41207 matches found
SeoToaster Ecommerce CRM CMS 3.0.0 - Local File Inclusion
SeoToaster Ecommerce CRM CMS 3.0.0 - Local File Inclusion Exploit Title: SeoToaster Ecommerce 3.0.0 - Local File Inclusion Dork: N/A Date: 2019-01-17 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.seotoaster.com/shopping-cart/ Software Link:...
Watchr 1.1.0.0 - Denial of Service (PoC)
Watchr 1.1.0.0 - Denial of Service PoC Exploit Title: Watchr 1.1.0.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9PN12GNX62VZ Version: 1.1.0.0 Tested on: Windows 10 Proof of Concept: Run the...
Microsoft Edge Chakra - InlineArrayPush Type Confusion
Microsoft Edge Chakra - InlineArrayPush Type Confusion / In Chakra, if you add a numeric property to an object having inlined properties, it will start transition to a new type where the space for some of previously inlined properties become for the pointer to the property slots and the pointer t...
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings Exploit Title: Joomla Global Configuration Text Filter settings Stored XSS Vulnerability Date: 18/01/2019 Exploit Author: Praveen Sutar , Twitter: @praveensutar123 Vendor Homepage:...
Microsoft Windows CONTACT - Remote Code Execution
Microsoft Windows CONTACT - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec Vendo...
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation Exploit Title: Check Point ZoneAlarm Local Privilege Escalation Date: 1/16/19 Exploit Author: Chris Anastasio Vendor Homepage: https://www.zonealarm.com/software/free-antivirus/ Software Link: Vulnerable Versions included in repo Versio...
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting Exploit Title: Cross-site Scripting XSS Date: 2019-01-15 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3...
NTPsec 1.1.2 - ntp_control Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - ntpcontrol Out-of-Bounds Read PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread2 Vendor Homepage:...
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection Arbitrary File Download Directory Traversal
GL-AR300M-Lite 2.27 - Authenticated Command Injection Arbitrary File Download Directory Traversal Exploit Title: GL-AR300M-Lite Authenticated Command injection - Arbitrary file download - Directory Traversal Date: 15/1/2019 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage:...
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation Windows: XmlDocument Insecure Sharing Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria:...
NTPsec 1.1.2 - ntp_control (Authenticated) NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - ntpcontrol Authenticated NULL Pointer Dereference PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated NULL pointer exception Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website:...
Roxy Fileman 1.4.5 - Arbitrary File Download
Roxy Fileman 1.4.5 - Arbitrary File Download Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php Version: 1.4.5 Category:...
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free / The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage collectio...
Spotify 1.0.96.181 - Proxy configuration Denial of Service (PoC)
Spotify 1.0.96.181 - Proxy configuration Denial of Service PoC Exploit Title: Spotify 1.0.96.181 - "Proxy configuration" Denial of Service PoC Discovery by: Aaron V. Hernandez Discovery Date: 2019-01-15 Vendor Homepage: https://www.spotify.com Software Link:...
Coship Wireless Router 4.0.0.48 4.0.0.40 5.0.0.54 5.0.0.55 10.0.0.49 - Unauthenticated Admin Password Reset
Coship Wireless Router 4.0.0.48 4.0.0.40 5.0.0.54 5.0.0.55 10.0.0.49 - Unauthenticated Admin Password Reset history.pushState'', '', '/'...
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length function main var ar = ; forlet i = 0; i...
NTPsec 1.1.2 - config (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
NTPsec 1.1.2 - config Authenticated Out-of-Bounds Write Denial of Service PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated out of bounds write proof of concept DoS Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Websit...
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage:...
NTPsec 1.1.2 - ctl_getitem Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - ctlgetitem Out-of-Bounds Read PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread1 Vendor Homepage:...
FortiGate FortiOS 6.0.3 - LDAP Credential Disclosure
FortiGate FortiOS 6.0.3 - LDAP Credential Disclosure /usr/bin/python3 """ CVE-2018-13374 Publicado por Julio Ureña PlainText Twitter: @JulioUrena Blog Post: https://plaintext.do/My-1st-CVE-Capture-LDAP-Credentials-From-FortiGate-EN/ Referencia: https://fortiguard.com/psirt/FG-IR-18-157 Ejemplo:...
doorGets CMS 7.0 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download Exploit Title: doorGets CMS 7.0 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.doorgets.com/ Software Link:...
Microsoft Windows 10 - RestrictedErrorInfo Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - RestrictedErrorInfo Unmarshal Section Handle Use-After-Free Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT...
Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit Exploit Title: Exploit for Blueimp's jQuery File Upload include include include include include include define BSIZE 1024 define DEBUG 1 define TESTONLY 0 void buildstring char p, char path, char arg, char ar1, int func; int main...
