41207 matches found
Zoho ManageEngine ADManager Plus 6.6 (Build 6659) - Privilege Escalation
Zoho ManageEngine ADManager Plus 6.6 Build 6659 - Privilege Escalation Exploit Title: Zoho ManageEngine ADManager Plus 6.6 Build 6659 Privilege Escalation Date: 15th April 2019 Exploit Author: Digital Interruption Vendor Homepage: https://www.manageengine.co.uk/ Version: 6.6 Build 6658 Tested on:...
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTION_OBJECT_POINTERS Race Condition Privilege Escalation
Microsoft Windows 10 1809 - LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition Privilege Escalation Windows: LUAFV PostLuafvPostReadWrite SECTIONOBJECTPOINTERS Race Condition EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Window...
Zyxel ZyWall 310 ZyWall 110 USG1900 ATP500 USG40 - Login Page Cross-Site Scripting
Zyxel ZyWall 310 ZyWall 110 USG1900 ATP500 USG40 - Login Page Cross-Site Scripting Exploit Title: Reflected XSS on Zyxel login pages Date: 10 Apr 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://www.zyxel.com/us/en/ Version: V4.31 Tested on: ZyWall 310, ZyWall 110, USG1900, ATP500, USG4...
Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation
Microsoft Windows 10 1809 - LUAFV LuafvCopyShortName Arbitrary Short Name Privilege Escalation Windows: LUAFV LuafvCopyShortName Arbitrary Short Name EoP Platform: Windows 10 1809 not tested earlier Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User bounda...
PCHelpWare V2 1.0.0.5 - Group Denial of Service (PoC)
PCHelpWare V2 1.0.0.5 - Group Denial of Service PoC -- coding: utf-8 -- Exploit Title: PCHelpWareV2 1.0.0.5 - 'Group' Denial of Service PoC Date: 15/04/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.uvnc.com/home.html Software Link: http://www.uvnc.eu/download/pchw2/PCHelpWareV2.msi...
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal Authenticated Arbitrary File Deletion
Joomla Core 1.5.0 - 3.9.4 - Directory Traversal Authenticated Arbitrary File Deletion Exploit Title: Joomla Core 1.5.0 through 3.9.4 - Directory Traversal && Authenticated Arbitrary File Deletion Date: 2019-March-13 Exploit Author: Haboob Team Web Site: haboob.sa Email: [email protected] Softwar...
CuteNews 2.1.2 - avatar Remote Code Execution (Metasploit)
CuteNews 2.1.2 - avatar Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "CuteNews 2.1.2 - 'avatar' Remote Code Execution", 'Description' = %q This module exploit...
DirectAdmin 1.561 - Multiple Vulnerabilities
DirectAdmin 1.561 - Multiple Vulnerabilities Title: DirectAdmin Multiple Vulnerabilities to Takeover the Server = v1.561 Date: 12.04.2019 Author: InfinitumIT Vendor Homepage: https://www.directadmin.com/ Version: Up to v1.561. CVE: CVE-2019-11193 [email protected] && infinitumit.com.tr...
MailCarrier 2.51 - POP3 LIST SEH Buffer Overflow
MailCarrier 2.51 - POP3 LIST SEH Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "LIST" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact...
MailCarrier 2.51 - POP3 USER Buffer Overflow
MailCarrier 2.51 - POP3 USER Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 - Remote Buffer Overflow in "USER" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact:...
MailCarrier 2.51 - RCPT TO Buffer Overflow
MailCarrier 2.51 - RCPT TO Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 'RCPT TO' - Buffer Overflow Remote Date: 12/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact:...
UltraVNC Viewer 1.2.2.4 - VNC Server Denial of Service (PoC)
UltraVNC Viewer 1.2.2.4 - VNC Server Denial of Service PoC Exploit Title: UltraVNC Viewer 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-14 Vendor Homepage: https://www.uvnc.com/ Software Link:...
UltraVNC Launcher 1.2.2.4 - Path Denial of Service (PoC)
UltraVNC Launcher 1.2.2.4 - Path Denial of Service PoC Exploit Title: UltraVNC Launcher 1.2.2.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-04-14 Vendor Homepage: https://www.uvnc.com/ Software Link:...
