X-NetStat Pro 5.63 - Local Buffer Overflow

X-NetStat Pro 5.63 - Local Buffer Overflow !/usr/bin/env python --------------------------------------------------------------------------------------------------------- Exploit: X-NetStat Pro 5.63 - Local Buffer Overflow EggHunter Date: 2019-03-23 Author: Peyman Forouzan Tested Against: Winxp SP...

Zeeways Jobsite CMS - id SQL Injection

Zeeways Jobsite CMS - id SQL Injection Exploit Title: Zeeways Jobsite CMS - 'id' SQL Injection Date: 25.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://www.zeeways.com/jobsite-cms/1/productdetail Demo Site: http://www.zeewayscms.com/jobsite/ Version: Lastest Tested on: Kali Linu...

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation

VMware Workstation 14.1.5 VMware Player 15 - Host VMX Process COM Class Hijack Privilege Escalation VMware: Host VMX Process COM Class Hijack EoP Platform: VMware Workstation Windows v14.1.5 on Windows 10. Also tested VMware Player 15. Class: Elevation of Privilege Summary: COM classes used by th...

snap - seccomp BBlacklist for TIOCSTI can be Circumvented

snap - seccomp BBlacklist for TIOCSTI can be Circumvented / snap uses a seccomp filter to prevent the use of the TIOCSTI ioctl; in the source code, this filter is expressed as follows: TIOCSTI allows for faking input man ttyioctl TODO: this should be scaled back even more ioctl - !TIOCSTI In the...

Inout Article Base CMS - SQL Injection

Inout Article Base CMS - SQL Injection Exploit Title: Inout Article Base CMS - SQL Injection Date: 21.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.inoutscripts.com/products/inout-article-base/ Demo Site: http://www.inoutwebportal.com Version: Lastest Tested on: Kali Linu...

Matri4Web Matrimony Website Script - Multiple SQL Injection

Matri4Web Matrimony Website Script - Multiple SQL Injection Exploit Title: Matrimony Website Script - Multiple SQL Injection Date: 22.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.matri4web.com Demo Site: https://www.matrimonydemo.com Version: M-Plus Tested on: Kali Linux...

Meeplace Business Review Script - id SQL Injection

Meeplace Business Review Script - id SQL Injection Exploit Title: Meeplace Business Review Script - 'id' SQL Injection Date: 22.03.2019 Dork: Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://www.meeplace.com Demo Site: http://demo.meeplace.com Version: Lastest Tested on: Kali Linux CVE:...

Placeto CMS Alpha v4 - page SQL Injection

Placeto CMS Alpha v4 - page SQL Injection Placeto CMS Alpha v4 - 'page' SQL Injection Title: Placeto CMS Date: 21.03.2019 Exploit Author: Abdullah Çelebi Vendor Homepage: https://sourceforge.net/projects/placeto/ Software Link: https://sourceforge.net/projects/placeto/files/alpha-rv.4/placeto.zip...

Rails 5.2.1 - Arbitrary File Content Disclosure

Rails 5.2.1 - Arbitrary File Content Disclosure ''' Exploit Title: File Content Disclosure on Rails Date: CVE disclosed 3/16 today's date is 3/20 Exploit Author: NotoriousRebel Vendor Homepage: https://rubyonrails.org/ Software Link: https://github.com/rails/rails Version: Versions Affected: all...

The Company Business Website CMS - Multiple Vulnerabilities

The Company Business Website CMS - Multiple Vulnerabilities Exploit Title: The Company Business Website CMS - 'username' SQL Injection Date: 20.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.codester.com/items/6806/the-company-business-website-cms Demo Site:...

Canarytokens 2019-03-01 - Detection Bypass

Canarytokens 2019-03-01 - Detection Bypass Exploit Title: Canarytokens 2019-03-01 - Detection Bypass Date: 20.03.2019 Exploit Author: Benjamin Zink Loft, Gionathan "John" Reale Vendor Homepage: https://thinkst.com/ Version: up to 2019-03-01 Software Link: https://github.com/thinkst/canarytokens...

