41207 matches found
Remote Process Explorer 1.0.0.16 - Buffer Overflow (PoC) (SEH Overwrite)
Remote Process Explorer 1.0.0.16 - Buffer Overflow PoC SEH Overwrite Exploit Title: Remote Process Explorer v1.0.0.16 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage:...
SureMDM 2018-11 Patch - Local Remote File Inclusion
SureMDM 2018-11 Patch - Local Remote File Inclusion Exploit Title: SureMDM LFI/RFI Prior to 2018-11 Patch Google Dork: inurl:/api/DownloadUrlResponse.ashx Date: 2019-02-01 Exploit Author: Digital Interruption Vendor Homepage: https://www.42gears.com/ Software Link:...
Advanced Host Monitor 11.90 Beta - Registration number Denial of Service (PoC)
Advanced Host Monitor 11.90 Beta - Registration number Denial of Service PoC Exploit Title: Advanced Host Monitor 11.90 Beta - 'Registration number' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2019-01-30 Vendor Homepage: https://www.ks-soft.net Software Link :...
AMAC Address Change 5.4 - Denial of Service (PoC)
AMAC Address Change 5.4 - Denial of Service PoC Exploit Title: a-Mac Address Change v5.4 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://amac.paqtool.com/ Software Link : http://amac.paqtool.com/ Tested Version: 5.4 Tested on: Windows XP SP3...
macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem
macOS 10.14.3 iOS 12.1.3 - Sandbox Escapes due to Type Confusions and Memory Safety Issues in iohideventsystem / It's possible that this should be two separate issues but I'm filing it as one as I'm still understanding this service. com.apple.iohideventsystem is hosted in hidd on MacOS and...
Anyburn 4.3 - Convert image to file format Denial of Service
Anyburn 4.3 - Convert image to file format Denial of Service !/usr/bin/python Exploit Title: AnyBurn x86 - Denial of Service DoS Date: 30-01-2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.anyburn.com/ Version: 4.3 32-bit Software Link :...
macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in _xpc_serializer_unpack
macOS 10.14.3 iOS 12.1.3 - Arbitrary mach Port Name Deallocation in XPC Services due to Invalid mach Message Parsing in xpcserializerunpack / xpcserializerunpack in libxpc parses mach messages which contain xpc messages. There are two reasons for an xpc mach message to contain descriptors: if the...
macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PF_KEY due to Lack of Bounds Checking when Retrieving Statistics
macOS 10.14.3 iOS 12.1.3 - Kernel Heap Overflow in PFKEY due to Lack of Bounds Checking when Retrieving Statistics / Inspired by Ned Williamsons's fuzzer I took a look at the netkey code. keygetsastat handles SADBGETSASTAT messages: It allocates a buffer based on the number of SAs there currently...
macOS 10.14.3 iOS 12.1.3 XNU - vm_map_copy Optimization which Requires Atomicity isnt Atomic
macOS 10.14.3 iOS 12.1.3 XNU - vmmapcopy Optimization which Requires Atomicity isnt Atomic / vmmapcopyininternal in vmmap.c converts a region of a vmmap into "copied in" form, constructing a vmmapcopy structure representing the copied memory which can then be mapped into another vmmap or the same...
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File
macOS XNU - Copy-on-Write Behaviour Bypass via Partial-Page Truncation of File / XNU has various interfaces that permit creating copy-on-write copies of data between processes, including out-of-line message descriptors in mach messages. It is important that the copied memory is protected against...
LanHelper 1.74 - Denial of Service (PoC)
LanHelper 1.74 - Denial of Service PoC Exploit Title: LanHelper v1.74 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-31 Vendor Homepage: http://www.hainsoft.com/ Software Link : http://www.hainsoft.com/ Tested Version: 1.74 Tested on: Windows XP SP3 Vulnerability Typ...
R 3.5.0 - Local Buffer Overflow (SEH)
R 3.5.0 - Local Buffer Overflow SEH !/usr/bin/python Exploit Title: R i386 3.5.0 - Local Buffer Overflow SEH Date: 30/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.r-project.org/ Version: 3.5.0 Software Link:...