MailCarrier 2.51 - POP3 TOP SEH Buffer Overflow
MailCarrier 2.51 - POP3 TOP SEH Buffer Overflow !/usr/bin/python Exploit Title: MailCarrier 2.51 - SEH Remote Buffer Overflow in "TOP" commandPOP3 Date: 14/04/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.tabslab.com/ Version: 2.51 Software Link: N.A Contact:...
RemoteMouse 3.008 - Arbitrary Remote Command Execution
RemoteMouse 3.008 - Arbitrary Remote Command Execution Exploit Title: Remote Mouse 3.008 - Failure to Authenticate Date: 2019-09-04 Exploit Author: 0rphon Software Link: https://www.remotemouse.net/ Version: 3.008 Tested on: Windows 10 Remote Mouse 3.008 fails to check for authenication and will...
ATutor 2.2.4 - file_manager Remote Code Execution (Metasploit)
ATutor 2.2.4 - filemanager Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "ATutor %q This module allows the user to run commands on the server with teacher user...
Microsoft Internet Explorer 11 - XML External Entity Injection
Microsoft Internet Explorer 11 - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt + ISR: ApparitionSec Vendor...
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass
CyberArk EPM 10.2.1.603 - Security Restrictions Bypass Exploit Title: CyberArk Endpoint bypass Google Dork: - Date: 03/06/2018 Exploit Author: Alpcan Onaran, Mustafa Kemal Can Vendor Homepage: https://www.cyberark.com Software Link: - Version: 10.2.1.603 Tested on: Windows 10 CVE : CVE-2018-14894...
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting Exploit Title: Multiple Stored and Reflected XSS vulnerabilities in D-Link DI-524 Date: April 6, 2019 Exploit Author: Semen Alexandrovich Lyhin https://www.linkedin.com/in/semenlyhin/ Vendor Homepage: https://www.dlink.com Version: D-Link DI-5...
FTPShell Server 6.83 - Account name to ban Local Buffer
FTPShell Server 6.83 - Account name to ban Local Buffer !/usr/bin/python Exploit Title: FTP Shell Server 6.83 'Account name to ban' Buffer Overflow Date: 09-04-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.ftpshell.com/index.htm Version: 6.83 Software Link :...
FTPShell Server 6.83 - Virtual Path Mapping Local Buffer
FTPShell Server 6.83 - Virtual Path Mapping Local Buffer !/usr/bin/python Exploit Title: FTP Shell Server 6.83 'Virtual Path Mapping' Buffer Overflow Date: 09-04-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.ftpshell.com/index.htm Version: 6.83 Software Link :...
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution
Dell KACE Systems Management Appliance K1000 6.4.120756 - Unauthenticated Remote Code Execution !/usr/bin/python Exploit Title: Dell KACE Systems Management Appliance K1000 = 6.4.120756 Unauthenticated RCE Version: = 6.4.120756 Date: 2019-04-09 Author: Julien Ahrens @MrTuxracer Software Link:...
Microsoft Windows - AppX Deployment Service Privilege Escalation
Microsoft Windows - AppX Deployment Service Privilege Escalation This vulnerability allows low privileged users to hijack file that are owned by NT AUTHORITY\SYSTEM by overwriting permissions on the targeted file. Successful exploitation results in "Full Control" permissions for the low privilege...
Ashop Shopping Cart Software - bannedcustomers.php?blacklistitemid SQL Injection
Ashop Shopping Cart Software - bannedcustomers.php?blacklistitemid SQL Injection Exploit Title: Ashop Shopping Cart Software - SQL Injection Date: 08.04.2019 Exploit Author: Doğukan Karaciğer Vendor Homepage: http://www.ashopsoftware.com Software Link: https://sourceforge.net/projects/ashop/ Demo...
Apache Axis 1.4 - Remote Code Execution
Apache Axis 1.4 - Remote Code Execution +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Apache Axis 1.4 Remote Code Execution CVE-2019-0227 https://rhinosecuritylabs.com/Application-Security/CVE-2019-0227-Expired-Domain-to-RCE-in-Apache-Axis...
TP-LINK TL-WR940N TL-WR941ND - Buffer Overflow
TP-LINK TL-WR940N TL-WR941ND - Buffer Overflow Author Grzegorz Wypych - h0rac TP-LINK TL-WR940N/TL-WR941ND buffer overflow remote shell exploit import requests import md5 import base64 import string import struct import socket password = md5.new'admin'.hexdigest cookie =...