Netartmedia Vlog System - email SQL Injection

Netartmedia Vlog System - email SQL Injection Exploit Title: Netartmedia Vlog System - 'email' SQL Injection Date: 20.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/vlogsystem/ Demo Site: https://www.phpscriptdemos.com/vlogs/ Version: Lastest Tested on: Kal...

Bootstrapy CMS - Multiple SQL Injection

Bootstrapy CMS - Multiple SQL Injection Exploit Title: Bootstrapy CMS - Multiple SQL Injection Date: 21.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: http://bootstrapy.com Demo Site: http://bootstrapy.net/demo/ Version: Lastest Tested on: Kali Linux CVE: N/A ----- PoC 1: SQLi -----...

uHotelBooking System - system_page SQL Injection

uHotelBooking System - systempage SQL Injection Exploit Title: uHotelBooking System - 'systempage' SQL Injection Date: 21.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.hotel-booking-script.com Demo Site: https://www.hotel-booking-script.com/demo/ Version: Lastest Tested o...

DVD X Player 5.5.3 - .plf Buffer Overflow

DVD X Player 5.5.3 - .plf Buffer Overflow !/usr/bin/env python Exploit Title: DVD X Player 5.5.3 Buffer Overflow Date: 20.03.2019 Exploit Author: Paolo Perego - [email protected] Vendor Homepage: http://www.dvd-x-player.com Software Link:...

Netartmedia Deals Portal - Email SQL Injection

Netartmedia Deals Portal - Email SQL Injection Exploit Title: Netartmedia Deals Portal - 'Email' SQL Injection Date: 20.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/dealsportal/ Demo Site: https://www.phpscriptdemos.com/deals/i Version: Lastest Tested on:...

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery

PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Request Forgery Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Cross-Site Request Forgery CSRF Date: 14/01/2019 Exploit Author: Kumar Saurav Reference:...

Netartmedia PHP Business Directory 4.2 - SQL Injection

Netartmedia PHP Business Directory 4.2 - SQL Injection Exploit Title: Netartmedia PHP Business Directory 4.2 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.phpbusinessdirectory.com/ Demo Site: https://www.bizwebdirectory.com/ Version: 4.2 Tested on...

NetShareWatcher 1.5.8.0 - Local SEH Buffer Overflow

NetShareWatcher 1.5.8.0 - Local SEH Buffer Overflow Exploit Title: NetShareWatcher 1.5.8.0 - SEH Buffer Overflow Date: 2019-03-19 Vendor Homepage: http://netsharewatcher.nsauditor.com Software Link: http://netsharewatcher.nsauditor.com/downloads/NetShareWatchersetup.exe Exploit Author: Peyman...

Netartmedia PHP Real Estate Agency 4.0 - SQL Injection

Netartmedia PHP Real Estate Agency 4.0 - SQL Injection Exploit Title: Netartmedia PHP Real Estate Agency 4.0 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/propertyagency/ Demo Site: https://www.phpscriptdemos.com/agency/ Version: 4...

PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control

PLC Wireless Router GPN2.4P21-C-CN - Incorrect Access Control Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Incorrect Access Control Date: 14/01/2019 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2019/01/15/plc-wireless-router-gpn2-4p21-c-cn-incorrect-access-control/...

Netartmedia PHP Car Dealer - SQL Injection

Netartmedia PHP Car Dealer - SQL Injection Exploit Title: Netartmedia PHP Car Dealer- SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/autodealer/ Demo Site: https://www.phpscriptdemos.com/autodealer/ Version: Lastest Tested on: Kali...

202CMS v10beta - Multiple SQL Injection

202CMS v10beta - Multiple SQL Injection =========================================================================================== Exploit Title: 202CMS - 'loguser' SQL Inj. Dork: N/A Date: 20-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/b202cms/...

Netartmedia PHP Dating Site - SQL Injection

Netartmedia PHP Dating Site - SQL Injection Exploit Title: Netartmedia Php Dating Site - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/datingsite/ Demo Site: https://www.phpscriptdemos.com/dating/ Version: Lastest Tested on: Kali Lin...

Netartmedia Jobs Portal 6.1 - SQL Injection

Netartmedia Jobs Portal 6.1 - SQL Injection Exploit Title: Netartmedia Jobs Portal 6.1 - SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/jobsportal/ Demo Site: https://www.ittjobs.com/ Version: 6.1 Tested on: Kali Linux CVE: N/A -----...

