefsd Memory Corruption // c 2019 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes // Intended only for educational and defensive purposes only. // Use at your own risk. include import include include include include include define AGENT 1 define FILLDICTCOUNT 0x60...

Xitami Web Server 2.5 - Remote Buffer Overflow (SEH + Egghunter)

Xitami Web Server 2.5 - Remote Buffer Overflow SEH + Egghunter Exploit Title: Xitami Web Server 2.5 Remote Buffer Overflow SEH + Egghunter Date: May 4, 2019 Author: ElSoufiane Version: 2.5b4 Tested on: Windows Vista Ultimate Build 6000 and Windows XP SP3 Professional Discovered by: Krystian...

NSClient++ 0.5.2.35 - Privilege Escalation

NSClient++ 0.5.2.35 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Exploit Title: NSClient++ 0.5.2.35 - Privilege Escalation Date: 05-05-19 Vulnerable Software: NSClient++ 0.5.2.35 Vendor Homepage: http://nsclient.org/ Version: 0.5.2.35 Software Link: http://nsclient.org/download/...

LG Supersign EZ CMS - Remote Code Execution (Metasploit)

LG Supersign EZ CMS - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Supersign EZ CMS RCE', 'Description' = %q LG SuperSignEZ CMS, that many LG SuperSign TVs...

PHPads 2.0 - click.php3?bannerID SQL Injection

PHPads 2.0 - click.php3?bannerID SQL Injection + Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores + Date: 05/05/2019 + Risk: High + CWE Number : CWE-89 + Author: Felipe Andrian Peixoto + Vendor Homepage: https://blondish.net/ + Software Demo :...

Blue Angel Software Suite - Command Execution

Blue Angel Software Suite - Command Execution Exploit Title: Blue Angel Software Suite - Authenticated Command Execution Google Dork: N/A Date: 02/05/2019 Exploit Author: Paolo Serracino Vendor Homepage: http://www.5vtechnologies.com Software Link: N/A Version: All Tested on: Embedded Linux OS CV...

Windows PowerShell ISE - Remote Code Execution

Windows PowerShell ISE - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/WINDOWS-POWERSHELL-ISE-FILENAME-PARSING-FLAW-RCE-0DAY.txt + ISR: ApparitionSec + Zero Day Initiative Program Vendor...

Wordpress Plugin Social Warfare 3.5.3 - Remote Code Execution

Wordpress Plugin Social Warfare 3.5.3 - Remote Code Execution Title: RCE in Social Warfare Plugin Wordpress =3D3.5.2 Date: March, 2019 Researcher: Luka Sikic Exploit Author: hash3liZer Download Link: https://wordpress.org/plugins/social-warfare/ Reference:...

Instagram Auto Follow - Authentication Bypass

Instagram Auto Follow - Authentication Bypass Exploit Title: Instagram Auto Follow - Autobot Instagram - Authentication Bypass Date: 2019-05-01 Exploit Author: Veyselxan Vendor Homepage: https://codecanyon.net/item/instagram-auto-follow-autobot-instagram/23720743?srank=4 Tested on: Linux...

Zotonic 0.47.0 mod_admin - Cross-Site Scripting

Zotonic 0.47.0 modadmin - Cross-Site Scripting Exploit Title: Zotonic prompt‘XSS’ Affected source code file zotonicmodadmin: - zotonicmodadminidentity\priv\templates\adminsortheader.tpl - zotonicmodadminidentity\priv\templates\adminusers.tpl References...

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service

SolarWinds DameWare Mini Remote Control 10.0 - Denial of Service Vendor: Solarwinds Site Vendor: https://www.dameware.com/ Product: Dameware Mini Remote Control Version: 10.0 x64 Platform: Windows Tested on: Windows 7 SP1 x64 Dscription: The DWRCC executable file is affected by a buffer overflow...