FlexHEX 2.71 - SEH Buffer Overflow (Unicode)
FlexHEX 2.71 - SEH Buffer Overflow Unicode !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: FlexHEX 2.71 - Local Buffer Overflow SEH Unicode Date: 06-04-2019 Vulnerable Software: FlexHEX 2.71 Vendor Homepage: http://www.flexhex.com Version: 2.71 Software Link:...
River Past Cam Do 3.7.6 - Activation Code Local Buffer Overflow
River Past Cam Do 3.7.6 - Activation Code Local Buffer Overflow !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: River Past Cam Do 3.7.6 Local Buffer Overflow in Activation Code Date: 07-04-2019 Vulnerable Software: River Past Cam Do 3.7.6 Vendor Homepage: http://www.flexhex.com Versio...
Tradebox CryptoCurrency - symbol SQL Injection
Tradebox CryptoCurrency - symbol SQL Injection Title: Tradebox - CryptoCurrency Buy Sell and Trading Date: 04.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://www.bdtask.com Software Link: tradebox.bdtask.com/demo-v5.3/ Version: 5.4 Category: Webapps Tested on: WAMPP @Win Software...
CentOS Web Panel 0.9.8.793 (Free) 0.9.8.753 (Pro) - Cross-Site Scripting
CentOS Web Panel 0.9.8.793 Free 0.9.8.753 Pro - Cross-Site Scripting Exploit Title: CentOS Web Panel v0.9.8.793 Free and v0.9.8.753 Pro - Email Field Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 06 - April - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com...
Bolt CMS 3.6.6 - Cross-Site Request Forgery Remote Code Execution
Bolt CMS 3.6.6 - Cross-Site Request Forgery Remote Code Execution history.pushState'', '', '/' function exploit var target = "http://127.0.0.1" var boltadminurl = target + "/bolt"; var xhr = new XMLHttpRequest; xhr.open"POST", boltadminurl + "/upload", true; xhr.setRequestHeader"Accept",...
ShoreTel Connect ONSITE 19.49.1500.0 - Multiple Vulnerabilities
ShoreTel Connect ONSITE 19.49.1500.0 - Multiple Vulnerabilities Exploit Title: Shoretel Connect Multiple Vulnerability Google Dork: inurl:/signin.php?ret= Date: 14/06/2017 Author: Ramikan Vendor Homepage: https://www.shoretel.com/ Software Link:...
Jobgator - experience SQL Injection
Jobgator - experience SQL Injection Exploit Title: NCrypted Jobgator - SQL Injection Date: 05.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.ncrypted.net/jobgator/ Demo Site: https://demo.ncryptedprojects.com/jobgator/ Version: Lastest Tested on: Kali Linux CVE: N/A -----...
SaLICru -SLC-20-cube3(5) - HTML Injection
SaLICru -SLC-20-cube35 - HTML Injection Exploit Title: Reflected HTML Injection Google Dork: None Date: 16/12/2015 Exploit Author: Ramikan Vendor Homepage:https://www.salicru.com/en/ Software Link: N/A Version: Tested on SaLICru -SLC-20-cube35. Firmware: cs121-SNMP v4.54.82.130611 CVE :...
ManageEngine ServiceDesk Plus 9.3 - User Enumeration
ManageEngine ServiceDesk Plus 9.3 - User Enumeration Exploit Title: ManageEngine ServiceDesk Plus - 9.3 User enumeration vulnerability Date: 2019-03-29 Exploit Author: Operat0r Vendor Homepage: https://www.manageengine.com/ Software Link:...
AllPlayer 7.4 - SEH Buffer Overflow (Unicode)
AllPlayer 7.4 - SEH Buffer Overflow Unicode !/usr/bin/python -w Exploit Author: Chris Au Exploit Title: AllPlayer V7.4 - Local Buffer Overflow SEH Unicode Date: 07-04-2019 Vulnerable Software: AllPlayer V7.4 Vendor Homepage: https://www.allplayer.org/ Version: 7.4 Software Link:...
WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass
WordPress Plugin Limit Login Attempts Reloaded 2.7.4 - Login Limit Bypass !/usr/bin/env node const request = require"request" / Exploit Title: Limit Login Attempts Reloaded by WPChef rate limiter bypass Date: 2019-04-08 Exploit Author: isdampe Software Link:...
QNAP Netatalk 3.1.12 - Authentication Bypass
QNAP Netatalk 3.1.12 - Authentication Bypass Exploit Title: QNAP Netatalk Authentication Bypass Date: 12/20/2018 Original Exploit Author: Jacob Baines Modifications for QNAP devices: Mati Aharoni Vendor Homepage: http://netatalk.sourceforge.net/ Software Link:...
Download Accelerator Plus (DAP) 10.0.6.0 - SEH Buffer Overflow
Download Accelerator Plus DAP 10.0.6.0 - SEH Buffer Overflow !/usr/bin/python Exploit Title: Download Accelerator Plus DAP 10.0.6.0 - SEH Buffer Overflow Date: 2019-04-05 Vendor Homepage: http://www.speedbit.com/dap/ Software Link: http://www.speedbit.com/dap/download/downloading.asp Exploit...
Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation
Apache 2.4.17 2.4.38 - apache2ctl graceful logrotate Local Privilege Escalation ?php CARPE DIEM: CVE-2019-0211 Apache Root Privilege Escalation Charles Fol @cfreal 2019-04-08 INFOS https://cfreal.github.io/carpe-diem-cve-2019-0211-apache-local-root.html USAGE 1. Upload exploit to Apache HTTP serv...
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested o...
Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation
Manage Engine ServiceDesk Plus 10.0 - Privilege Escalation !/usr/bin/python Exploit Title: Manage Engine ServiceDesk Plus Version 10.0 Privilege Escalation Date: 30-03-2019 Exploit Author: Ata Hakçıl, Melih Kaan Yıldız Vendor: ManageEngine Vendor Homepage: www.manageengine.com Product: Service De...
AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow
AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow !/usr/bin/python Exploit Title: AIDA64 Extreme 5.99.4900 - Logging SEH Buffer Overflow Date: 2019-04-02 Vendor Homepage: https://www.aida64.com Software Link: http://download.aida64.com/aida64extreme599.exe Mirror Link :...
AIDA64 Engineer 5.99.4900 - Load from file Field Buffer Overflow (SEH)
AIDA64 Engineer 5.99.4900 - Load from file Field Buffer Overflow SEH !/usr/bin/python Exploit Title: AIDA64 Engineer 5.99.4900 - 'Load from file' Field Buffer Overflow SEH Date: 04-04-2019 Exploit Author: Anurag Srivastava and Vardan Bansal Website: www.theanuragsrivastava.in Vulnerable Software:...
FreeSMS 2.1.2 - SQL Injection (Authentication Bypass)
FreeSMS 2.1.2 - SQL Injection Authentication Bypass Exploit Title: FreeSMS 2.1.2 - Authentication Bypass Date: 2019-04-03 Exploit Author: Yilmaz Degirmenci Vendor Homepage: https://freesms.sourceforge.io/ Software Link: https://sourceforge.net/projects/freesms/ Version: v2.1.2 Category: Webapps...
Magic ISO Maker 5.5(build 281) - Serial Code Denial of Service (PoC)
Magic ISO Maker 5.5build 281 - Serial Code Denial of Service PoC -- coding: utf-8 -- Exploit Title: Magic Iso Maker 5.5build 281 - "Serial Code" Denial of Service PoC Date: 03/04/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.magiciso.com Software Link:...
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check
WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check / While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc in current HEAD and release...
Google Chrome 73.0.3683.39 Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusion
Google Chrome 73.0.3683.39 Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusion binding // These values are only used when serialization is enabled. if !RuntimeEnabledFeatures::TransferableStreamsEnabled return; v8::Local global = scriptstate-GetContext-Global; v8::Local...
TeemIp IPAM 2.4.0 - new_config Command Injection (Metasploit)
TeemIp IPAM 2.4.0 - newconfig Command Injection Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "TeemIp IPAM %q This module exploits a command injection vulnerability in TeemIp versio...
Clinic Pro v4 - month SQL Injection
Clinic Pro v4 - month SQL Injection Title: Clinic Pro - Clinic Management Software Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: I...