Netartmedia PHP Mall 4.1 - SQL Injection

Netartmedia PHP Mall 4.1 - SQL Injection Exploit Title: Netartmedia PHP Mall 4.1 - Multiple SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/mall/ Demo Site: https://www.phpscriptdemos.com/mall/ Version: 4.1 Tested on: Kali Linux CVE: N...

Google Chrome M73 - Data Race in ExtensionsGuestViewMessageFilter

Google Chrome M73 - Data Race in ExtensionsGuestViewMessageFilter There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently. See the comment in the code:...

eNdonesia Portal 8.7 - Multiple Vulnerabilities

eNdonesia Portal 8.7 - Multiple Vulnerabilities =========================================================================================== Exploit Title: eNdonesia Portal 'banners.php' SQL Inj. Dork: N/A Date: 19-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://www.endonesia.org/...

Google Chrome M73 - Double-Destruction Race in StoragePartitionService

Google Chrome M73 - Double-Destruction Race in StoragePartitionService There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from...

Netartmedia Real Estate Portal 5.0 - SQL Injection

Netartmedia Real Estate Portal 5.0 - SQL Injection Exploit Title: Netartmedia Real Estate Portal 5.0 - Multiple SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/realestate/ Demo Site: https://www.phpscriptdemos.com/realestate/ Version:...

Advanced Host Monitor 11.92 beta - Local Buffer Overflow

Advanced Host Monitor 11.92 beta - Local Buffer Overflow !/usr/bin/env python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Advanced Host Monitor 11.92 beta - Local Buffer Overflow EggHunter Date:...

Netartmedia Event Portal 2.0 - Email SQL Injection

Netartmedia Event Portal 2.0 - Email SQL Injection Exploit Title: Netartmedia Event Portal 2.0 - 'Email' SQL Injection Date: 19.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://www.netartmedia.net/eventportal/ Demo Site: https://www.phpscriptdemos.com/events/ Version: 2.0 Tested...

Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML

Microsoft Internet Explorer 11 - VBScript Execution Policy Bypass in MSHTML !-- Windows: Windows: IE11 VBScript execution policy bypass in MSHTML Platform: Windows 10 1809 not tested earlier Class: Security Feature Bypass Summary: MSHTML only checks for the CLSID associated with VBScript when...

Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject

Microsoft Edge - Flash click2play Bypass with CObjectElement::FinalCreateObject Attached is a PoC file that bypasses Flash click2play in Microsoft Edge. This was tested on Windows 10 64bit v 1809 with the latest patches applied. The PoC currently loads a swf from wwwimages.adobe.com screenshot...

Gila CMS 1.9.1 - Cross-Site Scripting

Gila CMS 1.9.1 - Cross-Site Scripting Exploit Title: Gila CMS search Cross Site Scripting Google Dork: intext:"Powered By Gila CMS" Date: 11.03.2019 Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://gilacms.com Software Link: https://gilacms.com/packages/downloadRelease/1.9.1.zip Demo...

Google Chrome M73 - FileSystemOperationRunner Use-After-Free

Google Chrome M73 - FileSystemOperationRunner Use-After-Free There's a comment in FileSystemOperationRunner::BeginOperation OperationID FileSystemOperationRunner::BeginOperation std::uniqueptr operation OperationID id = nextoperationid++; // TODOhttps://crbug.com/864351: Diagnostic to determine...

MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting

MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Exploit Title: MyBB Upcoming Events Plugin 1.32 - Cross-Site Scripting Date: 3/8/2019 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1231 Version: 1.32 Tested on: Ubuntu...

Microsoft VBScript - VbsErase Memory Corruption

Microsoft VBScript - VbsErase Memory Corruption r eax=0000600c ebx=05dc10dc ecx=00000000 edx=00000000 esi=13371337 edi=05c5ca44 eip=6e0fc9fa esp=05c5ca28 ebp=05c5ca48 iopl=0 nv up ei pl zr na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246 VBSCRIPT!VbsErase+0x5a: 6e0fc9fa 8b3e...

libseccomp 2.4.0 - Incorrect Compilation of Arithmetic Comparisons

libseccomp 2.4.0 - Incorrect Compilation of Arithmetic Comparisons When libseccomp compiles filters for 64-bit systems, it needs to split 64-bit comparisons into 32-bit comparisons because classic BPF can't operate on 64-bit values directly. libseccomp offers both bitwise comparisons NE, EQ,...

Google Chrome M73 - MidiManagerWin Use-After-Free

Google Chrome M73 - MidiManagerWin Use-After-Free MidiManagerWin uses a similar instanceid mechanism to the TaskService implementation to ensure that delayed tasks are only executed if the MidiManager instance that they were scheduled on is still alive. However, this instanceid is an int, and the...

TheCarProject 2 - Multiple SQL Injection

TheCarProject 2 - Multiple SQL Injection =========================================================================================== Exploit Title: TheCarProject v2 - 'manid' SQL Inj. Dork: N/A Date: 17-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://thecarproject.org/ Software...

WinAVI iPod3GPMP4PSP Converter 4.4.2 - Denial of Service

WinAVI iPod3GPMP4PSP Converter 4.4.2 - Denial of Service Exploit Title: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit Date: 16.03.2019 Vendor Homepage:http://www.winavi.com Software Link: http://www.winavi.com/user/download/WinAVIiPod3GPMP4PSPConverter.exe Exploit Author: Achilles...

WinMPG Video Convert 9.3.5 - Denial of Service

WinMPG Video Convert 9.3.5 - Denial of Service Exploit Title: WinMPG Video Convert Local Dos Exploit Date: 15.03.2019 Vendor Homepage:http://www.winmpg.com Software Link: http://www.winmpg.com/down/WinMPGVideoConvert.zip Exploit Author: Achilles Tested Version: 9.3.5 and older ones Tested on:...

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities

Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Exploit Title: Vembu Storegrid Web Interface 4.4.0 - Multiple Vulnerabilities Discovery Date: 2018-12-05 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.vembu.com/ Software Link : N/A Google Dork: N/A Version: 4.4....

Moodle 3.4.1 - Remote Code Execution

Moodle 3.4.1 - Remote Code Execution php MoodleExploit.php url=http://example.com user=teacher pass=password ip=10.10.10.10 port=1010 course=1 user The account username pass The password to the account ip Callback IP port Callback Port course Valid course ID belonging to the teacher Make sure...

ICE HRM 23.0 - Multiple Vulnerabilities

ICE HRM 23.0 - Multiple Vulnerabilities =========================================================================================== Exploit Title: ICE HRM - ’ob’ SQL Inj. Dork: N/A Date: 14-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://icehrm.org Software Link:...

NetData 1.13.0 - HTML Injection

NetData 1.13.0 - HTML Injection Author: Marcelo Vázquez aka s4vitar NetData v1.13.0 HTML Injection Vulnerability Exploit Title: NetData v1.13.0 HTML Injection Vulnerability Date: 2019-03-14 Exploit Author: Marcelo Vázquez aka s4vitar Collaborators: Victor Lasa aka vowkin Vendor Homepage:...

CMS Made Simple Showtime2 Module 3.6.2 - (Authenticated) Arbitrary File Upload

CMS Made Simple Showtime2 Module 3.6.2 - Authenticated Arbitrary File Upload !/usr/bin/env python Exploit Title: CMS Made Simple authenticated arbitrary file upload in Showtime2 module Date: March 2019 Exploit Author: Daniele Scanu @ Certimeter Group Vendor Homepage: https://www.cmsmadesimple.org...

Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow

Mail Carrier 2.5.1 - MAIL FROM Buffer Overflow Exploit Title: Tabs Mail Carrier 2.5.1 MAIL FROM: Buffer Overflow Date: March 14, 2019 Exploit Author: Joseph McDonagh Vendor Homepage: N/A Software Link: N/A Version: Mail Carrier 2.5.1 Tested on: Windows Vista Home Basic SP2 CVE: None...

Laundry CMS - Multiple Vulnerabilities

Laundry CMS - Multiple Vulnerabilities =========================================================================================== Exploit Title: Laundry CMS clothcode SQL Inj. Dork: N/A Date: 09-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://laundry.rpcits.co.in/ Software Link:...