41207 matches found
iOSmacOS - task_swap_mach_voucher() Use-After-Free
iOSmacOS - taskswapmachvoucher Use-After-Free / voucherswap-poc.c Brandon Azad / if 0 iOS/macOS: taskswapmachvoucher does not respect MIG semantics leading to use-after-free The dangers of not obeying MIG semantics have been well documented: see issues 926 CVE-2016-7612, 954 CVE-2016-7633, 1417...
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection
Cisco RV320 Dual Gigabit WAN VPN Router 1.4.2.15 - Command Injection RedTeam Pentesting discovered a command injection vulnerability in the web-based certificate generator feature of the Cisco RV320 router. Details ======= Product: Cisco RV320 Dual Gigabit WAN VPN Router, possibly others Affected...
Joomla! Component JHotelReservation 6.0.7 - SQL Injection
Joomla! Component JHotelReservation 6.0.7 - SQL Injection Exploit Title: Joomla! Component JHotelReservation 6.0.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...
ImpressCMS 1.3.11 - bid SQL Injection
ImpressCMS 1.3.11 - bid SQL Injection Title: ImpressCMS 1.3.11 - 'bid' SQL Injection Date: 21.01.2019 Exploit Author: Mehmet Onder Key Vendor Homepage: http://www.impresscms.org/ Software Link: https://sourceforge.net/projects/impresscms/files/v1.3.11/impresscms1.3.11.zip Version: v1.3.11 Categor...
Joomla! Component J-CruisePortal 6.0.4 - SQL Injection
Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Exploit Title: Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link: https://www.cmsjunkie.com/joomla-cruise-reservation-portal...
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
Zyxel NBG-418N v2 Modem 1.00AAXM.6C0 - Cross-Site Request Forgery NBG-418N v2 Modem CSRF Exploit & PoC...
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an...
SimplePress CMS 1.0.7 - SQL Injection
SimplePress CMS 1.0.7 - SQL Injection Exploit Title: SimplePress CMS 1.0.7 - SQL Injection Dork: N/A Date: 2019-01-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/simplepresscms/ Software Link:...
SirsiDynix e-Library 3.5.x - Cross-Site Scripting
SirsiDynix e-Library 3.5.x - Cross-Site Scripting Exploit Title: SirsiDynix e-Library = 3.5.x - Cross-Site Scripting CVE: CVE-2018-20503 Date: 2019-24-01 Google Dork: inurl:/x/x/0/49 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://www.sirsidynix.c...
Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution
Splunk Enterprise 7.2.3 - Authenticated Custom App Remote Code Execution !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Date: January 23, 2019 Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...
Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)
Microsoft Remote Desktop 10.2.4134 - Denial of Service PoC Exploit Title: Microsoft Remote Desktop 10.2.4134 - Denial of Service PoC Date: 2019/01/24 Author: Saeed Hasanzadeh Net.Hun73r Twitter: @nethun73r Software Link: https://itunes.apple.com/us/app/microsoft-remote-desktop-10/id1295203466?mt=...
Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection
Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection Exploit Title: Joomla! Component J-MultipleHotelReservation 6.0.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...
Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection
Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection Exploit Title: Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...
Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation
Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation Exploit Title: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation Date: 2019-01-22 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.nagios.com/ Product: Nagios XI Software Link:...
Microsoft Windows CONTACT - HTML Injection Remote Code Execution
Microsoft Windows CONTACT - HTML Injection Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-HTML-INJECTION-MAILTO-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec ...
Joomla! Component vBizz 1.0.7 - Remote Code Execution
Joomla! Component vBizz 1.0.7 - Remote Code Execution Exploit Title: Joomla! Component vBizz 1.0.7 - Remote Code Execution Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component vBizz 1.0.7 - SQL Injection
Joomla! Component vBizz 1.0.7 - SQL Injection Exploit Title: Joomla! Component vBizz 1.0.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/ Version:...
Joomla! Component vWishlist 1.0.1 - SQL Injection
Joomla! Component vWishlist 1.0.1 - SQL Injection Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component vReview 1.9.11 - SQL Injection
Joomla! Component vReview 1.9.11 - SQL Injection Exploit Title: Joomla! Component vReview 1.9.11 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component J-BusinessDirectory 4.9.7 - type SQL Injection
Joomla! Component J-BusinessDirectory 4.9.7 - type SQL Injection Exploit Title: Joomla! Component J-BusinessDirectory 4.9.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...
