41207 matches found
7 Tik 1.0.1.0 - Denial of Service (PoC)
7 Tik 1.0.1.0 - Denial of Service PoC Exploit Title: 7 Tik 1.0.1.0 - Denial of Service PoC Date: 1/18/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/store/productId/9NQL2QC8S935 Version: 1.0.1.0 Tested on: Windows 10 Proof of Concept: Run the...
phpTransformer 2016.9 - Directory Traversal
phpTransformer 2016.9 - Directory Traversal Exploit Title: phpTransformer 2016.9 - Directory Traversal Dork: N/A Date: 2019-01-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://phptransformer.com/ Software Link:...
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings
Joomla! Core 3.9.1 - Persistent Cross-Site Scripting in Global Configuration Textfilter Settings Exploit Title: Joomla Global Configuration Text Filter settings Stored XSS Vulnerability Date: 18/01/2019 Exploit Author: Praveen Sutar , Twitter: @praveensutar123 Vendor Homepage:...
SCP Client - Multiple Vulnerabilities (SSHtranger Things)
SCP Client - Multiple Vulnerabilities SSHtranger Things Exploit Title: SSHtranger Things Date: 2019-01-17 Exploit Author: Mark E. Haase Vendor Homepage: https://www.openssh.com/ Software Link: download link if available Version: OpenSSH 7.6p1 Tested on: Ubuntu 18.04.1 LTS CVE : CVE-2019-6111,...
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting
Oracle Reports Developer Component 12.2.1.3 - Cross-site Scripting Exploit Title: Cross-site Scripting XSS Date: 2019-01-15 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Version: 12.2.1.3...
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation Exploit Title: Check Point ZoneAlarm Local Privilege Escalation Date: 1/16/19 Exploit Author: Chris Anastasio Vendor Homepage: https://www.zonealarm.com/software/free-antivirus/ Software Link: Vulnerable Versions included in repo Versio...
Microsoft Windows CONTACT - Remote Code Execution
Microsoft Windows CONTACT - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-CONTACT-FILE-INSUFFECIENT-UI-WARNING-WEBSITE-LINK-ARBITRARY-CODE-EXECUTION.txt + ISR: ApparitionSec Vendo...
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation
Microsoft Windows 10 - XmlDocument Insecure Sharing Privilege Escalation Windows: XmlDocument Insecure Sharing Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria:...
FortiGate FortiOS 6.0.3 - LDAP Credential Disclosure
FortiGate FortiOS 6.0.3 - LDAP Credential Disclosure /usr/bin/python3 """ CVE-2018-13374 Publicado por Julio Ureña PlainText Twitter: @JulioUrena Blog Post: https://plaintext.do/My-1st-CVE-Capture-LDAP-Credentials-From-FortiGate-EN/ Referencia: https://fortiguard.com/psirt/FG-IR-18-157 Ejemplo:...
Spotify 1.0.96.181 - Proxy configuration Denial of Service (PoC)
Spotify 1.0.96.181 - Proxy configuration Denial of Service PoC Exploit Title: Spotify 1.0.96.181 - "Proxy configuration" Denial of Service PoC Discovery by: Aaron V. Hernandez Discovery Date: 2019-01-15 Vendor Homepage: https://www.spotify.com Software Link:...
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free
WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free / The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage collectio...
Coship Wireless Router 4.0.0.48 4.0.0.40 5.0.0.54 5.0.0.55 10.0.0.49 - Unauthenticated Admin Password Reset
Coship Wireless Router 4.0.0.48 4.0.0.40 5.0.0.54 5.0.0.55 10.0.0.49 - Unauthenticated Admin Password Reset history.pushState'', '', '/'...
NTPsec 1.1.2 - ntp_control (Authenticated) NULL Pointer Dereference (PoC)
NTPsec 1.1.2 - ntpcontrol Authenticated NULL Pointer Dereference PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated NULL pointer exception Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website:...
doorGets CMS 7.0 - Arbitrary File Download
doorGets CMS 7.0 - Arbitrary File Download Exploit Title: doorGets CMS 7.0 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.doorgets.com/ Software Link:...
Microsoft Windows 10 - RestrictedErrorInfo Unmarshal Section Handle Use-After-Free
Microsoft Windows 10 - RestrictedErrorInfo Unmarshal Section Handle Use-After-Free Windows: RestrictedErrorInfo Unmarshal Section Handle UAF EoP Platform: Windows 10 1709/1809 Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary Summary: The WinRT...
Roxy Fileman 1.4.5 - Arbitrary File Download
Roxy Fileman 1.4.5 - Arbitrary File Download Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Download Dork: N/A Date: 2019-01-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.roxyfileman.com/ Software Link: http://www.roxyfileman.com/download.php?f=1.4.5-php Version: 1.4.5 Category:...
NTPsec 1.1.2 - ctl_getitem Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - ctlgetitem Out-of-Bounds Read PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread1 Vendor Homepage:...
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution
ShoreTel Mitel Connect ONSITE 19.49.5200.0 - Remote Code Execution Exploit Title: ShoreTel / Mitel Connect ONSITE ST14.2 Remote Code Execution Google Dork: +"Public" +"My Conferences" +"Personal Library" +"My Profile" +19.49.5200.0 Date: 01-01-2019 Exploit Author: twosevenzero Vendor Homepage:...
NTPsec 1.1.2 - ntp_control Out-of-Bounds Read (PoC)
NTPsec 1.1.2 - ntpcontrol Out-of-Bounds Read PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 OOB read Proof of concept Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Website: https://dumpco.re/bugs/ntpsec-oobread2 Vendor Homepage:...
NTPsec 1.1.2 - config (Authenticated) Out-of-Bounds Write Denial of Service (PoC)
NTPsec 1.1.2 - config Authenticated Out-of-Bounds Write Denial of Service PoC !/usr/bin/env python Exploit Title: ntpsec 1.1.2 authenticated out of bounds write proof of concept DoS Bug Discovery: Magnus Klaaborg Stubman @magnusstubman Exploit Author: Magnus Klaaborg Stubman @magnusstubman Websit...
GL-AR300M-Lite 2.27 - (Authenticated) Command Injection Arbitrary File Download Directory Traversal
GL-AR300M-Lite 2.27 - Authenticated Command Injection Arbitrary File Download Directory Traversal Exploit Title: GL-AR300M-Lite Authenticated Command injection - Arbitrary file download - Directory Traversal Date: 15/1/2019 Exploit Author: Pasquale Turi aka boombyte Vendor Homepage:...
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length function main var ar = ; forlet i = 0; i...
Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit
Blueimps jQuery File Upload 9.22.0 - Arbitrary File Upload Exploit Exploit Title: Exploit for Blueimp's jQuery File Upload include include include include include include define BSIZE 1024 define DEBUG 1 define TESTONLY 0 void buildstring char p, char path, char arg, char ar1, int func; int main...
1Password 7.0 - Denial of Service
1Password 7.0 - Denial of Service Description The 1Password application 7.0 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivi...
Microsoft Windows VCF - Remote Code Execution
Microsoft Windows VCF - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-VCF-FILE-INSUFFICIENT-WARNING-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec + Zero Day Initiative Program...
ownDMS 4.7 - SQL Injection
ownDMS 4.7 - SQL Injection Exploit Title: ownDMS 4.7 - SQL Injection Dork: N/A Date: 2019-01-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.owndms.com/ Software Link: https://datapacket.dl.sourceforge.net/project/owndms/owndms47.zip Version: 4.7 Category: Webapps Tested on:...
AudioCode 400HD - Command Injection
AudioCode 400HD - Command Injection CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony...
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
Lenovo R2105 - Cross-Site Request Forgery Command Execution Exploit Title: Lenovo R2105 Remote Code Execution through CSRF Date: 01/14/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Version: 1.0 Tested on: Windows 10 x64 Note: The administrator who opens the URL should be...
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation Windows: DSSVC MoveFileInheritSecurity Multiple Issues EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multip...
HealthNode Hospital Management System 1.0 - SQL Injection
HealthNode Hospital Management System 1.0 - SQL Injection Exploit Title: HealthNode Hospital Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://sunriseservices.biz/ Software Link:...
Job Portal Platform 1.0 - SQL Injection
Job Portal Platform 1.0 - SQL Injection Exploit Title: Job Portal 1.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/job-portal-platform-a-complete-job-portal-website/21916934 Version: 1...
i-doit CMDB 1.12 - SQL Injection
i-doit CMDB 1.12 - SQL Injection Exploit Title: i-doit CMDB 1.12 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12...
ThinkPHP 5.X - Remote Command Execution
ThinkPHP 5.X - Remote Command Execution Exploit Title: thinkphp 5.X RCE Date: 2019-1-14 Exploit Author: vrsystem Vendor Homepage: http://www.thinkphp.cn/ Software Link: http://www.thinkphp.cn/down.html Version: 5.x Tested on: windows 7/10 CVE : None...