Microsoft Windows VCF - Remote Code Execution
Microsoft Windows VCF - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec + Zero Day Initiative Program...
ownDMS 4.7 - SQL Injection
ownDMS 4.7 - SQL Injection Exploit Title: ownDMS 4.7 - SQL Injection Dork: N/A Date: 2019-01-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.owndms.com/ Software Link: https://datapacket.dl.sourceforge.net/project/owndms/owndms47.zip Version: 4.7 Category: Webapps Tested on:...
1Password 7.0 - Denial of Service
1Password 7.0 - Denial of Service Description The 1Password application 7.0 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivi...
i-doit CMDB 1.12 - Arbitrary File Download
i-doit CMDB 1.12 - Arbitrary File Download Exploit Title: i-doit CMDB 1.12 - Arbitrary File Download Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip...
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
Hucart CMS 5.7.4 - Cross-Site Request Forgery Add Administrator Account function posturl,fields var p = document.createElement"form"; p.action = url; p.innerHTML = fields; p.target = "self"; p.method = "post"; document.body.appendChildp; p.submit; function csrfhack var fields; fields += ""; field...
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection Exploit Title: Fax Machine System Application 1.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link:...
ThinkPHP 5.X - Remote Command Execution
ThinkPHP 5.X - Remote Command Execution Exploit Title: thinkphp 5.X RCE Date: 2019-1-14 Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None...
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
Lenovo R2105 - Cross-Site Request Forgery Command Execution Exploit Title: Lenovo R2105 Remote Code Execution through CSRF Date: 01/14/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Version: 1.0 Tested on: Windows 10 x64 Note: The administrator who opens the URL should be...
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation Windows: SSPI Network Authentication Session 0 EoP Platform: Windows 10 1803/1809 not tested earlier versions Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session boundary...
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation / Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version -...
Modern POS 1.3 - SQL Injection
Modern POS 1.3 - SQL Injection Exploit Title: Modern POS 1.3 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link: https://codecanyon.net/item/modern-pos-point-of-sale-with-stock-management-system/22702683 Version: 1.3...
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broke...
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution Exploit Title: Umbraco CMS - Remote Code Execution by authenticated administrators Dork: N/A Date: 2019-01-13 Exploit Author: Gregory DRAPERI & Hugo BOUTINON Vendor Homepage: http://www.umbraco.com/ Software Link:...
Hootoo HT-05 - Remote Code Execution (Metasploit)
Hootoo HT-05 - Remote Code Execution Metasploit require 'msf/core' require 'net/http' require "uri" class MetasploitModule 'Hotoo HT-05 remote shell exploit', 'Description' = %q This module tries to open a door in the device by exploiting the RemoteCodeExecution by creating a backdoor inside the...
Live Call Support Widget 1.5 - Remote Code Execution SQL Injection
Live Call Support Widget 1.5 - Remote Code Execution SQL Injection Exploit Title: Live Call Support 1.5 - Remote Code Execution / SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link:...
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
Live Call Support Widget 1.5 - Cross-Site Request Forgery Add Admin Exploit Title: Live Call Support 1.5 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link:...
Modern POS 1.3 - Arbitrary File Download
Modern POS 1.3 - Arbitrary File Download Exploit Title: Modern POS 1.3 - Arbitrary File Download Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link:...
Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection
Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open...
Across DR-810 ROM-0 - Backup File Disclosure
Across DR-810 ROM-0 - Backup File Disclosure Exploit Title: Across DR-810 ROM-0 Backup - File DisclosureSensitive Information Date: 2019-01-11 Exploit Author: SajjadBnd My Email: [email protected] Vendor Homepage: http://www.ac.i8i.ir/ Version: DR-810 Tested on: DR-810 RomPager/4.07 UPnP/1.0 +...
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria:...
Real Estate Custom Script 2.0 - SQL Injection
Real Estate Custom Script 2.0 - SQL Injection Exploit Title: Real Estate Custom Script 2.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 2.0...
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is...
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Exploit Title: Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link:...
Job Portal Platform 1.0 - SQL Injection
Job Portal Platform 1.0 - SQL Injection Exploit Title: Job Portal 1.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/job-portal-platform-a-complete-job-portal-website/21916934 Version: 1...
HealthNode Hospital Management System 1.0 - SQL Injection
HealthNode Hospital Management System 1.0 - SQL Injection Exploit Title: HealthNode Hospital Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://sunriseservices.biz/ Software Link:...
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summar...
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection Exploit Title: Craigs CMS 1.0.2 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://themerig.com/ Software Link: https://codecanyon.net/item/craigs-cms-directory-listing-theme/22431565 Version: 1.0....