Joomla! Component vAccount 2.0.2 - vid SQL Injection
Joomla! Component vAccount 2.0.2 - vid SQL Injection Exploit Title: Joomla! Component vAccount 2.0.2 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component VMap 1.9.6 - SQL Injection
Joomla! Component VMap 1.9.6 - SQL Injection Exploit Title: Joomla! Component VMap 1.9.6 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component vRestaurant 1.9.4 - SQL Injection
Joomla! Component vRestaurant 1.9.4 - SQL Injection Exploit Title: Joomla! Component vRestaurant 1.9.4 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion Exploit Title: Joomla! Component Easy Shop 1.2.3 - Local File Inclusion Dork: N/A Date: 2019-01-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://joomtech.net/ Software D.:...
CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt
CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow + Egghunt Date: 23.04.2018 Exploit Author:T3jv1l Vendor Homepage:https://www.cloudme.com/en Software: https://www.cloudme.com/downloads/CloudMe1112.exe Category:Local...
Microsoft Windows VCF or Contact File - URL Manipulation-Spoof Arbitrary Code Execution
Microsoft Windows VCF or Contact File - URL Manipulation-Spoof Arbitrary Code Execution Exploit Title: Microsoft Windows 'VCF' or 'Contact' File URL Manipulation-Spoof Arbitrary Code Execution Vulnerability -- Remote Vector Google Dork: N/A Date: January, 21 2019 Exploit Author: Eduardo Braun Pra...
PHP Dashboards NEW 5.8 - Local File Inclusion
PHP Dashboards NEW 5.8 - Local File Inclusion Exploit Title: PHP Dashboards NEW 5.8 - Local File Inclusion Dork: N/A Date: 2019-01-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://dataninja.biz Software Link:...
Linux Kernel 4.13 - compat_get_timex() Leak Kernel Pointer
Linux Kernel 4.13 - compatgettimex Leak Kernel Pointer define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32 struct time...
PHP Uber-style GeoTracking 1.1 - SQL Injection
PHP Uber-style GeoTracking 1.1 - SQL Injection Exploit Title: PHP Uber-style GeoTracking 1.1 - SQL Injection Dork: N/A Date: 2019-01-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://dataninja.biz Software Link: https://codecanyon.net/item/php-uberstyle-geotracking/20320021 Version: 1.1...
Echo Mirage 3.1 - Buffer Overflow (PoC)
Echo Mirage 3.1 - Buffer Overflow PoC !/usr/bin/python Exploit Title: Echo Mirage 3.1 Buffer Overflow PoC Stack Overflow Date: 21-01-2019 Software Link: https://sourceforge.net/projects/echomirage.oldbutgold.p/ Version: 3.1 x64 Exploit Author: InitD Community Contact: https://twitter.com/initdsh...
PHP Dashboards NEW 5.8 - dashID SQL Injection
PHP Dashboards NEW 5.8 - dashID SQL Injection Exploit Title: PHP Dashboards NEW 5.8 - SQL Injection Dork: N/A Date: 2019-01-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://dataninja.biz Software Link: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104...
Reservic 1.0 - id SQL Injection
Reservic 1.0 - id SQL Injection Exploit Title: Reservic - Reserves Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-20 Exploit Author: Ihsan Sencan Vendor Homepage: http://ragob.com/ Software Link: https://codecanyon.net/item/reservic-reserves-management-system/11736786 Version: 1.0...
Kepler Wallpaper Script 1.1 - SQL Injection
Kepler Wallpaper Script 1.1 - SQL Injection Exploit Title: Kepler Wallpaper Script 1.1 - SQL Injection Dork: N/A Date: 2019-01-19 Exploit Author: Ihsan Sencan Vendor Homepage: https://keplerwallpapers.online/ Software Link: https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script Version: 1.1...
Coman 1.0 - id SQL Injection
Coman 1.0 - id SQL Injection Exploit Title: Coman - Company Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-20 Exploit Author: Ihsan Sencan Vendor Homepage: http://ragob.com/ Software Link: https://codecanyon.net/item/coman-company-management-system/17799270 Version: 1.0 Category:...