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection
Twilio WEB To Fax Machine System Application 1.0 - SQL Injection Exploit Title: Fax Machine System Application 1.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link:...
Across DR-810 ROM-0 - Backup File Disclosure
Across DR-810 ROM-0 - Backup File Disclosure Exploit Title: Across DR-810 ROM-0 Backup - File DisclosureSensitive Information Date: 2019-01-11 Exploit Author: SajjadBnd My Email: [email protected] Vendor Homepage: http://www.ac.i8i.ir/ Version: DR-810 Tested on: DR-810 RomPager/4.07 UPnP/1.0 +...
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Exploit Title: Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link:...
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection Exploit Title: Craigs CMS 1.0.2 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://themerig.com/ Software Link: https://codecanyon.net/item/craigs-cms-directory-listing-theme/22431565 Version: 1.0....
Live Call Support Widget 1.5 - Cross-Site Request Forgery (Add Admin)
Live Call Support Widget 1.5 - Cross-Site Request Forgery Add Admin Exploit Title: Live Call Support 1.5 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link:...
Real Estate Custom Script 2.0 - SQL Injection
Real Estate Custom Script 2.0 - SQL Injection Exploit Title: Real Estate Custom Script 2.0 - SQL Injection Dork: N/A Date: 2019-01-14 Exploit Author: Ihsan Sencan Vendor Homepage: http://ocsolutions.co.in/ Software Link: https://codecanyon.net/item/real-estate-custom-script/21268075 Version: 2.0...
Live Call Support Widget 1.5 - Remote Code Execution SQL Injection
Live Call Support Widget 1.5 - Remote Code Execution SQL Injection Exploit Title: Live Call Support 1.5 - Remote Code Execution / SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://ranksol.com/ Software Link:...
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation
Microsoft Windows 10 - SSPI Network Authentication Session 0 Privilege Escalation Windows: SSPI Network Authentication Session 0 EoP Platform: Windows 10 1803/1809 not tested earlier versions Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session boundary...
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Delete Privilege Escalation Windows: DSSVC DSOpenSharedFile Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is...
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass
Microsoft Windows 10 - DSSVC CanonicalAndValidateFilePath Security Feature Bypass Windows: DSSVC CanonicalAndValidateFilePath Security Feature Bypass Platform: Windows 10 1803 and 1809. Class: Security Feature Bypass/Elevation of Privilege Security Boundary per Windows Security Service Criteria:...
Umbraco CMS 7.12.4 - (Authenticated) Remote Code Execution
Umbraco CMS 7.12.4 - Authenticated Remote Code Execution Exploit Title: Umbraco CMS - Remote Code Execution by authenticated administrators Dork: N/A Date: 2019-01-13 Exploit Author: Gregory DRAPERI & Hugo BOUTINON Vendor Homepage: http://www.umbraco.com/ Software Link:...
i-doit CMDB 1.12 - Arbitrary File Download
i-doit CMDB 1.12 - Arbitrary File Download Exploit Title: i-doit CMDB 1.12 - Arbitrary File Download Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip...
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation Windows: DSSVC DSOpenSharedFile Arbitrary File Open EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one...
Horde Imp - imap_open Remote Command Execution
Horde Imp - imapopen Remote Command Execution Exploit Title: Horde Imp Unauthenticated Remote Command Execution Google Dork: inurl:/imp/login.php Date: 10/01/2019 Exploit Author: Paolo Serracino - Pietro Minniti - Damiano Proietti Vendor Homepage: https://www.horde.org/apps/imp/ Software Link:...
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation
Dokany 1.2.0.1000 - Stack-Based Buffer Overflow Privilege Escalation / Exploit Title - Dokany Stack-based Buffer Overflow Privilege Escalation Date - 14th January 2019 Discovered by - Parvez Anwar @parvezghh Vendor Homepage - http://dokan-dev.github.io Tested Version - 1.2.0.1000 Driver Version -...
Hucart CMS 5.7.4 - Cross-Site Request Forgery (Add Administrator Account)
Hucart CMS 5.7.4 - Cross-Site Request Forgery Add Administrator Account function posturl,fields var p = document.createElement"form"; p.action = url; p.innerHTML = fields; p.target = "self"; p.method = "post"; document.body.appendChildp; p.submit; function csrfhack var fields; fields += ""; field...
Cleanto 5.0 - SQL Injection
Cleanto 5.0 - SQL Injection Exploit Title: Cleanto 5.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://skymoonlabs.com/ Software Link: https://codecanyon.net/item/appointment-booking-software-for-cleaning-maintenance-businesses-cleanto/18397969...