ASPRunner Professional 6.0.766 - Denial of Service (PoC)
ASPRunner Professional 6.0.766 - Denial of Service PoC Exploit Title: ASPRunner Professional v6.0.766 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.xlinesoft.com/asprunnerpro Software Link : http://www.xlinesoft.com/asprunnerpro Tested...
UltraISO 9.7.1.3519 - Output FileName Local Buffer Overflow (SEH)
UltraISO 9.7.1.3519 - Output FileName Local Buffer Overflow SEH !/usr/bin/python Exploit Title: UltraISO 9.7.1.3519 - Local Buffer Overflow SEH Date: 30/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://www.ultraiso.com/ Version: 9.7.1.3519 Software Link:...
FlexHEX 2.46 - Buffer Overflow (PoC) (SEH Overwrite)
FlexHEX 2.46 - Buffer Overflow PoC SEH Overwrite Exploit Title: FlexHEX v2.46 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2018-12-20 Vendor Homepage: http://www.flexhex.com/order/?r1=iNetShortcut&r2=fhx1 Software Link :...
iOSmacOS 10.13.6 - if_ports_used_update_wakeuuid() 16-byte Uninitialized Kernel Stack Disclosure
iOSmacOS 10.13.6 - ifportsusedupdatewakeuuid 16-byte Uninitialized Kernel Stack Disclosure / macOS 10.13.4 introduced the file bsd/net/ifportsused.c, which defines sysctls for inspecting ports, and added the function IOPMCopySleepWakeUUIDKey to the file iokit/Kernel/IOPMrootDomain.cpp. Here's the...
Necrosoft DIG 0.4 - Buffer Overflow (PoC) (SEH Overwrite)
Necrosoft DIG 0.4 - Buffer Overflow PoC SEH Overwrite Exploit Title: Necrosoft DIG v0.4 - Denial of Service PoC SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2005-01-10 Vendor Homepage: http://www.nscan.org/?index=dns Software Link : http://www.nscan.org/?index=dns Tested...
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH) (DEP Bypass)
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEH DEP Bypass !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: 10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEHDEP Bypass Date: 01-29-19 Vulnerable Software: 10-Strike Network Inventory...
IP-Tools 2.50 - Local Buffer Overflow (PoC)
IP-Tools 2.50 - Local Buffer Overflow PoC Exploit Title: IP TOOLS v2.50 - Denial of Service PoC and SEH overwritten Crash PoC Discovery by: Rafael Pedrero Discovery Date: 2018-12-20 Vendor Homepage: https://www.ks-soft.net/ip-tools.eng/index.htm Software Link :...
Advanced File Manager 3.4.1 - Denial of Service (PoC)
Advanced File Manager 3.4.1 - Denial of Service PoC Exploit Title: Advanced File Manager v3.4.1 - Denial of Service PoC Discovery by: Rafael Pedrero Discovery Date: 2019-01-30 Vendor Homepage: http://www.advexsoft.com Software Link : http://www.advexsoft.com Tested Version: 3.4.1 Tested on: Windo...
Rukovoditel Project Management CRM 2.4.1 - lists_id SQL Injection
Rukovoditel Project Management CRM 2.4.1 - listsid SQL Injection Exploit Title: Rukovoditel Project Management CRM 2.4.1 - 'listsid' SQL Injection Dork: N/A Date: 27-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.rukovoditel.net/ Software Link:...
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution via Cross-Site Request Forgery Cookie Exploit Title: PDF Signer v3.0 - SSTI to RCE via CSRF Cookie Dork: N/A Date: 2019-01-28 Exploit Author: dd [email protected] Vendor Homepage:...
HTML5 Video Player 1.2.5 - Local Buffer Overflow (Non SEH)
HTML5 Video Player 1.2.5 - Local Buffer Overflow Non SEH !/usr/bin/python Exploit Title: HTML5 Video Player 1.2.5 - Local Buffer Overflow - Non SEH Date: 27/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: http://www.html5videoplayer.net/download.html Software:...
MiniUPnPd 2.1 - Out-of-Bounds Read
MiniUPnPd 2.1 - Out-of-Bounds Read !/usr/bin/python3 miniupnpd 0: self.server.notify += line line = self.rfile.read1 except: pass self.wfile.writeb"HTTP/1.1 200 OK\r\n\r\n" def splash: print" miniupnpd '.formatargs.callbackip,args.callbackport,callbackuri, 'Timeout': 'Second-20' server =...