Adianti Framework 5.5.0 - SQL Injection
Adianti Framework 5.5.0 - SQL Injection Exploit Title: SQL Injection in Adianti Framework Date: 2018-12-18 Exploit Author: Joner de Mello Assolin Vendor Homepage: https://www.adianti.com.br Version: 5.5.0 and 5.6.0 REQUIRED Tested on: XAMPP Version 7.2.2, phpMyAdmin 4.7.7 and 4.8.4, PHP 7.1 ,...
MoneyFlux 1.0 - id SQL Injection
MoneyFlux 1.0 - id SQL Injection Exploit Title: MoneyFlux - Cashflow Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-20 Exploit Author: Ihsan Sencan Vendor Homepage: http://ragob.com/ Software Link: https://codecanyon.net/item/moneyflux-laravel-5-cashflow-system/21577611 Version: 1....
GattLib 0.2 - Stack Buffer Overflow
GattLib 0.2 - Stack Buffer Overflow Exploit Title: stack-based overflow Date: 2019-11-21 Exploit Author: Dhiraj Mishra Vendor Homepage: http://labapart.com/ Software Link: https://github.com/labapart/gattlib/issues/81 Version: 0.2 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-6498 References:...
Microsoft Edge Chakra - JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode Use-After-Free
Microsoft Edge Chakra - JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode Use-After-Free / The JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it's essentially written in...
7 Tik 1.0.1.0 - Denial of Service (PoC)
7 Tik 1.0.1.0 - Denial of Service PoC Exploit Title: 7 Tik 1.0.1.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NQL2QC8S935 Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the...
Webmin 1.900 - Remote Command Execution (Metasploit)
Webmin 1.900 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Webmin 1.900 - Remote Command Execution', 'Description' = %q...
Pydio AjaXplorer 5.0.4 - (Unauthenticated) Arbitrary File Upload
Pydio AjaXplorer 5.0.4 - Unauthenticated Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Vulnerability In Pydio/AjaXplorer 5.0.3 – 3.3.5 Date: 01/18/2019 Exploit Author: @jazz Vendor Homepage: https://pydio.com/ Software Link:...
Eco Search 1.0.2.0 - Denial of Service (PoC)
Eco Search 1.0.2.0 - Denial of Service PoC Exploit Title: Eco Search 1.0.2.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9N05DCQP5C3W Version: 1.0.2.0 Tested on: Windows 10 Proof of Concept: R...
phpTransformer 2016.9 - Directory Traversal
phpTransformer 2016.9 - Directory Traversal Exploit Title: phpTransformer 2016.9 - Directory Traversal Dork: N/A Date: 2019-01-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link:...
FastTube 1.0.1.0 - Denial of Service (PoC)
FastTube 1.0.1.0 - Denial of Service PoC Exploit Title: FastTube 1.0.1.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9MXS9JVDP25V Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run t...
Microsoft Edge Chakra - InitClass Type Confusion
Microsoft Edge Chakra - InitClass Type Confusion / Issue description This is similar to issue 1702 https://www.exploit-db.com/exploits/46203 . This time, it uses an InitClass instruction to reach the SetIsPrototype method. PoC: / function opto, c, value o.b = 1; class A extends c o.a = value;...
One Search 1.1.0.0 - Denial of Service (PoC)
One Search 1.1.0.0 - Denial of Service PoC Exploit Title: One Search 1.1.0.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9PMR5QNS5LTL Version: 1.1.0.0 Tested on: Windows 10 Proof of Concept: R...
phpTransformer 2016.9 - SQL Injection
phpTransformer 2016.9 - SQL Injection Exploit Title: phpTransformer 2016.9 - SQL Injection Dork: N/A Date: 2019-01-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link:...
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
SCP Client - Multiple Vulnerabilities SSHtranger Things Exploit Title: SSHtranger Things Date: 2019-01-17 Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111,...
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
VPN Browser+ 1.1.0.0 - Denial of Service PoC Exploit Title: VPN Browser+ 1.1.0.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NFFFFS5Z2C7 Version: 1.1.0.0 Tested on: Windows 10 Proof of Concep...
Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion
Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusio...