iScripts ReserveLogic - SQL Injection

iScripts ReserveLogic - SQL Injection Exploit Title: iScripts ReserveLogic - SQL Injection Date: 29.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.iscripts.com/reservelogic/ Demo Site: https://www.demo.iscripts.com/reservelogic/demo/ Version: Lastest Tested on: Kali Linux...

Clinic Pro v4 - month SQL Injection

Clinic Pro v4 - month SQL Injection Title: Clinic Pro - Clinic Management Software Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://softwebinternational.com Software Link: https://cms.softwebinternational.com Category: Webapps Tested on: WAMPP @Win Software description: I...

WebKitGTK+ - ThreadedCompositor Race Condition

WebKitGTK+ - ThreadedCompositor Race Condition @keyframes foo 0% opacity: 0; 100% opacity: 1; div animation-name: foo; animation-duration: 1s; animation-iteration-count: infinite; filter: saturate50%; frame = document.createElement"iframe"; setInterval = frame.remove;...

Google Chrome 72.0.3626.96 74.0.3702.0 - JSPromise::TriggerPromiseReactions Type Confusion

Google Chrome 72.0.3626.96 74.0.3702.0 - JSPromise::TriggerPromiseReactions Type Confusion JSPromise::TriggerPromiseReactionsIsolate isolate, Handle reactions, Handle argument, PromiseReaction::Type type DCHECKreactions-IsSmi || reactions-IsPromiseReaction; // We need to reverse the reactions her...

iOS 12.2 macOS 10.14.4 XNU - pidversion Increment During execve is Unsafe

iOS 12.2 macOS 10.14.4 XNU - pidversion Increment During execve is Unsafe Privileged IPC services in userspace often have to verify the security context of their client processes such as whether the client is sandboxed, has a specific entitlement, or is signed by some code signing authority. This...

WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check

WebKit JavaScriptCore - Out-Of-Bounds Access in FTL JIT due to LICM Moving Array Access Before the Bounds Check / While fuzzing JavaScriptCore, I encountered the following JavaScript program which crashes jsc in current HEAD and release...

WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free

WebKit JavaScriptCore - CodeBlock Dangling Watchpoints Use-After-Free / While fuzzing JavaScriptCore, I encountered the following simplified and commented JavaScript program which crashes jsc from current HEAD and release: / function v9 // Some watchpoint on the LexicalEnvironment is triggered he...

Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion

Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...

Ashop Shopping Cart Software - SQL Injection

Ashop Shopping Cart Software - SQL Injection Exploit Title: Ashop Shopping Cart Software - SQL Injection Date: 03.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://www.ashopsoftware.com Software Link: https://sourceforge.net/projects/ashop/ Demo Site: http://demo.ashopsoftware.com...

WebKit JavaScriptCore - createRegExpMatchesArray Type Confusion

WebKit JavaScriptCore - createRegExpMatchesArray Type Confusion / Prerequisites ------------- In JavaScriptCore, JSObjects have an associated Structure: an object describing various aspects of the JSObject such as its type, its properties, and the type of elements being stored e.g. unboxed double...

PhreeBooks ERP 5.2.3 - Arbitrary File Upload

PhreeBooks ERP 5.2.3 - Arbitrary File Upload PhreeBooks ERP v5.2.3 - Arbitrary File Upload Date: 03.04.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://www.phreesoft.com/ Software Link: https://sourceforge.net/projects/phreebooks/files/latest/download Category: Webapps Version: 5.2.3...

Google Chrome 73.0.3683.39 Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusion

Google Chrome 73.0.3683.39 Chromium 74.0.3712.0 - ReadableStream Internal Object Leak Type Confusion binding // These values are only used when serialization is enabled. if !RuntimeEnabledFeatures::TransferableStreamsEnabled return; v8::Local global = scriptstate-GetContext-Global; v8::Local...

Inout RealEstate - city SQL Injection

Inout RealEstate - city SQL Injection Exploit Title: Inout RealEstate - SQL Injection Date: 29.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.inoutscripts.com/products/inout-realestate/ Demo Site: http://inout-realestate.demo.inoutscripts.net/ Version: Lastest Tested on:...