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 (DEP Bypass)
CloudMe Sync 1.11.2 Buffer Overflow - WoW64 DEP Bypass Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow - WoW64 - DEP Bypass Date: 24.01.2019 Exploit Author: Matteo Malvica Vendor Homepage:https://www.cloudme.com/en Software: https://www.cloudme.com/downloads/CloudMe1112.exe Category: Remote...
Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH) (DEP Bypass)
Faleemi Desktop Software 1.8 - Local Buffer Overflow SEH DEP Bypass !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Faleemi Desktop Software 1.8 - Local Buffer Overflow SEHDEP Bypass Date: 01-26-19 Vulnerable Software: Faleemi Desktop Software 1.8 Vendor Homepage:...
Cisco RV300 RV320 - Information Disclosure
Cisco RV300 RV320 - Information Disclosure Exploit Title: 6coRV Exploit Date: 01-26-2018 Exploit Author: Harom Ramos Horus Tested on: Cisco RV300/RV320 CVE : CVE-2019-1653 import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning from fakeuseragent import UserAgent d...
LogonBox Limited Hypersocket Nervepoint Access Manager - (Unauthenticated) Insecure Direct Object Reference
LogonBox Limited Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference Exploit Title: Access Manager Unauthenticated Insecure Direct Object Reference IDOR Google Dork: /runJob.html?jobId= Date: 01/22/2019 Exploit Author: 0v3rride Vendor Homepage:...
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting
MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting Exploit Title: MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting Date: 1/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1213 Version: 1.0.2 Tested on:...
R 3.4.4 XP SP3 - Buffer Overflow (Non SEH)
R 3.4.4 XP SP3 - Buffer Overflow Non SEH !/usr/bin/python Exploit Title: R 3.4.4 - Local Buffer Overflow Windows XP SP3 Date: 21/01/2019 Exploit Author: Dino Covotsos - Telspace Systems Vendor Homepage: https://cloud.r-project.org/bin/windows/ Contact: [email protected] Twitter:...
Mess Management System 1.0 - SQL Injection
Mess Management System 1.0 - SQL Injection Exploit Title: Mess Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-28 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m.testbd.xyz/ Software Link: https://www.sourcecodester.com/sites/default/files/download/biddut/ms0.zip Version:...
Smart VPN 1.1.3.0 - Denial of Service (PoC)
Smart VPN 1.1.3.0 - Denial of Service PoC Exploit Title: Smart VPN 1.1.3.0 - Denial of Service PoC Date: 1/28/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NH1G93D4HKR Version: 1.1.3.0 Tested on: Windows 10 Proof of Concept: Run...
Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection
Care2x 2.7 HIS Hospital Information System - Multiple SQL Injection Exploit Title: Care2x 2.7 HIS Hospital Information system - Multiples SQL Injection Date: 01/17/2019 Software Links/Project: https://github.com/care2x/care2x | http://www.care2x.org/ Version: Care2x 2.7 Exploit Author: Carlos Avi...
Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH)
Easy Video to iPod Converter 1.6.20 - Buffer Overflow SEH Exploit Title: Easy Video to iPod Converter - Local Buffer Overflow SEH Date: 2019-01-26 Exploit Author: Nawaf Alkeraithe Twitter: @Alkeraithe1 Vulnerable Software: Easy Video to iPod Converter 1.6.20 Vendor Homepage:...
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download Exploit Title: WordPress Plugin ad manager wd v1.0.11 - Arbitrary File Download Google Dork: N/A Date: 25.01.2019 Vendor Homepage: https://web-dorado.com/products/wordpress-ad-manager-wd.html Software:...
CMSsite 1.0 - cat_id SQL Injection
CMSsite 1.0 - catid SQL Injection Exploit Title: CMSsite 1.0 - SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version: 1.0 Tested...
BEWARD Intercom 2.3.1 - Credentials Disclosure
BEWARD Intercom 2.3.1 - Credentials Disclosure !/usr/bin/env python -- coding: utf8 -- BEWARD Intercom 2.3.1 Credentials Disclosure Vendor: Beward R&D Co., Ltd Product web page: https://www.beward.net Affected version: 2.3.1.34471 2.3.0 2.2.11 2.2.10.5 2.2.9 2.2.8.9 2.2.7.4 Note: For versions abo...
