Listing Hub CMS 1.0 - pages.php id SQL Injection

Listing Hub CMS 1.0 - pages.php id SQL Injection Exploit Title: Listing Hub CMS 1.0 - 'pages.php id' SQL Injection Google Dork: inurl:"pages.php?title=privacy-policy" Date: 14 Feb 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage:...

Jenkins Plugin Script Security 1.50Declarative 1.3.4.1Groovy 2.61.1 - Remote Code Execution (PoC)

Jenkins Plugin Script Security 1.50Declarative 1.3.4.1Groovy 2.61.1 - Remote Code Execution PoC In the exploitation, the target is always escalating the read primitive or write primitive to code execution! From the previous section, we can write malicious JAR file into remote Jenkins server by...

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation

MaxxAudio Drivers WavesSysSvc64.exe 1.6.2.0 - Local Privilege Escalation Exploit Title: MaxxAudio Drivers WavesSysSvc64.exe File Permissions SYSTEM Privilege Escalation Google Dork: Date: 2/18/2019 Exploit Author: Mike Siegel @mlsiegel Vendor Homepage: https://maxx.com Software Link: Version:...

BulletProof FTP Server 2019.0.0.50 - SMTP Server Denial of Service (PoC)

BulletProof FTP Server 2019.0.0.50 - SMTP Server Denial of Service PoC Exploit Title: BulletProof FTP Server 2019.0.0.50 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-19 Vendor Homepage: http://bpftpserver.com/ Software Link:...

Valentina Studio 9.0.4 - Host Denial of Service (PoC)

Valentina Studio 9.0.4 - Host Denial of Service PoC Exploit Title: Valentina Studio 9.0.4 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-19 Vendor Homepage: https://valentina-db.com/en/ Software Link:...

Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow (SEH)

Realterm Serial Terminal 2.0.0.70 - Local Buffer Overflow SEH -- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Echo Port' Overflow Crash SEH PoC Date: 16/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...

NBMonitor 1.6.5.0 - Key Denial of Service (PoC)

NBMonitor 1.6.5.0 - Key Denial of Service PoC -- coding: utf-8 -- Exploit Title: NBMonitor 1.6.5 - 'Key' Denial of Service PoC Date: 15/02/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nbmonitor.com/downloads/nbmonitorsetup.exe Version: 1.6.5....

Webiness Inventory 2.3 - ProductModel Arbitrary File Upload

Webiness Inventory 2.3 - ProductModel Arbitrary File Upload =========================================================================================== Exploit Title: Webiness Inventory 2.3 - 'ProductModel' Arbitrary File Upload Dork: N/A Date: 10-02-2019 Exploit Author: Mehmet EMIROGLU Vendor...

Realterm Serial Terminal 2.0.0.70 - Denial of Service

Realterm Serial Terminal 2.0.0.70 - Denial of Service -- coding: utf-8 -- Exploit Title: RealTerm: Serial Terminal 2.0.0.70 - 'Port' Denial of Service PoC Date: 15/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://realterm.sourceforge.io/ Software Link:...

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module

MISP 2.4.97 - SQL Command Execution via Command Injection in STIX Module --coding:utf-8-- Exploit Title: SQL command execution via command injection in STIX module Date: 2019-17-02 Exploit Author: Tm9jdGlz Vendor Homepage: https://www.misp-project.org/ Software link:...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in AlternateSubstitutionSubtable::process A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of...

Master IP CAM 01 3.3.4.2103 - Remote Command Execution

Master IP CAM 01 3.3.4.2103 - Remote Command Execution Exploit Title: Master IP CAM 01 Remote Command Execution Date: 09-02-2019 Remote: Yes Exploit Authors: Raffaele Sabato Contact: https://twitter.com/syrion89 Vendor: Master IP CAM Version: 3.3.4.2103 CVE: CVE-2019-8387 import sys import reques...

CMSsite 1.0 - post SQL Injection

CMSsite 1.0 - post SQL Injection Exploit Title: CMSsite 1.0 - 'post' SQL Injection Exploit Author: Mr Winst0n Author E-mail: [email protected] Discovery Date: February 17, 2019 Vendor Homepage: https://github.com/VictorAlagwu/CMSsite Software Link :...