Crestron AMBarco wePresent WiPGExtron ShareLinkTeq AV ITSHARP PN-L703WAOptoma WPS-ProBlackbox HD WPSInFocus LiteShow - Remote Command Injection

Crestron AMBarco wePresent WiPGExtron ShareLinkTeq AV ITSHARP PN-L703WAOptoma WPS-ProBlackbox HD WPSInFocus LiteShow - Remote Command Injection Exploit Title: Barco/AWIND OEM Presentation Platform Unauthenticated Remote Command Injection Date: 05/01/2019 Exploit Author: Jacob Baines Tested on:...

BoF-Challenge4

The last challenge, find the vulnerable function dissasembly the code and get code execution trough a payload. include include include include char getpath char buffer64; unsigned int ret; printf"input path please: "; fflushstdout; getsbuffer; ret = builtinreturnaddress0; ifret & 0xb0000000 ==...

CrackMeJ1

This is a multi-staged crackme that implements several protections for antidebugging. Objective: Find the keys 3 to solve the crackme and make a keygen Hint: Run it on a VM :- / Crack Me by jSacco // This crack me uses antidebugging techniques such as: VM Detection , Traps and IsDebuggerPresent /...

EPChallenge

Yet another crack me! it implements several protections for antidebugging. Objective: Find the flag to solve the crackme. // Author jsacco include include define DEBUGBREAKa ifa if IsDebuggerPresent debugbreak HINSTANCE ghInst; const wchart lpClassName = L"WinApp"; define LOCALMAXBUFFER 2048 HWND...

BoF-Challenge2

On this simple stack-based buffer overflow you need to identify the vulnerable function and the buffer to overflow, then inject your payload and get a local shell. include include void func char buf100; getsbuf; printf"You entered: %s\n", buf; int mainint argc, char argv func; return 0;...

BoF-Challenge1

This is an easy challenge based on a Buffer Overflow, you have to reach the secretFunction in order to win. include include // Uncalled secret function // 00000000004005b6 void secretFunction printf"Congratulations!\n"; printf"You have entered in the secret function!\n"; return; // Vulnerable...

DragonCrack

DragonCrack a C++ Crackme with an RPGStyle story-line. You have to escape the dungeon and retrieve the key. There is a Dragon in the dungeon that fights back by casting spells upon you anti-debugging techniques there is a twist at the end and you will discover that the key was always you knew...

ROP2Win

This is the solution for the ROPEmporium rop2win challenge RET2Win Solution by jSacco Description: :P from struct import pack db-peda$ checksec CANARY : disabled FORTIFY : disabled NX : ENABLED PIE : disabled RELRO : Partial gdb-peda$ i functions ... 0x0804857b main 0x080485f6 pwnme 0x08048659...

BoF-Challenge3

A bit more difficult, On this simple stack-based buffer overflow you need to again identify the vulnerable function and the buffer to overflow, then inject your payload and get a local shell. include include include include void getpath char buffer64; unsigned int ret; printf"input path please: "...

ROPSplit

This is the solution for the ROPEmporium Split challenge Split Solution by jSacco Description: :P from struct import pack gef- got GOT protection: Partial RelRO | GOT functions: 7 ... 0x804a018 [email protected] → 0x8048436 ... gef strings ... 0x804a030: /bin/cat flag.txt ... gdb-peda$ ropgadget re...

CentOS Web Panel 0.9.8.793 (Free) v0.9.8.753 (Pro) 0.9.8.807 (Pro) - Domain Field (Add DNS Zone) Cross-Site Scripting

CentOS Web Panel 0.9.8.793 Free v0.9.8.753 Pro 0.9.8.807 Pro - Domain Field Add DNS Zone Cross-Site Scripting Exploit Title: CentOS Web Panel - Domain Field Add DNS Zone Cross-Site Scripting Vulnerability Google Dork: N/A Date: 22 - April - 2019 Exploit Author: DKM Vendor Homepage:...

Moodle 3.6.3 - Install Plugin Remote Command Execution (Metasploit)

Moodle 3.6.3 - Install Plugin Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Moodle 3.6.3 - 'Install Plugin' Remote Command Execution", 'Description' = %q...

Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery

Intelbras IWR 3000N 1.5.0 - Cross-Site Request Forgery IWR 3000N - CSRF on authenticated administrator Exploit! Click the button to get the login and password. function exploit $.get "http://localhost:80/v1/system/user" .done data = alert data ; .failfunction err, status alert status ; ;...

SpotAuditor 5.2.6 - Name Denial of Service (PoC)

SpotAuditor 5.2.6 - Name Denial of Service PoC Exploit Title: SpotAuditor 5.2.6 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-27 Vendor Homepage: www.nsauditor.com Software Link: http://spotauditor.nsauditor.com/downloads/spotauditorsetup.exe Tested Version...

Joomla! Component JiFile 2.3.1 - Arbitrary File Download

Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Title: Joomla! Component JiFile 2.3.1 - Arbitrary File Download Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 28, 2019 Vendor Homepage: http://www.isapp.it Software Link :...

Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution

Oracle Weblogic 10.3.6.0.0 12.1.3.0.0 - Remote Code Execution !/usr/bin/python Exploit Title: Oracle Weblogic Exploit CVE-2019-2725 Date: 30/04/2019 Exploit Author: Avinash Kumar Thapa Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Software Link:...

Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting

Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-Site Scripting Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Stored XSS Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Software Link:...

Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery

Veeam ONE Reporter 9.5.0.3201 - Multiple Cross-Site Request Forgery Exploit Title: Veeam ONE Reporter - Cross-Site Request Forgery All Actions/Methods Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com/ Softwa...

Hyvikk Fleet Manager - Shell Upload

Hyvikk Fleet Manager - Shell Upload ======================================================================================== | Fleet Manager hyvikk Shell Upload Date: 29-04-2019 Title : Fleet Manager by hyvikk All versions | Author : saxgy1331 - Kaieteur-Falls-1331 | Vendor Homepage:...

Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification

Linux - Missing Locking Between ELF coredump code and userfaultfd VMA Modification elfcoredump has a comment back from something like 2.5.43-C3 that says: / We no longer stop all VM operations. This is because those proceses that could possibly change mapcount or the mmap / vma pages are now...

Netgear DGN2200 DGND3700 - Admin Password Disclosure

Netgear DGN2200 DGND3700 - Admin Password Disclosure /bin/bash PoC based on CVE-2016-5649 created by Social Engineering Neo. Long Method: https://www.youtube.com/watch?v=f3awG0XPKAs https://www.shodan.io/search?query=DGN2200 = 2,325 possible vulnerable devices...

Freefloat FTP Server 1.0 - SIZE Remote Buffer Overflow

Freefloat FTP Server 1.0 - SIZE Remote Buffer Overflow Exploit Title: Free Float FTP 1.0 "SIZE" Remote Buffer Overflow Google Dork: N/A Date: 4/26/2019 Exploit Author: Kevin Randall Vendor Homepage: Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: Firmware: Free...

Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting (AddEdit Widget)

Veeam ONE Reporter 9.5.0.3201 - Persistent Cross-site Scripting AddEdit Widget Exploit Title: Veeam ONE Reporter - Stored Cross-site Scripting Add/Edit Widget Exploit Author: Seyed Sadegh Khatami Website: https://www.cert.ir Date: 2019-04-27 Google Dork: N/A Vendor Homepage: https://www.veeam.com...

DeviceViewer 3.12.0.1 - user SEH Overflow

DeviceViewer 3.12.0.1 - user SEH Overflow Exploit Title: DeviceViewer v3.12.0.1 username field SEH overflow PoC Discovery Date: 25/04/2019 Exploit Author: Hayden Wright Vendor Homepage: www.sricam.com/ Software Link: http://download.sricam.com/Manual/DeviceViewer.exe Version: v3.12.0.1 Tested on:...