AIDA64 Extreme Engineer Network Audit 5.99.4900 - SEH Buffer Overflow (EggHunter)

AIDA64 Extreme Engineer Network Audit 5.99.4900 - SEH Buffer Overflow EggHunter !/usr/bin/python Exploit Title: AIDA64 Extreme 5.99.4900 - SEH Buffer Overflow EggHunter Date: 2019-04-01 Vendor Homepage: https://www.aida64.com Software Link: http://download.aida64.com/aida64extreme599.exe Mirror...

JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery

JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery Exploit Title: JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings aka a SetWiFiSetting request to cgi-bin/qcmapwebcgi Exploit Author: Vikas Chaudhary Date: 21-01-2019 Vendor Homepage:...

phpFileManager 1.7.8 - Local File Inclusion

phpFileManager 1.7.8 - Local File Inclusion Exploit Title: phpFileManager 1.7.8 - Local File Inclusion Date: 01.04.2019 Exploit Author: Murat Kalafatoglu Vendor Homepage: https://sourceforge.net/projects/phpfm/ Software Demo: https://phpfm-demo.000webhostapp.com/ Version: v1.7.8 Category: Webapps...

WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering

WordPress Plugin PayPal Checkout Payment Gateway 1.6.8 - Parameter Tampering Exploit Title: cgi-bin/webscr?cmd=cart in the WooCommerce PayPal Checkout Payment Gateway plugin 1.6.8 for WordPress allows Parameter Tampering in an amount parameter such as amount1, as demonstrated by purchasing an ite...

LimeSurvey 3.16 - Remote Code Execution

LimeSurvey 3.16 - Remote Code Execution !/usr/bin/python Description: LimeSurvey shell.php" -p phar -o /tmp/exploit.jpg PHAR = "\x3c\x3f\x70\x68\x70\x20\x5f\x5f\x48\x41\x4c\x54\x5f\x43\x4f\x4d\x50\x49\x4c\x45\x52\x28\x29\x3b\x20\x3f\x3e\x0d\x0a\x38"...

Inout EasyRooms - SQL Injection

Inout EasyRooms - SQL Injection Exploit Title: Inout EasyRooms Ultimate Edition - SQL Injection Date: 29.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.inoutscripts.com/products/inout-easyrooms/ Demo Site: http://inout-easyrooms.demo.inoutscripts.net/ Version: v1.0 Tested...

Fiverr Clone Script 1.2.2 - SQL Injection Cross-Site Scripting

Fiverr Clone Script 1.2.2 - SQL Injection Cross-Site Scripting Exploit Title: Fiverr Clone Script 1.2.2 - SQL Injection / Cross Site Scripting Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: Apr 1, 2019 Vendor Homepage: https://www.phpscriptsmall.com Software...

CMS Made Simple 2.2.10 - SQL Injection

CMS Made Simple 2.2.10 - SQL Injection !/usr/bin/env python Exploit Title: Unauthenticated SQL Injection on CMS Made Simple = 2.2.9 Date: 30-03-2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org/ Software Link:...

CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting

CentOS Web Panel 0.9.8.789 - NameServer Field Persistent Cross-Site Scripting Exploit Title: CentOS Web Panel 0.9.8.789 - NameServer Field Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 28 - March - 2019 Exploit Author: DKM Vendor Homepage: http://centos-webpanel.com Software...

Job Portal 3.1 - job_submit SQL Injection

Job Portal 3.1 - jobsubmit SQL Injection =========================================================================================== Exploit Title: NewJobPortal v3.1 - 'jobsubmit' SQL Inj. Dork: N/A Date: 25-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...

Fat Free CRM 0.19.0 - HTML Injection

Fat Free CRM 0.19.0 - HTML Injection Exploit Title: Fat Free CRM v0.19.0 - HTML Injection Date: 2019-03-20 Exploit Author: Ismail Tasdelen Vendor Homepage: http://www.fatfreecrm.com/ Source Code : https://github.com/fatfreecrm Software : Fat Free CRM Product Version: v0.19.0 Vulnerability Type :...

Microsoft Visio 2016 16.0.4738.1000 - Log in accounts Denial of Service

Microsoft Visio 2016 16.0.4738.1000 - Log in accounts Denial of Service -⋆- coding: utf-8 -⋆- Created on Thu Feb 21 01:32:50 2019 @author: César """ Exploit Title: Microsoft Visio 2016 16.0.4738.1000 "Log in accounts" allows go on whit email formed by one thousand A in every of its parts...

Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - arac_kategori_id SQL Injection

Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - arackategoriid SQL Injection Exploit Title: Jettweb PHP Hazır Rent A Car Sitesi Scripti V2 - 'arackategoriid' SQL Injection Date: 28.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage:...

Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion

Thomson Reuters Concourse Firm Central 2.13.0097 - Directory Traversal Local File Inclusion ''' Exploit Title: Thomson Reuters Concourse & Firm Central 2.13.0097 - Directory Traversal & Local File Inclusion Date: 02/13/2019 Exploit Author: 0v3rride Vendor Homepage:...

i-doit 1.12 - qr.php Cross-Site Scripting

i-doit 1.12 - qr.php Cross-Site Scripting Exploit Title: i-doit 1.12 Cross Site Scripting on qr.php file Date: 28-03-2019 Software Link: https://www.i-doit.org/ Version: 1.12 Exploit Author: BlackFog Team Contact: [email protected] Website: https://securelayer7.net Category: webapps Tested on...

Airbnb Clone Script - Multiple SQL Injection

Airbnb Clone Script - Multiple SQL Injection Exploit Title: Homey BNB Airbnb Clone Script - Multiple SQL Injection Date: 27.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.doditsolutions.com/airbnb-clone-script/ Demo Site: http://sitedemos.in/homeybnb/ Version: V4 Tested on...

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion

WordPress Plugin Loco Translate 2.2.1 - Local File Inclusion Exploit Title: Wordpress Loco Translate Version 2.2.1 Plugin LFI Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: https://localise.biz/ Software Link: https://wordpress.org/plugins/loco-translate...

BigTree 4.3.4 CMS - Multiple SQL Injection

BigTree 4.3.4 CMS - Multiple SQL Injection =========================================================================================== Exploit Title: BigTree CMS - 'parent' SQL Inj. Dork: N/A Date: 24-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.bigtreecms.org/ Software...

gnutls 3.6.6 - verify_crt() Use-After-Free

gnutls 3.6.6 - verifycrt Use-After-Free Description of problem: This is a critical memory corruption vulnerability in any API backed by verifycrt, including gnutlsx509trustlistverifycrt and related routines. I suspect any client or server that verifies X.509 certificates with GnuTLS is likely...

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion (PoC)

WordPress Plugin Anti-Malware Security and Brute-Force Firewall 4.18.63 - Local File Inclusion PoC Exploit Title: Wordpress Anti-Malware Security and Bruteforce Firewall - Local File Inclusion Google Dork: N/A Date: 03 / 26 / 2019 Exploit Author: Ali S. Ahmad S4R1N Vendor Homepage: N/A Software...

Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH Egghunter)

Base64 Decoder 1.1.2 - Local Buffer Overflow SEH Egghunter !/usr/bin/env python Exploit Title: Base64 Decoder 1.1.2 Local Buffer Overflow SEH + Egghunter Date: 28.03.2019 Exploit Author: Paolo Perego - [email protected] Vendor Homepage: http://4mhz.de/b64dec.html Software Link:...

Jettweb Hazır Rent A Car Scripti V4 - SQL Injection

Jettweb Hazır Rent A Car Scripti V4 - SQL Injection Exploit Title: Jettweb Hazır Rent A Car Scripti V4 - SQL Injection Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/u-46-php-hazir-rent-a-car-scripti-v4.html Demo Site: http://rentv4.proemlaksitesi.net/...

Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection

Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection Exploit Title: Jettweb Php Hazır İlan Sitesi Scripti V2 - SQL Injection Date: 25.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/c-23-ilan-Siteleri.html Demo Site: http://ilanv2.proemlaksitesi.net Version: V2...

SJS Simple Job Script - SQL Injection Cross-Site Scripting

SJS Simple Job Script - SQL Injection Cross-Site Scripting Exploit Title: Simple Job Script - Multiple Vulnerabilities Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://simplejobscript.com/ Download Link: https://github.com/niteosoft/simplejobscript/archive/master.zip De...