Apache CouchDB 2.3.0 - Cross-Site Scripting

Apache CouchDB 2.3.0 - Cross-Site Scripting Exploit Title: Apache CouchDB 2.3.0 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: http://couchdb.apache.org Software Link: http://couchdb.apache.org/download Version: 2.3.0 Introduction A CouchDB server hosts named...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMap_blocClass

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in ExtractBitMapblocClass A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of TrueType fonts. It...

WordPress Plugin WooCommerce - GloBee (cryptocurrency) Payment Gateway 1.1.1 - Payment Bypass Unauthorized Order Status Spoofing

WordPress Plugin WooCommerce - GloBee cryptocurrency Payment Gateway 1.1.1 - Payment Bypass Unauthorized Order Status Spoofing ?php Exploit Title: WordPress WooCommerce - GloBee cryptocurrency Payment Gateway Plugin Payment Bypass / Unauthorized Order Status Spoofing Discovery Date: 14.12.2018...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyph_CloseContour

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During OTF Font Rendering in glyphCloseContour A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of OpenType fonts. It manifes...

Zoho ManageEngine ServiceDesk Plus (SDP) 10.0 build 10012 - Arbitrary File Upload

Zoho ManageEngine ServiceDesk Plus SDP 10.0 build 10012 - Arbitrary File Upload Exploit Title: Zoho ManageEngine ServiceDesk Plus SDP before 10.0 build 10012 - arbitrary file upload Date: 18-02-2019 Exploit Author: Dao Duy Hung [email protected] Vendor Homepage:...

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting

ArangoDB Community Edition 3.4.2-1 - Cross-Site Scripting Exploit Title: ArangoDB Community Edition 3.4.2-1 | Cross-Site Scripting Date: 17.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://www.arangodb.com Software Link: https://www.arangodb.com/download-major/ Version: 3.4.2-1...

Comodo Dome Firewall 2.7.0 - Cross-Site Scripting

Comodo Dome Firewall 2.7.0 - Cross-Site Scripting Exploit Title: Comodo Dome Firewall 2.7.0 | Cross-Site Scripting Date: 18.02.2019 Exploit Author: Ozer Goker Vendor Homepage: https://cdome.comodo.com/firewall/ Software Link:...

qdPM 9.1 - search[keywords] Cross-Site Scripting

qdPM 9.1 - searchkeywords Cross-Site Scripting =========================================================================================== Exploit Title: qdPM 9.1 - 'searchkeywords' XSS Injection CVE: CVE-2019-8390 Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net...

MMonit 3.7.2 - Privilege Escalation

MMonit 3.7.2 - Privilege Escalation !/usr/env/python3 """ Vulnerability title: M/Monit = 3.7.2 - Privilege Escalation Author: Dolev Farhi Vulnerable version: 2.0.151021 Link: https://mmonit.com Date: 2/17/2019 """ import sys import requests MMONITURL = 'http://ip.add.re.ss:8080' MMONITUSER =...

mIRC 7.55 - Custom URI Protocol Handlers Remote Command Execution

mIRC 7.55 - Custom URI Protocol Handlers Remote Command Execution Exploit Title: RCE on mIRC 7.55 using argument injection through custom URI protocol handlers Date: 18/02/2019 Exploit Author: https://twitter.com/proofofcalc/ Vendor Homepage: https://www.mirc.com Software Link:...

qdPM 9.1 - type Cross-Site Scripting

qdPM 9.1 - type Cross-Site Scripting =========================================================================================== Exploit Title: qdPM 9.1 - 'type' XSS Injection CVE: CVE-2019-8391. Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions

Oracle Java Runtime Environment - Heap Out-of-Bounds Read During TTF Font Rendering in OpenTypeLayoutEngine::adjustGlyphPositions A heap-based out-of-bounds read was observed in Oracle Java Runtime Environment version 8u202 latest at the time of this writing while fuzz-testing the processing of...

qdPM 9.1 - search_by_extrafields[] SQL Injection

qdPM 9.1 - searchbyextrafields SQL Injection =========================================================================================== Exploit Title: qdPM 9.1 - 'searchbyextrafields' SQL Injection Date: 14-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://qdpm.net Software Link:...

Navicat for Oracle 12.1.15 - _Password_ Denial of Service (PoC)

Navicat for Oracle 12.1.15 - Password Denial of Service PoC Exploit Title: Navicat for Oracle 12.1.15 - "Password" Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-02-14 Vendor Homepage: https://www.navicat.com/es/ Software Link:...

AirMore 1.6.1 - Denial of Service (PoC)

AirMore 1.6.1 - Denial of Service PoC !/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar AirMore 1.6.1 Remote Denial of Service DoS & System Freeze Exploit Title: AirMore 1.6.1 Remote Denial of Service DoS & System Freeze Date: 2019-02-14 Exploit Author: Marcelo Vázquez aka s4vita...

VSCO 1.1.1.0 - Denial of Service (PoC)

VSCO 1.1.1.0 - Denial of Service PoC Exploit Title: VSCO 1.1.1.0 - Denial of Service PoC Date: 2/14/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NC1RLNH76PB Version: 1.1.1.0 Tested on: Windows 10 Proof of Concept: Run the pytho...

MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting Cross-Site Request Forgery

MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: MyBB Trash Bin Plugin 1.1.3 - Cross-Site Scripting / CSRF Date: 7/17/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=957 Version...

Jinja2 2.10 - from_string Server Side Template Injection

Jinja2 2.10 - fromstring Server Side Template Injection ''' Exploit Title: Jinja2 Command injection fromstring function Date: date Exploit Author: JameelNabbo Website: Ordina.nl Vendor Homepage: http://jinja.pocoo.org Software Link: https://pypi.org/project/Jinja2/files Version: 2.10 Tested on:...

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload

UniSharp Laravel File Manager 2.0.0-alpha7 - Arbitrary File Upload Exploit Title: UniSharp Laravel File Manager - Arbitrary File Upload Google Dork: inurl:"laravel-filemanager?type=Files" -site:github.com -site:github.io Exploit Author: Mohammad Danish Vendor Homepage:...

Free IP Switcher 3.1 - Computer Name Denial of Service (PoC)

Free IP Switcher 3.1 - Computer Name Denial of Service PoC Exploit Title: Free IP Switcher 3.1 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-02-14 Vendor Homepage: http://www.eusing.com/index.html Software Link: http://www.eusing.com/ipscan/freeipscanner.htm Tested...

Linux - kvm_ioctl_create_device() NULL Pointer Dereference

Linux - kvmioctlcreatedevice NULL Pointer Dereference kvmioctlcreatedevice contains the following code: dev = kzallocsizeofdev, GFPKERNEL; if !dev return -ENOMEM; dev-ops = ops; dev-kvm = kvm; mutexlock&kvm-lock; ret = ops-createdev, cd-type; if ret lock; kfreedev; return ret; listadd&dev-vmnode,...

exacqVision ESM 5.12.2 - Privilege Escalation

exacqVision ESM 5.12.2 - Privilege Escalation Exploit Title: exacqVision ESM 5.12.2 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2019-02-13 Vulnerable Software: http://cdnpublic.exacq.com/5.12/exacqVisionEnterpriseSystemManager5.12.2.150128x86.exe Vendor Homepage:...

WordPress Plugin Booking Calendar 8.4.3 - (Authenticated) SQL Injection

WordPress Plugin Booking Calendar 8.4.3 - Authenticated SQL Injection Exploit Title: Wordpress Booking Calendar v8.4.3 - Authenticated SQL Injection Vulnerability Date: 2018-12-28 Exploit Author: B0UG Vendor Homepage: https://wpbookingcalendar.com/ Software Link:...

ApowerManager 3.1.7 - Phone Manager Remote Denial of Service (PoC)

ApowerManager 3.1.7 - Phone Manager Remote Denial of Service PoC !/usr/bin/python coding: utf-8 Author: Marcelo Vázquez aka s4vitar ApowerManager Remote Denial of Service DoS / Application Crash Exploit Title: ApowerManager - Phone Manager Remote Denial of Service DoS / Application Crash Date:...

DomainMOD 4.11.01 - assetsadddns.php Cross-Site Scripting

DomainMOD 4.11.01 - assetsadddns.php Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Kareem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version:...

DomainMOD 4.11.01 - category.php CatagoryName_ StakeHolder Cross-Site Scripting

DomainMOD 4.11.01 - category.php CatagoryName StakeHolder Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod...

DomainMOD 4.11.01 - ssl-accounts.php username Cross-Site Scripting

DomainMOD 4.11.01 - ssl-accounts.php username Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod...

DomainMOD 4.11.01 - assetsedithost.php?whid5 Cross-Site Scripting

DomainMOD 4.11.01 - assetsedithost.php?whid5 Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Kareem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Versio...

LayerBB 1.1.2 - Cross-Site Request Forgery (Add Admin)

LayerBB 1.1.2 - Cross-Site Request Forgery Add Admin Exploit Title: LayerBB 1.1.2 - Cross-Site Request Forgery Date: 10/4/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://forum.layerbb.com Version: 1.1.2 Tested on: Ubuntu 18.04 CVE: CVE-2018-17996 1. Description:...

DomainMOD 4.11.01 - ssl-provider-name Cross-Site Scripting

DomainMOD 4.11.01 - ssl-provider-name Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version:...

MediaMonkey 4.1.23 - .mp3 URL Denial of Service (PoC)

MediaMonkey 4.1.23 - .mp3 URL Denial of Service PoC -- coding: utf-8 -- Exploit Title: MediaMonkey 4.1.23 - URL Denial of Service PoC Date: 13/02/2019 Author: Alejandra Sánchez Vendor Homepage: https://www.mediamonkey.com/ Software Link: https://www.mediamonkey.com/sw/MediaMonkey4.1.23.1881.exe...

Core FTPSFTP Server 1.2 Build 589.42 - User domain Denial of Service (PoC)

Core FTPSFTP Server 1.2 Build 589.42 - User domain Denial of Service PoC Exploit Title: Core FTP/SFTP Server 1.2 - Build 589.42 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2019-02-13 Vendor Homepage: http://www.coreftp.com/ Software Link:...

snapd 2.37 (Ubuntu) - dirty_sock Local Privilege Escalation (2)

snapd 2.37 Ubuntu - dirtysock Local Privilege Escalation 2 !/usr/bin/env python3 """ dirtysock: Privilege Escalation in Ubuntu via snapd In January 2019, current versions of Ubuntu Linux were found to be vulnerable to local privilege escalation due to a bug in the snapd API. This repository...

runc 1.0-rc6 (Docker 18.09.2) - Container Breakout (2)

runc 1.0-rc6 Docker 18.09.2 - Container Breakout 2 CVE-2019-5736 This is exploit code for CVE-2019-5736 and it works for both runc and LXC. The simplest way to use it is to copy the exploit code into an existing container, and run make.sh. However, you could just as easily create a bad image and...

NetworkSleuth 3.0 - Name Denial of Service (PoC)

NetworkSleuth 3.0 - Name Denial of Service PoC -- coding: utf-8 -- Exploit Title: NetworkSleuth 3.0 - Denial of Service PoC Date: 12/02/2019 Author: Alejandra Sánchez Vendor Homepage: http://www.nsauditor.com/ Software Link: http://www.nsauditor.com/downloads/networksleuthsetup.exe Version: 3.0.0...

PilusCart 1.4.1 - send SQL Injection

PilusCart 1.4.1 - send SQL Injection Exploit Title: PilusCart 1.4.1 - 'send' SQL Vulnerability Dork: N/A Date: 10-02-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://sourceforge.net/projects/pilus/ Software Link: https://sourceforge.net/projects/pilus/ Version: 1.4.1 Category: Webapp...

Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting

Rukovoditel Project Management CRM 2.4.1 - Cross-Site Scripting Exploit Title : Rukovoditel Project Management CRM 2.4.1 - XSS Vulnerability DOM BASED Author Discovered By : Mehmet EMIROGLU Date : 29/01/2019 Vendor Homepage : https://www.rukovoditel.net/ Software Link :...