41207 matches found
Modern POS 1.3 - Arbitrary File Download
Modern POS 1.3 - Arbitrary File Download Exploit Title: Modern POS 1.3 - Arbitrary File Download Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link:...
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation
Microsoft Windows 10 - COM Desktop Broker Privilege Escalation Windows: COM Desktop Broker Elevation of Privilege Platform: Windows 10 1809 almost certainly earlier versions as well. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: AppContainer Sandbox Summar...
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation
Microsoft Windows 10 - Browser Broker Cross Session Privilege Escalation Windows: Browser Broker Cross Session EoP Platform: Windows 10 1803 not tested anything else. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: Session Boundary Summary: The Browser Broke...
Find a Place CMS Directory 1.5 - SQL Injection
Find a Place CMS Directory 1.5 - SQL Injection Exploit Title: Locations CMS 1.5 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://themerig.com/ Software Link: https://codecanyon.net/item/locations-multipurpose-cms-directory-theme/21098597 Version: 1....
Modern POS 1.3 - SQL Injection
Modern POS 1.3 - SQL Injection Exploit Title: Modern POS 1.3 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://itsolution24.com/ Software Link: https://codecanyon.net/item/modern-pos-point-of-sale-with-stock-management-system/22702683 Version: 1.3...
Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection
Portier Vision 4.4.4.2 4.4.4.6 - SQL Injection -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2018-012 Product: PORTIER Affected Versions: 4.4.4.2, 4.4.4.6 Tested Versions: 4.4.4.2, 4.4.4.6 Vulnerability Type: SQL Injection CWE-89 Risk Level: HIGH Solution Status: Open...
Hootoo HT-05 - Remote Code Execution (Metasploit)
Hootoo HT-05 - Remote Code Execution Metasploit require 'msf/core' require 'net/http' require "uri" class MetasploitModule 'Hotoo HT-05 remote shell exploit', 'Description' = %q This module tries to open a door in the device by exploiting the RemoteCodeExecution by creating a backdoor inside the...
xorg-x11-server 1.20.3 (Solaris 11) - inittab Local Privilege Escalation
xorg-x11-server 1.20.3 Solaris 11 - inittab Local Privilege Escalation !/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the...
S-nail 14.8.16 - Local Privilege Escalation
S-nail 14.8.16 - Local Privilege Escalation !/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c ... . Compiling...
Serv-U FTP Server 15.1.7 - Local Privilege Escalation (2)
Serv-U FTP Server 15.1.7 - Local Privilege Escalation 2 !/bin/bash SUroot - Local root exploit for Serv-U FTP Server versions prior to 15.1.7 CVE-2019-12181 Bash variant of Guy Levin's Serv-U FTP Server exploit: - https://github.com/guywhataguy/CVE-2019-12181 ---...
ASANSUID - Local Privilege Escalation
ASANSUID - Local Privilege Escalation !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a...
Tree Studio 2.17 - Denial of Service (PoC)
Tree Studio 2.17 - Denial of Service PoC Exploit Title: Tree Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbtreestudioinstall.exe Version: 2.17...
Paint Studio 2.17 - Denial of Service (PoC)
Paint Studio 2.17 - Denial of Service PoC Exploit Title: Paint Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpaintstudioinstall.exe Version: 2.17...
Pixel Studio 2.17 - Denial of Service (PoC)
Pixel Studio 2.17 - Denial of Service PoC Exploit Title: Pixel Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpixelstudioinstall.exe Version: 2.17...
Adapt Inventory Management System 1.0 - SQL Injection
Adapt Inventory Management System 1.0 - SQL Injection Exploit Title: Adapt Inventory Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.adaptinventory.com/ Software Link:...
Blob Studio 2.17 - Denial of Service (PoC)
Blob Studio 2.17 - Denial of Service PoC Exploit Title: Blob Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbblobstudioinstall.exe Version: 2.17...
Selfie Studio 2.17 - Denial of Service (PoC)
Selfie Studio 2.17 - Denial of Service PoC Exploit Title: Selfie Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbselfiestudioinstall.exe Version:...