Cisco Firepower Management Center 6.2.2.2 6.2.3 - Cross-Site Scripting
Cisco Firepower Management Center 6.2.2.2 6.2.3 - Cross-Site Scripting Exploit Title: Cisco Firepower Management Center Cross-Site Scripting XSS Vulnerability Google Dork: N/A Date: 23-01-2019 Exploit Author: Bhushan B. Patil Advisory URL:...
Newsbull Haber Script 1.0.0 - search SQL Injection
Newsbull Haber Script 1.0.0 - search SQL Injection Exploit Title: Newsbull Haber Script - SQL Injection Time Based Dork: N/A Date: 28-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: http://newsbull.org/ Software Link: https://github.com/gurkanuzunca/newsbull Version: 1.0.0 Category:...
Teameyo Project Management System 1.0 - SQL Injection
Teameyo Project Management System 1.0 - SQL Injection Exploit Title: Teameyo - Project Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-28 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.teameyo.com/ Software Link:...
MySQL User-Defined (Linux) (x32x86_64) - sys_exec Local Privilege Escalation
MySQL User-Defined Linux x32x8664 - sysexec Local Privilege Escalation Exploit Title: MySQL User-Defined Linux x32 / x8664 sysexec function local privilege escalation exploit Date: 24/01/2019 Exploit Author: d7x Vendor Homepage: https://www.mysql.com Software Link: www.mysql.com Version: MySQL...
CMSsite 1.0 - search SQL Injection
CMSsite 1.0 - search SQL Injection Exploit Title: CMSsite 1.0 - 'search' SQL injection Exploit Author : Majid kalantari [email protected] Date: 2019-01-27 Vendor Homepage : https://github.com/VictorAlagwu/CMSsite Software link: https://github.com/VictorAlagwu/CMSsite/archive/master.zip Version:...
ResourceSpace 8.6 - collection_edit.php SQL Injection
ResourceSpace 8.6 - collectionedit.php SQL Injection Exploit Title: ResourceSpace &redirect=yes&ref=3620&submitted=true&name=PWNED&keywords=©=&save=%C2%A0%C2%A0Save%C2%A0%C2%A0'...
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery
AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery Exploit Title: AirTies Air5341 1.0.0.12 Modem CSRF Exploit & PoC Version: AirTies Modem Firmware 1.0.0.12 Tested on: Windows 10 x64 CVE : CVE-2019-6967 Author : Ali Can Gönüllü...
Rundeck Community Edition 3.0.13 - Persistent Cross-Site Scripting
Rundeck Community Edition 3.0.13 - Persistent Cross-Site Scripting Exploit Title: Rundeck Community Edition before 3.0.13 Multiple Stored XSS Vendor Homepage: https://www.rundeck.com/open-source Software Link: https://docs.rundeck.com/downloads.html Exploit Author: Ishaq Mohammed Contact:...
Sricam gSOAP 2.8 - Denial of Service
Sricam gSOAP 2.8 - Denial of Service !/bin/bash Exploit Title: Sricam gSOAP 2.8 - Denial of Service Date: 25/01/2019 Vendor Status: Informed 24/10/2018 CVE ID: CVE-2019-6973 Exploit Author: Andrew Watson Contact: https://keybase.io/bitfu Software Version: Sricam gSOAP 2.8 Vendor Homepage:...
Lua 5.3.5 - debug.upvaluejoin Use After Free
Lua 5.3.5 - debug.upvaluejoin Use After Free Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Lin...
GreenCMS 2.x - Arbitrary File Download
GreenCMS 2.x - Arbitrary File Download Exploit Title: Green CMS 2.x - Arbitrary File & Directory Download Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category:...
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing
Wordpress Plugin Wisechat 2.6.3 - Reverse Tabnabbing Exploit Title: Wordpress Plugin Wisechat if window.opener window.opener.parent.location.replace'http://mtk911.cf/'; if window.parent != window window.parent.location.replace'http://mtk911.cf/'; Open Redirect TEST when you click on that user. Th...
GreenCMS 2.x - SQL Injection
GreenCMS 2.x - SQL Injection Exploit Title: Green CMS 2.x - SQL Injection Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category: Webapps Tested on:...