41207 matches found
GreenCMS 2.x - Arbitrary File Download
GreenCMS 2.x - Arbitrary File Download Exploit Title: Green CMS 2.x - Arbitrary File & Directory Download Dork: N/A Date: 2019-01-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.greencms.net/ Software Link: https://codeload.github.com/GreenCMS/GreenCMS/zip/beta Version: 2.x Category:...
Lua 5.3.5 - debug.upvaluejoin Use After Free
Lua 5.3.5 - debug.upvaluejoin Use After Free Exploit Title: Lua 5.3.5 Exploit Author: Fady Mohamed Osman https://twitter.com/fadyothman Exploit-db : http://www.exploit-db.com/author/?a=2986 Blog : https://blog.fadyothman.com/ Date: Jan. 10th 2019 Vendor Homepage: https://www.lua.org/ Software Lin...
SimplePress CMS 1.0.7 - SQL Injection
SimplePress CMS 1.0.7 - SQL Injection Exploit Title: SimplePress CMS 1.0.7 - SQL Injection Dork: N/A Date: 2019-01-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/simplepresscms/ Software Link:...
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution
Ghostscript 9.26 - Pseudo-Operator Remote Code Execution I noticed ghostscript 9.26 was released, so had a quick look and spotted some errors. For background, this is how you define a subroutine in postscript: /hello hello\n print def That's simple enough, but because a subroutine is just an...
ImpressCMS 1.3.11 - bid SQL Injection
ImpressCMS 1.3.11 - bid SQL Injection Title: ImpressCMS 1.3.11 - 'bid' SQL Injection Date: 21.01.2019 Exploit Author: Mehmet Onder Key Vendor Homepage: http://www.impresscms.org/ Software Link: https://sourceforge.net/projects/impresscms/files/v1.3.11/impresscms1.3.11.zip Version: v1.3.11 Categor...
Microsoft Remote Desktop 10.2.4(134) - Denial of Service (PoC)
Microsoft Remote Desktop 10.2.4134 - Denial of Service PoC Exploit Title: Microsoft Remote Desktop 10.2.4134 - Denial of Service PoC Date: 2019/01/24 Author: Saeed Hasanzadeh Net.Hun73r Twitter: @nethun73r Software Link: https://itunes.apple.com/us/app/microsoft-remote-desktop-10/id1295203466?mt=...
Splunk Enterprise 7.2.3 - (Authenticated) Custom App Remote Code Execution
Splunk Enterprise 7.2.3 - Authenticated Custom App Remote Code Execution !/usr/bin/python Exploit Title: Splunk Enterprise 7.2.3 Custom App RCE persistent backdoor Date: January 23, 2019 Exploit Author: Lee Mazzoleni Vendor Homepage: https://www.splunk.com/ Software Link:...
SirsiDynix e-Library 3.5.x - Cross-Site Scripting
SirsiDynix e-Library 3.5.x - Cross-Site Scripting Exploit Title: SirsiDynix e-Library = 3.5.x - Cross-Site Scripting CVE: CVE-2018-20503 Date: 2019-24-01 Google Dork: inurl:/x/x/0/49 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://www.sirsidynix.c...
Joomla! Component JHotelReservation 6.0.7 - SQL Injection
Joomla! Component JHotelReservation 6.0.7 - SQL Injection Exploit Title: Joomla! Component JHotelReservation 6.0.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...
Joomla! Component J-CruisePortal 6.0.4 - SQL Injection
Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Exploit Title: Joomla! Component J-CruisePortal 6.0.4 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link: https://www.cmsjunkie.com/joomla-cruise-reservation-portal...
Zyxel NBG-418N v2 Modem 1.00(AAXM.6)C0 - Cross-Site Request Forgery
Zyxel NBG-418N v2 Modem 1.00AAXM.6C0 - Cross-Site Request Forgery NBG-418N v2 Modem CSRF Exploit & PoC...
Joomla! Component J-BusinessDirectory 4.9.7 - type SQL Injection
Joomla! Component J-BusinessDirectory 4.9.7 - type SQL Injection Exploit Title: Joomla! Component J-BusinessDirectory 4.9.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...
Joomla! Component vBizz 1.0.7 - SQL Injection
Joomla! Component vBizz 1.0.7 - SQL Injection Exploit Title: Joomla! Component vBizz 1.0.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/vbizz/ Version:...
Joomla! Component vWishlist 1.0.1 - SQL Injection
Joomla! Component vWishlist 1.0.1 - SQL Injection Exploit Title: Joomla! Component vWishlist 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Microsoft Windows CONTACT - HTML Injection Remote Code Execution
Microsoft Windows CONTACT - HTML Injection Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-HTML-INJECTION-MAILTO-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec ...
Joomla! Component vReview 1.9.11 - SQL Injection
Joomla! Component vReview 1.9.11 - SQL Injection Exploit Title: Joomla! Component vReview 1.9.11 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation
Nagios XI 5.5.6 - Remote Code Execution Privilege Escalation Exploit Title: Nagios XI 5.5.6 Remote Code Execution and Privilege Escalation Date: 2019-01-22 Exploit Author: Chris Lyne @lynerc Vendor Homepage: https://www.nagios.com/ Product: Nagios XI Software Link:...
Joomla! Component vRestaurant 1.9.4 - SQL Injection
Joomla! Component vRestaurant 1.9.4 - SQL Injection Exploit Title: Joomla! Component vRestaurant 1.9.4 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component vAccount 2.0.2 - vid SQL Injection
Joomla! Component vAccount 2.0.2 - vid SQL Injection Exploit Title: Joomla! Component vAccount 2.0.2 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection
Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection Exploit Title: Joomla! Component J-ClassifiedsManager 3.0.5 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...
Joomla! Component vBizz 1.0.7 - Remote Code Execution
Joomla! Component vBizz 1.0.7 - Remote Code Execution Exploit Title: Joomla! Component vBizz 1.0.7 - Remote Code Execution Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component VMap 1.9.6 - SQL Injection
Joomla! Component VMap 1.9.6 - SQL Injection Exploit Title: Joomla! Component VMap 1.9.6 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://wdmtech.com/ Software Link:...
Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection
Joomla! Component JMultipleHotelReservation 6.0.7 - SQL Injection Exploit Title: Joomla! Component J-MultipleHotelReservation 6.0.7 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://cmsjunkie.com/ Software Link:...
Microsoft Windows VCF or Contact File - URL Manipulation-Spoof Arbitrary Code Execution
Microsoft Windows VCF or Contact File - URL Manipulation-Spoof Arbitrary Code Execution Exploit Title: Microsoft Windows 'VCF' or 'Contact' File URL Manipulation-Spoof Arbitrary Code Execution Vulnerability -- Remote Vector Google Dork: N/A Date: January, 21 2019 Exploit Author: Eduardo Braun Pra...
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion Exploit Title: Joomla! Component Easy Shop 1.2.3 - Local File Inclusion Dork: N/A Date: 2019-01-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://joomtech.net/ Software D.:...
CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt
CloudMe Sync 1.11.2 - Buffer Overflow + Egghunt Exploit Title: CloudMe Sync v1.11.2 Buffer Overflow + Egghunt Date: 23.04.2018 Exploit Author:T3jv1l Vendor Homepage:https://www.cloudme.com/en Software: https://www.cloudme.com/downloads/CloudMe1112.exe Category:Local...
Adianti Framework 5.5.0 - SQL Injection
Adianti Framework 5.5.0 - SQL Injection Exploit Title: SQL Injection in Adianti Framework Date: 2018-12-18 Exploit Author: Joner de Mello Assolin Vendor Homepage: https://www.adianti.com.br Version: 5.5.0 and 5.6.0 REQUIRED Tested on: XAMPP Version 7.2.2, phpMyAdmin 4.7.7 and 4.8.4, PHP 7.1 ,...
Echo Mirage 3.1 - Buffer Overflow (PoC)
Echo Mirage 3.1 - Buffer Overflow PoC !/usr/bin/python Exploit Title: Echo Mirage 3.1 Buffer Overflow PoC Stack Overflow Date: 21-01-2019 Software Link: https://sourceforge.net/projects/echomirage.oldbutgold.p/ Version: 3.1 x64 Exploit Author: InitD Community Contact: https://twitter.com/initdsh...
Linux Kernel 4.13 - compat_get_timex() Leak Kernel Pointer
Linux Kernel 4.13 - compatgettimex Leak Kernel Pointer define GNUSOURCE define BSDSOURCE include include include include include include include include include include include include include include include include include include // Ubuntu 4.13.0-16-generic // gcc -o poc poc.c -m32 struct time...
MoneyFlux 1.0 - id SQL Injection
MoneyFlux 1.0 - id SQL Injection Exploit Title: MoneyFlux - Cashflow Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-20 Exploit Author: Ihsan Sencan Vendor Homepage: http://ragob.com/ Software Link: https://codecanyon.net/item/moneyflux-laravel-5-cashflow-system/21577611 Version: 1....
PHP Dashboards NEW 5.8 - Local File Inclusion
PHP Dashboards NEW 5.8 - Local File Inclusion Exploit Title: PHP Dashboards NEW 5.8 - Local File Inclusion Dork: N/A Date: 2019-01-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://dataninja.biz Software Link:...
Coman 1.0 - id SQL Injection
Coman 1.0 - id SQL Injection Exploit Title: Coman - Company Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-20 Exploit Author: Ihsan Sencan Vendor Homepage: http://ragob.com/ Software Link: https://codecanyon.net/item/coman-company-management-system/17799270 Version: 1.0 Category:...
PHP Uber-style GeoTracking 1.1 - SQL Injection
PHP Uber-style GeoTracking 1.1 - SQL Injection Exploit Title: PHP Uber-style GeoTracking 1.1 - SQL Injection Dork: N/A Date: 2019-01-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://dataninja.biz Software Link: https://codecanyon.net/item/php-uberstyle-geotracking/20320021 Version: 1.1...
