41207 matches found
Apache UNO LibreOffice Version: 6.1.2 OpenOffice 4.1.6 API - Remote Code Execution
Apache UNO LibreOffice Version: 6.1.2 OpenOffice 4.1.6 API - Remote Code Execution """ Exploit Title: Apache UNO API RCE Date: 2018-09-18 Exploit Author: sud0woodo Vendor Homepage: https://www.apache.org/ Software Link: https://www.openoffice.org/api/ Version: LibreOffice Version: 6.1.2 /...
FTPGetter Standard 5.97.0.177 - Remote Code Execution
FTPGetter Standard 5.97.0.177 - Remote Code Execution Exploit Title: FTPGetter Standard - v.5.97.0.177 Remote Code Execution Date: 05/03/2019 Exploit Author: https://github.com/w4fz5uck5 | @w4fz5uck5 Vendor Homepage: https://www.ftpgetter.com Software Link:...
Pegasus CMS 1.0 - extra_fields.php Plugin Remote Code Execution
Pegasus CMS 1.0 - extrafields.php Plugin Remote Code Execution Exploit Title: Pegasus extrafields.php Plugin Remote Code Execution Date: 14 March 2019 Exploit Author: R3zk0n Vendor Homepage: https://www.wisdom.com.au/web/pegasus-cms Software Link: N/A Version: 1.0 Tested on: Linux CVE : N/A The...
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
Intel Modular Server System 10.18 - Cross-Site Request Forgery Change Admin Password history.pushState'', 't00t', 'index.php'...
pfSense 2.4.4-p1 (HAProxy Package 0.59_14) - Persistent Cross-Site Scripting
pfSense 2.4.4-p1 HAProxy Package 0.5914 - Persistent Cross-Site Scripting Exploit Title: pfSense 2.4.4-p1 HAProxy Package 0.5914 - Stored Cross-Site Scripting Date: 13.02.2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://www.pfsense.org Version: 2.4.4-p1/0.5914 Software Link: N...
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion
WordPress Plugin GraceMedia Media Player 1.0 - Local File Inclusion ============================================= MGC ALERT 2019-001 - Original release date: February 06, 2019 - Last revised: March 13, 2019 - Discovered by: Manuel GarcÃa Cárdenas - Severity: 7/10 CVSS Base Score - CVE-ID:...
Microsoft Windows - .reg File Dialog Box Message Spoofing
Microsoft Windows - .reg File Dialog Box Message Spoofing + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-.REG-FILE-DIALOG-BOX-MESSAGE-SPOOFING.txt + ISR: ApparitionSec Vendor www.microsoft.com Product A...
Apache Tika-server 1.18 - Command Injection
Apache Tika-server 1.18 - Command Injection Description: This is a PoC for remote command execution in Apache Tika-server. Versions Affected: Tika-server versions " print "Example: python CVE-2018-1335.py localhost 9998 calc.exe" else: host = sys.argv1 port = sys.argv2 cmd = sys.argv3 url =...
Core FTP Server FTP SFTP Server v2 Build 674 - SIZE Directory Traversal
Core FTP Server FTP SFTP Server v2 Build 674 - SIZE Directory Traversal Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 SIZE Directory Traversal Google Dork: N/A Date: 4/27/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link:...
Microsoft Windows MSHTML Engine - Edit Remote Code Execution
Microsoft Windows MSHTML Engine - Edit Remote Code Execution Exploit Title: Microsoft Windows CVE-2019-0541 MSHTML Engine "Edit" Remote Code Execution Vulnerability Google Dork: N/A Date: March, 13 2019 Exploit Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link:...
Core FTP Server FTP SFTP Server v2 Build 674 - MDTM Directory Traversal
Core FTP Server FTP SFTP Server v2 Build 674 - MDTM Directory Traversal Exploit Title: CoreFTP Server FTP / SFTP Server v2 - Build 674 MDTM Directory Traversal Google Dork: N/A Date: 3/13/2019 Exploit Author: Kevin Randall Vendor Homepage: https://www.coreftp.com Software Link:...
Core FTP 2.0 build 653 - PBSZ Denial of Service (PoC)
Core FTP 2.0 build 653 - PBSZ Denial of Service PoC Exploit Title: Core FTP 2.0 build 653 - 'PBSZ' - Unauthenticated - Denial of Service PoC Date: 2019-03-12 Exploit Author: Hodorsec [email protected] / [email protected] Vendor Homepage: http://www.coreftp.com/ Software Link:...
PilusCart 1.4.1 - Cross-Site Request Forgery (Add Admin)
PilusCart 1.4.1 - Cross-Site Request Forgery Add Admin Exploit Title: PilusCart 1.4.1 - Cross-Site Request Forgery Add Admin Google Dork: N/A Date: 10-03-2019 Exploit Author: Gionathan "John" Reale Vendor Homepage: https://github.com/piluscart Software Link:...
OpenKM 6.3.2 6.3.7 - Remote Command Execution (Metasploit)
OpenKM 6.3.2 6.3.7 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenKM Document Management %q Versions of the OpenKM Document Management 'AkkuS ' ,...
NetSetMan 4.7.1 - Local Buffer Overflow (SEH Unicode)
NetSetMan 4.7.1 - Local Buffer Overflow SEH Unicode Exploit Title: NetSetMan 4.7.1 - Local Buffer Overflow SEH Unicode Exploit Author: Devin Casadey Discovery Date: 2019-03-11 Vendor Homepage: https://www.netsetman.com/ Software Link: https://www.netsetman.com/netsetman.exe Tested Version: 4.7.1...
Linux Kernel 4.4 (Ubuntu 16.04) - snd_timer_user_ccallback() Kernel Pointer Leak
Linux Kernel 4.4 Ubuntu 16.04 - sndtimeruserccallback Kernel Pointer Leak include include include include include include include include include include include include include include Exploit Title: Linux Kernel 4.4 Ubuntu 16.04 - Leak kernel pointer in sndtimeruserccallback Google Dork: - Date...
Liferay CE Portal 7.1.2 ga3 - Remote Command Execution (Metasploit)
Liferay CE Portal 7.1.2 ga3 - Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class MetasploitModule 'Liferay CE Portal Tomcat %q This module uses the Liferay CE...
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution
Flexpaper PHP Publish Service 2.3.6 - Remote Code Execution !/usr/bin/env python Exploit Title: FlexPaper PHP Publish Service = 2.3.6 RCE Date: March 2019 Exploit Author: Red Timmy Security - redtimmysec.wordpress.com Vendor Homepage: https://flowpaper.com/download/ Version: = 2.3.6 Tested on:...
PRTG Network Monitor 18.2.38 - (Authenticated) Remote Code Execution
PRTG Network Monitor 18.2.38 - Authenticated Remote Code Execution !/bin/bash echo -e "\n\e00;33m++ \e00m" echo -e "\e00;32m Authenticated PRTG network Monitor remote code execution \e00m" echo -e "\e00;33m++ \e00m" echo -e "\e00;32m Date: 11/03/2019 \e00m" echo -e "\e00;33m++ \e00m" echo -e...
OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery Cross-Site Scripting
OrientDB 3.0.17 GA Community Edition - Cross-Site Request Forgery Cross-Site Scripting Exploit Title: OrientDB 3.0.17 GA Community Edition March 7th, 2019 | Multiple Vulnerabilities Date: 07.03.2019 Exploit Author: Ozer Goker Vendor Homepage: https://orientdb.org Software Link:...
Sony Playstation 4 (PS4) 6.20 - WebKit Code Execution (PoC)
Sony Playstation 4 PS4 6.20 - WebKit Code Execution PoC PS4 6.20 WebKit Code Execution PoC ============== This repo contains a proof-of-concept PoC RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441. The exploit first establishes an arbitrary read/write primitive as...
McAfee ePO 5.9.1 - Registered Executable Local Access Bypass
McAfee ePO 5.9.1 - Registered Executable Local Access Bypass Exploit Title: McAfee ePO 5.9.1 Registered Executable Local Access Bypass Date: 2019-03-07 Exploit Author: @leonjza Vendor Homepage: https://www.mcafee.com/ Software Link:...
DirectAdmin 1.55 - CMD_ACCOUNT_ADMIN Cross-Site Request Forgery
DirectAdmin 1.55 - CMDACCOUNTADMIN Cross-Site Request Forgery Exploit title: DirectAdmin v1.55 - CSRF via CMDACCOUNTADMIN Admin Panel Date: 03/03/2019 Exploit Author: ManhNho Vendor Homepage: https://www.directadmin.com/ Software Link: https://www.directadmin.com/ Demo Link:...