Titan FTP Server Version 2019 Build 3505 - Directory Traversal Local File Inclusion

Titan FTP Server Version 2019 Build 3505 - Directory Traversal Local File Inclusion Exploit Title: Titan FTP Server Version 2019 Build 3505 Directory Traversal/Local File Inclusion Google Dork: N/A Date: 3/26/2019 Exploit Author: Kevin Randall Vendor Homepage: https://titanftp.com/ Software Link:...

XooDigital - p SQL Injection

XooDigital - p SQL Injection Exploit Title: XooDigital - 'p' SQL Injection Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://xooscripts.com/product/digital-download-protection-script.html Demo Site: http://xooscripts.com/demos/xoodigital/ Version: Lastest Tested on: Kali...

Firefox 66.0.1 - Array.prototype.slice Buffer Overflow

Firefox 66.0.1 - Array.prototype.slice Buffer Overflow let size = 64; garr = ; j = 0; function gc var tmp = ; forlet i = 0;i...

XooGallery - Multiple SQL Injection

XooGallery - Multiple SQL Injection Exploit Title: XooGallery - Multiple SQL Injections Date: 26.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://xooscripts.com/product/html5-php-photo-gallery.html Demo Site: http://xooscripts.com/demos/xoogallery/ Version: Lastest Tested on: Ka...

Microsoft Windows 72008 - Win32k Denial of Service (PoC)

Microsoft Windows 72008 - Win32k Denial of Service PoC Exploit Title: Microsoft Windows Win32k CVE-2019-0808 Local Privilege Escalation Vulnerability Date: 24/03/2019 Exploit Author: ze0r Vendor Homepage: www.microsoft.com Version: Microsoft Windows 7/ Server 2008 CVE : CVE-2019-0808...

Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR

Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR / A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement OSR allows the compilation of JITed functions that cause type confusions between...

Rukovoditel ERP CRM 2.4.1 - path Cross-Site Scripting

Rukovoditel ERP CRM 2.4.1 - path Cross-Site Scripting Exploit Title: Rukovoditel ERP & CRM 2.4.1 - 'path' Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2019-03-24 Google Dork: N/A Vendor: Rukovoditel Software Link:...

Jettweb PHP Hazır Haber Sitesi Scripti V3 - SQL Injection

Jettweb PHP Hazır Haber Sitesi Scripti V3 - SQL Injection Exploit Title: Jettweb PHP Hazır Haber Sitesi Scripti V3 - Multiple Vulnerabilities Date: 25.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/u-16-php-hazir-haber-sitesi-scripti-v3.html Demo Site:...

Zeeways Matrimony CMS - SQL Injection

Zeeways Matrimony CMS - SQL Injection Exploit Title: Zeeways Matrimony CMS - SQL Injection Date: 25.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://www.zeeways.com/matrimony-cms/4/productdetail Demo Site: http://www.zeewayscms.com/matrimony/ Version: Lastest Tested on: Kali Linu...

Jettweb PHP Hazır Haber Sitesi Scripti V1 - SQL Injection

Jettweb PHP Hazır Haber Sitesi Scripti V1 - SQL Injection Exploit Title: Jettweb PHP Hazır Haber Sitesi Scripti V1 - Multiple Vulnerabilities Date: 23.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/u-5-php-hazir-haber-sitesi-scripti-v1.html Demo Site:...

VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation

VMware Workstation 14.1.5 VMware Player 15.0.2 - Host VMX Process Impersonation Hijack Privilege Escalation VMware: Host VMX Process Impersonation Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15.0.2. Class: Elevation of Privilege Summary: The...

Apache CouchDB 2.3.1 - Cross-Site Request Forgery Cross-Site Scripting

Apache CouchDB 2.3.1 - Cross-Site Request Forgery Cross-Site Scripting Exploit Title: Apache CouchDB 2.3.1 | Cross-Site Request Forgery / Cross-Site Scripting Date: 22.03.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download...

Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection (Authentication Bypass)

Jettweb PHP Hazır Haber Sitesi Scripti V2 - SQL Injection Authentication Bypass Exploit Title: Jettweb PHP Hazır Haber Sitesi Scripti V2 - Authentication Bypass Date: 25.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://jettweb.net/u-6-php-hazir-haber-sitesi-scripti-v2.html Demo...