GattLib 0.2 - Stack Buffer Overflow
GattLib 0.2 - Stack Buffer Overflow Exploit Title: stack-based overflow Date: 2019-11-21 Exploit Author: Dhiraj Mishra Vendor Homepage: http://labapart.com/ Software Link: https://github.com/labapart/gattlib/issues/81 Version: 0.2 Tested on: Linux 4.15.0-38-generic CVE: CVE-2019-6498 References:...
PHP Dashboards NEW 5.8 - dashID SQL Injection
PHP Dashboards NEW 5.8 - dashID SQL Injection Exploit Title: PHP Dashboards NEW 5.8 - SQL Injection Dork: N/A Date: 2019-01-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://dataninja.biz Software Link: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104...
Reservic 1.0 - id SQL Injection
Reservic 1.0 - id SQL Injection Exploit Title: Reservic - Reserves Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-20 Exploit Author: Ihsan Sencan Vendor Homepage: http://ragob.com/ Software Link: https://codecanyon.net/item/reservic-reserves-management-system/11736786 Version: 1.0...
Kepler Wallpaper Script 1.1 - SQL Injection
Kepler Wallpaper Script 1.1 - SQL Injection Exploit Title: Kepler Wallpaper Script 1.1 - SQL Injection Dork: N/A Date: 2019-01-19 Exploit Author: Ihsan Sencan Vendor Homepage: https://keplerwallpapers.online/ Software Link: https://codeclerks.com/PHP/1559/Kepler-Wallpaper-Script Version: 1.1...
Webmin 1.900 - Remote Command Execution (Metasploit)
Webmin 1.900 - Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Webmin 1.900 - Remote Command Execution', 'Description' = %q...
Eco Search 1.0.2.0 - Denial of Service (PoC)
Eco Search 1.0.2.0 - Denial of Service PoC Exploit Title: Eco Search 1.0.2.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9N05DCQP5C3W Version: 1.0.2.0 Tested on: Windows 10 Proof of Concept: R...
Microsoft Edge Chakra - InitClass Type Confusion
Microsoft Edge Chakra - InitClass Type Confusion / Issue description This is similar to issue 1702 https://www.exploit-db.com/exploits/46203 . This time, it uses an InitClass instruction to reach the SetIsPrototype method. PoC: / function opto, c, value o.b = 1; class A extends c o.a = value;...
Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion
Microsoft Edge Chakra - NewScObjectNoCtor or InitProto Type Confusion NewScObjectNoCtor and InitProto opcodes are treated as having no side effects, but actually they can have via the SetIsPrototype method of the type handler that can cause transition to a new type. This can lead to type confusio...
Microsoft Edge Chakra - InlineArrayPush Type Confusion
Microsoft Edge Chakra - InlineArrayPush Type Confusion / In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer t...
phpTransformer 2016.9 - SQL Injection
phpTransformer 2016.9 - SQL Injection Exploit Title: phpTransformer 2016.9 - SQL Injection Dork: N/A Date: 2019-01-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link:...
One Search 1.1.0.0 - Denial of Service (PoC)
One Search 1.1.0.0 - Denial of Service PoC Exploit Title: One Search 1.1.0.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9PMR5QNS5LTL Version: 1.1.0.0 Tested on: Windows 10 Proof of Concept: R...
FastTube 1.0.1.0 - Denial of Service (PoC)
FastTube 1.0.1.0 - Denial of Service PoC Exploit Title: FastTube 1.0.1.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9MXS9JVDP25V Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run t...
SeoToaster Ecommerce CRM CMS 3.0.0 - Local File Inclusion
SeoToaster Ecommerce CRM CMS 3.0.0 - Local File Inclusion Exploit Title: SeoToaster Ecommerce 3.0.0 - Local File Inclusion Dork: N/A Date: 2019-01-17 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.seotoaster.com/shopping-cart/ Software Link:...
Microsoft Edge Chakra - JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode Use-After-Free
Microsoft Edge Chakra - JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode Use-After-Free / The JsBuiltInEngineInterfaceExtensionObject::InjectJsBuiltInLibraryCode method is used to execute JsBuiltIn.js which initializes some builtin objects. Because it's essentially written in...
Pydio AjaXplorer 5.0.4 - (Unauthenticated) Arbitrary File Upload
Pydio AjaXplorer 5.0.4 - Unauthenticated Arbitrary File Upload Exploit Title: Unauthenticated Arbitrary File Upload Vulnerability In Pydio/AjaXplorer 5.0.3 – 3.3.5 Date: 01/18/2019 Exploit Author: @jazz Vendor Homepage: https://pydio.com/ Software Link:...
Watchr 1.1.0.0 - Denial of Service (PoC)
Watchr 1.1.0.0 - Denial of Service PoC Exploit Title: Watchr 1.1.0.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9PN12GNX62VZ Version: 1.1.0.0 Tested on: Windows 10 Proof of Concept: Run the...
VPN Browser+ 1.1.0.0 - Denial of Service (PoC)
VPN Browser+ 1.1.0.0 - Denial of Service PoC Exploit Title: VPN Browser+ 1.1.0.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NFFFFS5Z2C7 Version: 1.1.0.0 Tested on: Windows 10 Proof of Concep...