Kados R10 GreenBee - Multiple SQL Injection
Kados R10 GreenBee - Multiple SQL Injection =========================================================================================== Exploit Title: Kados R10 GreenBee - 'menulev1' SQL Injection Dork: N/A Date: 06-03-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.kados.info/...
Anyburn 4.3 x86 - Copy disc to image file Buffer Overflow (Unicode) (SEH)
Anyburn 4.3 x86 - Copy disc to image file Buffer Overflow Unicode SEH !/usr/bin/python Exploit Title: Anyburn 4.3 - 'Copy disc to image file' Buffer Overflow - UNICODESEH Version: 4.3 Date: 07-03-2019 Author: Hodorsec [email protected] / [email protected] Vendor Homepage:...
QNAP TS-431 QTS 4.2.2 - Remote Command Execution (Metasploit)
QNAP TS-431 QTS 4.2.2 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'base64' class MetasploitModule 'QNAP TS-431 QTS %q This module creates a virtual web server and uploa...
Linux 4.20.14 - Virtual Address 0 is Mappable via Privileged write() to proc*mem
Linux 4.20.14 - Virtual Address 0 is Mappable via Privileged write to procmem By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system...
Android - getpidcon() Usage in Hardware binder ServiceManager Permits ACL Bypass
Android - getpidcon Usage in Hardware binder ServiceManager Permits ACL Bypass We already reported four bugs in Android that are caused by the use of getpidcon, which is fundamentally unsafe: https://bugs.chromium.org/p/project-zero/issues/detail?id=727 AndroidID-27111481; unexploitable...
Android - binder Use-After-Free via racy Initialization of -allow_user_free
Android - binder Use-After-Free via racy Initialization of -allowuserfree The following bug report solely looks at the situation on the upstream master branch; while from a cursory look, at least the wahoo kernel also looks affected, I have only properly tested this on upstream master. The binder...
OpenDocMan 1.3.4 - search.php where SQL Injection
OpenDocMan 1.3.4 - search.php where SQL Injection =========================================================================================== Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection CVE: N/A Date: 05/03/2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage:...
Bolt CMS 3.6.4 - Cross-Site Scripting
Bolt CMS 3.6.4 - Cross-Site Scripting Exploit Title: Bolt CMS - 3.6.4 - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://bolt.cm/ Software Link : https://github.com/bolt/bolt Software : Bolt CMS - v 3.6.4 Version : v 3.6.4 Vulernability Type :...
OOP CMS BLOG 1.0 - Multiple SQL Injection
OOP CMS BLOG 1.0 - Multiple SQL Injection Exploit Title: OOP CMS BLOG 1.0 - SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...
FileZilla 3.40.0 - Local search Local site Denial of Service (PoC)
FileZilla 3.40.0 - Local search Local site Denial of Service PoC Exploit Title: FileZilla 3.40.0 - "Local search" Denial of Service PoC Discovery by: Mr Winst0n Discovery Date: February 20, 2019 Vendor Homepage: https://filezilla-project.org Software Link :...
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery
OOP CMS BLOG 1.0 - Multiple Cross-Site Request Forgery Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: http://zsoft.com.bd/ Software Link :...
Booked Scheduler 2.7.5 - Remote Command Execution (Metasploit)
Booked Scheduler 2.7.5 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Booked Scheduler v2.7.5 - Remote Command Execution', 'Description' = %q This module...
WordPress Plugin Cerber Security_ Antispam Malware Scan 8.0 - Multiple Bypass Vulnerabilities
WordPress Plugin Cerber Security Antispam Malware Scan 8.0 - Multiple Bypass Vulnerabilities Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Date: 2019-03-04 Active installs: 100,000+ Version: 8.0 Software Link:...
CMSsite 1.0 - Multiple Cross-Site Request Forgery
CMSsite 1.0 - Multiple Cross-Site Request Forgery Exploit Title: CMSsite 1.0 - Cross-Site Request Forgery Delete Admin Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: March 1, 2019 Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link :...
Craft CMS 3.1.12 Pro - Cross-Site Scripting
Craft CMS 3.1.12 Pro - Cross-Site Scripting Exploit Title: Craft CMS 3.1.12 Pro - Cross-Site Scripting Date: 2019-03-04 Exploit Author: Ismail Tasdelen Vendor Homepage: https://craftcms.com/ Software Link : https://github.com/craftcms/cms Software : Craft CMS 3.1.12 Pro Version : 3.1.12 Pro...