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)
Code Blocks 17.12 - Local Buffer Overflow SEH Unicode !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Code Blocks 17.12 - Local Buffer Overflow SEHUnicode Date: 01-10-2019 Vulnerable Software: Code Blocks 17.12 Vendor Homepage: http://www.codeblocks.org/ Version: 17.12 Softwar...
Joomla! Component JoomCRM 1.1.1 - SQL Injection
Joomla! Component JoomCRM 1.1.1 - SQL Injection Exploit Title: Joomla! Component JoomCRM 1.1.1 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/joomcrm/...
Luminance Studio 2.17 - Denial of Service (PoC)
Luminance Studio 2.17 - Denial of Service PoC Exploit Title: Luminance Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbluminancestudioinstall.exe...
Liquid Studio 2.17 - Denial of Service (PoC)
Liquid Studio 2.17 - Denial of Service PoC Exploit Title: Liquid Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbliquidstudioinstall.exe Version:...
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure Exploit Title: Joomla! Component JoomProject 1.1.3.2 - Information Disclosure Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link:...
OpenSSH SCP Client - Write Arbitrary Files
OpenSSH SCP Client - Write Arbitrary Files ''' Title: SSHtranger Things Author: Mark E. Haase Homepage: https://www.hyperiongray.com Date: 2019-01-17 CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS,...
doitX 1.0 - search SQL Injection
doitX 1.0 - search SQL Injection Exploit Title: doitX 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://mybizcms.com/ Software Link: https://codecanyon.net/item/doitx/23041037 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
MLMPro 1.0 - SQL Injection
MLMPro 1.0 - SQL Injection Exploit Title: Matrix MLM Script 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://royallifefoundation.org/ Software Link: https://codecanyon.net/item/mlmpro-multistage-forced-matrix-mlm-script/23050292 Version: 1.0...
Matrix MLM Script 1.0 - Information Disclosure
Matrix MLM Script 1.0 - Information Disclosure Exploit Title: Matrix MLM Script 1.0 - Information Leakage Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://royallifefoundation.org/ Software Link:...
OpenSource ERP 6.3.1. - SQL Injection
OpenSource ERP 6.3.1. - SQL Injection Exploit Title: OpenSource ERP SQL Injection Date: 10.01.2019 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.nelson-it.ch Software Link: http://sourceforge.net/projects/opensourceerp/files/Windows/erp6.3.1.exe/download Version: v6.3.1 Tested on: Window...
Architectural 1.0 - email SQL Injection
Architectural 1.0 - email SQL Injection Exploit Title: Architectural Cms 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/architectural-multipage-theme-admin-panel/20968597 Version: 1.0...
eBrigade ERP 4.5 - Arbitrary File Download
eBrigade ERP 4.5 - Arbitrary File Download !/usr/bin/python import mechanize, sys, cookielib, requests import colorama, urllib, re, random, urllib2 import wget from colorama import Fore from tqdm import tqdm from pathlib import Path def bannerche: print '''...
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)
RGui 3.5.0 - Local Buffer Overflow SEHDEP Bypass !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: RGui 3.5.0 - Local Buffer Overflow SEHDEP Bypass Date: 01-09-2018 Vulnerable Software: RGui 3.5.0 Vendor Homepage: https://www.r-project.org/ Version: 3.5.0 Software Link:...
Event Calendar 3.7.4 - id SQL Injection
Event Calendar 3.7.4 - id SQL Injection Exploit Title: Event Calendar 3.7.4 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/event-calendar-phpmysql-plugin/19246267 Version: 3.7.4 Category: Webapp...
Event Locations 1.0.1 - id SQL Injection
Event Locations 1.0.1 - id SQL Injection Exploit Title: Event Locations 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/event-locations-phpmysql-plugin/22100679 Version: 1.0.1 Category:...
PEAR Archive_Tar 1.4.4 - PHP Object Injection
PEAR ArchiveTar 1.4.4 - PHP Object Injection PEAR ArchiveTar temptarname will be called in the destructor method. If another class with useful gadget is loaded, remote code execution may be possible. Steps to reproduce object injection and arbitrary file deletion: 1. Make sure that PHP & PEAR are...
eBrigade ERP 4.5 - SQL Injection
eBrigade ERP 4.5 - SQL Injection Exploit Title: eBrigade ERP 4.5 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://ebrigade.net/ Software Link: https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade4.5.zip Version: 4....
Shield CMS 2.2 - email SQL Injection
Shield CMS 2.2 - email SQL Injection Exploit Title: SHIELD - Freelancer Content Management System 2.2 - SQL Injection / CSRF Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link:...
BlogEngine 3.3 - XML External Entity Injection
BlogEngine 3.3 - XML External Entity Injection XML External Entity Injection Vulnerability in BlogEngine 3.3 Information -------------------- Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3 Homepage:...
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service PoC function main var vArr = new Array; var bigArray = new Array0x20000000; vArr0 = String.prototype.toLowerCase.callbigArray; vArr1 = String.prototype.toLowerCase.callbigArray; vArr2 =...
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Update Admin Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/...
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion Windows: DSSVC CheckFilePermission Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple...
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
Microsoft Office SharePoint Server 2016 - Denial of Service Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sharepoint-ruby' class MetasploitModule 'DOS Vulnerability in SharePoint 2016 Server',...
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork / When a non-root user attempts to e.g. control systemd units in the system instance from an active session over DBus, the access is gated by a polkit policy that requires "authadminkeep" auth. This results in an auth prompt bein...
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
ZTE MF65 BDHDV6MF65V1.0.0B05 - Cross-Site Scripting Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version:...
Dolibarr ERP-CRM 8.0.4 - rowid SQL Injection
Dolibarr ERP-CRM 8.0.4 - rowid SQL Injection Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Date: 08.01.2019 Exploit Author: Mehmet Önder Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zi...
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation
CF Image Hosting Script 1.6.5 - Delete all Pictures Privilege Escalation !/usr/bin/env python """ Exploit Title: CF Image Hosting Script 1.6.5: Delete database Google Dork: "Powered By CF Image Hosting script" Date: 01/08/2019 Exploit Author: David Tavarez Vendor Homepage:...
Wireshark - get_t61_string Heap Out-of-Bounds Read
Wireshark - gett61string Heap Out-of-Bounds Read The following crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of Wireshark, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file". --- cut ---...
Roxy Fileman 1.4.5 - Unrestricted File Upload Directory Traversal
Roxy Fileman 1.4.5 - Unrestricted File Upload Directory Traversal ====================================================================== Exploit Title:: Multiple Vulnerabilities Software: Roxy Fileman Version: 1.4.5 Vendor Homepage: http://www.roxyfileman.com/ Software Link:...
Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - Cross-Site Request Forgery
Leica Geosystems GR10GR25GR30GR50 GNSS 4.30.063 - Cross-Site Request Forgery...
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference function f1 try var v1 = eventhandler1; catche var v2 = document.createElementNS"http://www.w3.org/2000/svg", “pattern”; v2.addEventListener"1", v1; var v3 = document.createElement“option”; var v4 = document.createElement“select”; v44 = v3;...
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting
MyBB OUGC Awards Plugin 1.8.3 - Persistent Cross-Site Scripting Exploit Title: MyBB OUGC Awards Plugin v1.8.3 - Cross-Site Scripting Date: 12/31/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=396 Version: 1.8.3 Tested on...
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting
PLC Wireless Router GPN2.4P21-C-CN - Cross-Site Scripting Exploit Title: PLC Wireless Router GPN2.4P21-C-CN -Reflected XSS Date: 21/12/2018 Exploit Author: Kumar Saurav Reference: https://0dayfindings.home.blog/2018/12/26/plc-wireless-router-gpn2-4p21-c-cn-reflected-xss/ Vendor: ChinaMobile...