PCHelpWare V2 1.0.0.5 - Group Denial of Service (PoC)

PCHelpWare V2 1.0.0.5 - Group Denial of Service PoC -- coding: utf-8 -- Exploit Title: PCHelpWareV2 1.0.0.5 - 'Group' Denial of Service PoC Date: 15/04/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.uvnc.com/home.html Software Link: http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi...

Zyxel ZyWall 310 ZyWall 110 USG1900 ATP500 USG40 - Login Page Cross-Site Scripting

Zyxel ZyWall 310 ZyWall 110 USG1900 ATP500 USG40 - Login Page Cross-Site Scripting Exploit Title: Reflected XSS on Zyxel login pages Date: 10 Apr 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://www.zyxel.com/us/en/ Version: V4.31 Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG4...

AdminExpress 1.2.5 - Folder Path Denial of Service (PoC)

AdminExpress 1.2.5 - Folder Path Denial of Service PoC -- coding: utf-8 -- !/usr/bin/python Exploit Title: AdminExpress 1.2.5 - Denial of Service PoC Date: 2019-04-12 Exploit Author: Mücahit İsmail Aktaş Software Link: https://admin-express.en.softonic.com/ Version: 1.2.5.485 Tested on: Windows X...

Zoho ManageEngine ADManager Plus 6.6 (Build 6659) - Privilege Escalation

Zoho ManageEngine ADManager Plus 6.6 Build 6659 - Privilege Escalation Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Date: 15th April 2019 Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on:...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cache Manager Poisoning Privilege Escalation Windows: LUAFV Delayed Virtualization Cache Manager Poisoning EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteri...

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation

Microsoft Windows 10 1809 - LUAFV Delayed Virtualization Cross Process Handle Duplication Privilege Escalation Windows: LUAFV Delayed Virtualization Cross Process Handle Duplication EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Securi...

MailCarrier 2.51 - POP3 TOP SEH Buffer Overflow

MailCarrier 2.51 - POP3 TOP SEH Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "TOP" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact:...

CuteNews 2.1.2 - avatar Remote Code Execution (Metasploit)

CuteNews 2.1.2 - avatar Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CuteNews 2.1.2 - 'avatar' Remote Code Execution", 'Description' = %q This module exploit...

MailCarrier 2.51 - POP3 USER Buffer Overflow

MailCarrier 2.51 - POP3 USER Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 - Remote Buffer Overflow in "USER" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact:...

MailCarrier 2.51 - POP3 LIST SEH Buffer Overflow

MailCarrier 2.51 - POP3 LIST SEH Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "LIST" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact...

UltraVNC Viewer 1.2.2.4 - VNC Server Denial of Service (PoC)

UltraVNC Viewer 1.2.2.4 - VNC Server Denial of Service PoC Exploit Title: UltraVNC Viewer 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-14 Vendor Homepage: https://www.uvnc.com/ Software Link:...

MailCarrier 2.51 - RCPT TO Buffer Overflow

MailCarrier 2.51 - RCPT TO Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 'RCPT TO' - Buffer Overflow Remote Date: 12/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact:...

RemoteMouse 3.008 - Arbitrary Remote Command Execution

RemoteMouse 3.008 - Arbitrary Remote Command Execution Exploit Title: Remote Mouse 3.008 - Failure to Authenticate Date: 2019-09-04 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will...

UltraVNC Launcher 1.2.2.4 - Path Denial of Service (PoC)

UltraVNC Launcher 1.2.2.4 - Path Denial of Service PoC Exploit Title: UltraVNC Launcher 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-14 Vendor Homepage: https://www.uvnc.com/ Software Link:...

DirectAdmin 1.561 - Multiple Vulnerabilities

DirectAdmin 1.561 - Multiple Vulnerabilities Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && infinitumit.com.tr...

Microsoft Internet Explorer 11 - XML External Entity Injection

Microsoft Internet Explorer 11 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt + ISR: ApparitionSec Vendor...

ATutor 2.2.4 - file_manager Remote Code Execution (Metasploit)

ATutor 2.2.4 - filemanager Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...

CyberArk EPM 10.2.1.603 - Security Restrictions Bypass

CyberArk EPM 10.2.1.603 - Security Restrictions Bypass Exploit Title: CyberArk Endpoint bypass Google Dork: - Date: 03/06/2018 Exploit Author: Alpcan Onaran, Mustafa Kemal Can Vendor Homepage: https://www.cyberark.com Software Link: - Version: 10.2.1.603 Tested on: Windows 10 CVE : CVE-2018-14894...

FTPShell Server 6.83 - Account name to ban Local Buffer

FTPShell Server 6.83 - Account name to ban Local Buffer !/usr/bin/python Exploit Title: FTP Shell Server 6.83 'Account name to ban' Buffer Overflow Date: 09-04-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.ftpshell.com/index.htm Version: 6.83 Software Link :...

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting

D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 Date: April 6, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: https://www.dlink.com Version: D-Link DI-5...

Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution

Dell KACE Systems Management Appliance K1000 6.4.120756 - Unauthenticated Remote Code Execution !/usr/bin/python Exploit Title: Dell KACE Systems Management Appliance K1000 = 6.4.120756 Unauthenticated RCE Version: = 6.4.120756 Date: 2019-04-09 Author: Julien Ahrens @MrTuxracer Software Link:...

FTPShell Server 6.83 - Virtual Path Mapping Local Buffer

FTPShell Server 6.83 - Virtual Path Mapping Local Buffer !/usr/bin/python Exploit Title: FTP Shell Server 6.83 'Virtual Path Mapping' Buffer Overflow Date: 09-04-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.ftpshell.com/index.htm Version: 6.83 Software Link :...

Microsoft Windows - AppX Deployment Service Privilege Escalation

Microsoft Windows - AppX Deployment Service Privilege Escalation This vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file. Successful exploitation results in "Full Control" permissions for the low privilege...

TP-LINK TL-WR940N TL-WR941ND - Buffer Overflow

TP-LINK TL-WR940N TL-WR941ND - Buffer Overflow Author Grzegorz Wypych - h0rac TP-LINK TL-WR940N/TL-WR941ND buffer overflow remote shell exploit import requests import md5 import base64 import string import struct import socket password = md5.new'admin'.hexdigest cookie =...

Ashop Shopping Cart Software - bannedcustomers.php?blacklistitemid SQL Injection

Ashop Shopping Cart Software - bannedcustomers.php?blacklistitemid SQL Injection Exploit Title: Ashop Shopping Cart Software - SQL Injection Date: 08.04.2019 Exploit Author: Doğukan Karaciğer Vendor Homepage: http://www.ashopsoftware.com Software Link: https://sourceforge.net/projects/ashop/ Demo...

Apache Axis 1.4 - Remote Code Execution

Apache Axis 1.4 - Remote Code Execution +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apache Axis 1.4 Remote Code Execution CVE-2019-0227 https://rhinosecuritylabs.com/Application-Security/CVE-2019-0227-Expired-Domain-to-RCE-in-Apache-Axis...

WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass

WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass !/usr/bin/env node const request = require"request" / Exploit Title: Limit Login Attempts Reloaded by WPChef rate limiter bypass Date: 2019-04-08 Exploit Author: isdampe Software Link:...

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation

Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation ?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal 2019-04-08 INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP serv...

ShoreTel Connect ONSITE 19.49.1500.0 - Multiple Vulnerabilities

ShoreTel Connect ONSITE 19.49.1500.0 - Multiple Vulnerabilities Exploit Title: Shoretel Connect Multiple Vulnerability Google Dork: inurl:/signin.php?ret= Date: 14/06/2017 Author: Ramikan Vendor Homepage: https://www.shoretel.com/ Software Link:...

Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow

Download Accelerator Plus DAP 10.0.6.0 - SEH Buffer Overflow !/usr/bin/python Exploit Title: Download Accelerator Plus DAP 10.0.6.0 - SEH Buffer Overflow Date: 2019-04-05 Vendor Homepage: http://www.speedbit.com/dap/ Software Link: http://www.speedbit.com/dap/download/downloading.asp Exploit...

FlexHEX 2.71 - SEH Buffer Overflow (Unicode)

FlexHEX 2.71 - SEH Buffer Overflow Unicode !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: FlexHEX 2.71 - Local Buffer Overflow SEH Unicode Date: 06-04-2019 Vulnerable Software: FlexHEX 2.71 Vendor Homepage: http://www.flexhex.com Version: 2.71 Software Link:...

Tradebox CryptoCurrency - symbol SQL Injection

Tradebox CryptoCurrency - symbol SQL Injection Title: Tradebox - CryptoCurrency Buy Sell and Trading Date: 04.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://www.bdtask.com Software Link: tradebox.bdtask.com/demo-v5.3/ Version: 5.4 Category: Webapps Tested on: WAMPP @Win Software...

Jobgator - experience SQL Injection

Jobgator - experience SQL Injection Exploit Title: NCrypted Jobgator - SQL Injection Date: 05.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.ncrypted.net/jobgator/ Demo Site: https://demo.ncryptedprojects.com/jobgator/ Version: Lastest Tested on: Kali Linux CVE: N/A -----...

River Past Cam Do 3.7.6 - Activation Code Local Buffer Overflow

River Past Cam Do 3.7.6 - Activation Code Local Buffer Overflow !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code Date: 07-04-2019 Vulnerable Software: River Past Cam Do 3.7.6 Vendor Homepage: http://www.flexhex.com Versio...

SaLICru -SLC-20-cube3(5) - HTML Injection

SaLICru -SLC-20-cube35 - HTML Injection Exploit Title: Reflected HTML Injection Google Dork: None Date: 16/12/2015 Exploit Author: Ramikan Vendor Homepage:https://www.salicru.com/en/ Software Link: N/A Version: Tested on SaLICru -SLC-20-cube35. Firmware: cs121-SNMP v4.54.82.130611 CVE :...

ManageEngine ServiceDesk Plus 9.3 - User Enumeration

ManageEngine ServiceDesk Plus 9.3 - User Enumeration Exploit Title: ManageEngine ServiceDesk Plus - 9.3 User enumeration vulnerability Date: 2019-03-29 Exploit Author: Operat0r Vendor Homepage: https://www.manageengine.com/ Software Link:...

QNAP Netatalk 3.1.12 - Authentication Bypass

QNAP Netatalk 3.1.12 - Authentication Bypass Exploit Title: QNAP Netatalk Authentication Bypass Date: 12/20/2018 Original Exploit Author: Jacob Baines Modifications for QNAP devices: Mati Aharoni Vendor Homepage: http://netatalk.sourceforge.net/ Software Link:...

CentOS Web Panel 0.9.8.793 (Free) 0.9.8.753 (Pro) - Cross-Site Scripting

CentOS Web Panel 0.9.8.793 Free 0.9.8.753 Pro - Cross-Site Scripting Exploit Title: CentOS Web Panel v0.9.8.793 Free and v0.9.8.753 Pro - Email Field Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 06 - April - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com...

AllPlayer 7.4 - SEH Buffer Overflow (Unicode)

AllPlayer 7.4 - SEH Buffer Overflow Unicode !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: AllPlayer V7.4 - Local Buffer Overflow SEH Unicode Date: 07-04-2019 Vulnerable Software: AllPlayer V7.4 Vendor Homepage: https://www.allplayer.org/ Version: 7.4 Software Link:...

Bolt CMS 3.6.6 - Cross-Site Request Forgery Remote Code Execution

Bolt CMS 3.6.6 - Cross-Site Request Forgery Remote Code Execution history.pushState'', '', '/' function exploit var target = "http://127.0.0.1" var boltadminurl = target + "/bolt"; var xhr = new XMLHttpRequest; xhr.open"POST", boltadminurl + "/upload", true; xhr.setRequestHeader"Accept",...

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested o...

AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow

AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow !/usr/bin/python Exploit Title: AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow Date: 2019-04-02 Vendor Homepage: https://www.aida64.com Software Link: http://download.aida64.com/aida64extreme599.exe Mirror Link :...

Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation

Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation !/usr/bin/python Exploit Title: Manage Engine ServiceDesk Plus Version 10.0 Privilege Escalation Date: 30-03-2019 Exploit Author: Ata Hakçıl, Melih Kaan Yıldız Vendor: ManageEngine Vendor Homepage: www.manageengine.com Product: Service De...

FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)

FreeSMS 2.1.2 - SQL Injection Authentication Bypass Exploit Title: FreeSMS 2.1.2 - Authentication Bypass Date: 2019-04-03 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://freesms.sourceforge.io/ Software Link: https://sourceforge.net/projects/freesms/ Version: v2.1.2 Category: Webapps...

Magic ISO Maker 5.5(build 281) - Serial Code Denial of Service (PoC)

Magic ISO Maker 5.5build 281 - Serial Code Denial of Service PoC -- coding: utf-8 -- Exploit Title: Magic Iso Maker 5.5build 281 - "Serial Code" Denial of Service PoC Date: 03/04/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.magiciso.com Software Link:...

AIDA64 Engineer 5.99.4900 - Load from file Field Buffer Overflow (SEH)

AIDA64 Engineer 5.99.4900 - Load from file Field Buffer Overflow SEH !/usr/bin/python Exploit Title: AIDA64 Engineer 5.99.4900 - 'Load from file' Field Buffer Overflow SEH Date: 04-04-2019 Exploit Author: Anurag Srivastava and Vardan Bansal Website: www.theanuragsrivastava.in Vulnerable Software:...

TeemIp IPAM 2.4.0 - new_config Command Injection (Metasploit)

TeemIp IPAM 2.4.0 - newconfig Command Injection Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "TeemIp IPAM %q This module exploits a command injection vulnerability in TeemIp versio...

AIDA64 Business 5.99.4900 - SEH Buffer Overflow (EggHunter)

AIDA64 Business 5.99.4900 - SEH Buffer Overflow EggHunter !/usr/bin/python Exploit Title: AIDA64 Business 5.99.4900 - SEH Buffer Overflow EggHunter Date: 2019-04-01 Vendor Homepage: https://www.aida64.com Software Link: https://www.aida64.com/downloads Mirror Link :...

SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)

SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types Type Confusion A bug in IonMonkey leaves type inference information inconsistent, which in turn allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites In...

PhreeBooks ERP 5.2.3 - Remote Command Execution

PhreeBooks ERP 5.2.3 - Remote Command Execution Exploit Title: PhreeBooks ERP 5.2.3 - Remote Command Execution Date: 2010-04-03 Exploit Author: Metin Yunus Kandemir kandemir Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/ Version: v5.2.3...