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution (Persistent Backdoor Custom Binary)
Splunk Enterprise 7.2.4 - Custom App Remote Command Execution Persistent Backdoor Custom Binary !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.4 Custom App RCE persistent backdoor - custom binary payload Date: March 1, 2019 Exploit Author: Matteo Malvica Original Author: Lee Mazzoleni Vend...
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting
Fiberhome AN5506-04-F RP2669 - Persistent Cross-Site Scripting Exploit Title: Fiberhome AN5506-04-F - Stored Cross Site Scripting Date: 04.03.2019 Exploit Author: Tauco Vendor Homepage: http://www.fiberhomegroup.com/en/ Version: RP2669 Tested on: Windows 10 CVE : CVE-2019-9556 Description:...
zzzphp CMS 1.6.1 - Cross-Site Request Forgery
zzzphp CMS 1.6.1 - Cross-Site Request Forgery Exploit Title: Cross-Site Request ForgeryCSRF of zzzphp cms 1.6.1 Google Dork: intext:"2015-2019 zzcms.com" Date: 26/02/2019 Exploit Author: Yang Chenglong Vendor Homepage: http://www.zzzcms.com/index.html Software Link: http://115.29.55.18/zzzphp.zip...
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion
Microsoft Edge Chakra 1.11.4 - Read Permission via Type Confusion / Exploit Title: getting Read permission through Type Confusion Date: date Exploit Author: Fahad Aid Alharbi Vendor Homepage: https://www.microsoft.com/en-us/ Version: Chakra 1114 REQUIRED Tested on: Windows 10 CVE : cve-2019-0539 ...
Raisecom XPON ISCOMHT803G-U_2.0.0_140521_R4.1.47.002 - Remote Code Execution
Raisecom XPON ISCOMHT803G-U2.0.0140521R4.1.47.002 - Remote Code Execution Exploit Title: Remote code execution in Raisecom xpon Date: 03/03/2019 Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: https://www.raisecom.com Software Link: https://www.raisecom.com/products/xpon Version:...
elFinder 2.1.47 - PHP connector Command Injection
elFinder 2.1.47 - PHP connector Command Injection !/usr/bin/python ''' Exploit Title: elFinder SecSignal.php;echo SecSignal.jpg' def usage: if lensys.argv != 2: print "Usage: python exploit.py URL" sys.exit0 def uploadurl, payload: files = 'upload': payload, open'SecSignal.jpg', 'rb' data = "reqi...
MarcomCentral FusionPro VDP Creator 10.0 - Directory Traversal
MarcomCentral FusionPro VDP Creator 10.0 - Directory Traversal !/usr/bin/env python ''' Exploit Title: MarcomCentral FusionPro VDP Creator :/Windows/System32/drivers/etc/hosts. No slash-dot-dots /../.. are required, but you can add some if you want. Note that the slashes are forward slashes! By...
Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module
Linux 4.14.103 4.19.25 - Out-of-Bounds Read and Write in SNMP NAT Module commit cc2d58634e0f "netfilter: nfnatsnmpbasic: use asn1 decoder library", first in 4.16 changed the nfnatsnmpbasic module which, when enabled, parses and modifies the ASN.1-encoded payloads of SNMP messages so that the...
tcpdump 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads
tcpdump 4.9.3 - Multiple Heap-Based Out-of-Bounds Reads Through fuzzing of network capture .pcap files, we have identified 16 crashes with unique stack traces in tcpdump. These crashes are caused by heap-based out-of-bounds memory reads, and can be reproduced with the latest tcpdump source code...
Cisco WebEx Meetings 33.6.6 33.9.1 - Privilege Escalation
Cisco WebEx Meetings 33.6.6 33.9.1 - Privilege Escalation SecureAuth - SecureAuth Labs Advisory http://www.secureauth.com/ Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 1. Advisory Information Title: Cisco WebEx Meetings Elevation of Privilege Vulnerability Version 2 Advisor...
Google Chrome M72 - PaymentRequest Service Use-After-Free
Google Chrome M72 - PaymentRequest Service Use-After-Free There are several object-lifetime issues in the browser process in the implementation of payments.mojom.PaymentRequest. The PaymentRequest object contains a std::uniqueptr to a PaymentRequestSpec, which is initialised during the call to...
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Google Chrome M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free There's a race-condition / object-lifetime issue in the browser process when the browser process shutdown races against the IO thread handling mojo messages from the renderer. It's at least possible to trigger...