41207 matches found
Find a Place CMS Directory 1.5 - SQL Injection
Find a Place CMS Directory 1.5 - SQL Injection Exploit Title: Locations CMS 1.5 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://themerig.com/ Software Link: https://codecanyon.net/item/locations-multipurpose-cms-directory-theme/21098597 Version: 1....
Cleanto 5.0 - SQL Injection
Cleanto 5.0 - SQL Injection Exploit Title: Cleanto 5.0 - SQL Injection Dork: N/A Date: 2019-01-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://skymoonlabs.com/ Software Link: https://codecanyon.net/item/appointment-booking-software-for-cleaning-maintenance-businesses-cleanto/18397969...
AudioCode 400HD - Command Injection
AudioCode 400HD - Command Injection CVE-2018-10093 Remote command injection vulnerability in AudioCode IP phones Description The AudioCodes 400HD series of IP phones consists in a range of easy-to-use, feature-rich desktop devices for the service provider hosted services, enterprise IP telephony...
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation Windows: DSSVC DSOpenSharedFile Arbitrary File Open EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one...
xorg-x11-server 1.20.3 (Solaris 11) - inittab Local Privilege Escalation
xorg-x11-server 1.20.3 Solaris 11 - inittab Local Privilege Escalation !/bin/sh Exploit Title: xorg-x11-server A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the...
i-doit CMDB 1.12 - SQL Injection
i-doit CMDB 1.12 - SQL Injection Exploit Title: i-doit CMDB 1.12 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.i-doit.org/ Software Link: https://netcologne.dl.sourceforge.net/project/i-doit/i-doit/1.12/idoit-open-1.12.zip Version: 1.12...
Horde Imp - imap_open Remote Command Execution
Horde Imp - imapopen Remote Command Execution Exploit Title: Horde Imp Unauthenticated Remote Command Execution Google Dork: inurl:/imp/login.php Date: 10/01/2019 Exploit Author: Paolo Serracino - Pietro Minniti - Damiano Proietti Vendor Homepage: https://www.horde.org/apps/imp/ Software Link:...
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation
Microsoft Windows 10 - DSSVC MoveFileInheritSecurity Privilege Escalation Windows: DSSVC MoveFileInheritSecurity Multiple Issues EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multip...
Serv-U FTP Server 15.1.7 - Local Privilege Escalation (2)
Serv-U FTP Server 15.1.7 - Local Privilege Escalation 2 !/bin/bash SUroot - Local root exploit for Serv-U FTP Server versions prior to 15.1.7 CVE-2019-12181 Bash variant of Guy Levin's Serv-U FTP Server exploit: - https://github.com/guywhataguy/CVE-2019-12181 ---...
S-nail 14.8.16 - Local Privilege Escalation
S-nail 14.8.16 - Local Privilege Escalation !/bin/sh Wrapper for @wapiflapi's s-nail-privget.c local root exploit for CVE-2017-5899 uses ld.so.preload technique --- Found privsep: /usr/lib/s-nail/s-nail-privsep . Compiling /var/tmp/.snail.so.c ... . Compiling /var/tmp/.sh.c ... . Compiling...
ASANSUID - Local Privilege Escalation
ASANSUID - Local Privilege Escalation !/bin/bash unsanitary.sh - ASAN/SUID Local Root Exploit Exploits er, unsanitized env var passing in ASAN which leads to file clobbering as root when executing setuid root binaries compiled with ASAN. Uses an overwrite of /etc/ld.so.preload to get root on a...
Luminance Studio 2.17 - Denial of Service (PoC)
Luminance Studio 2.17 - Denial of Service PoC Exploit Title: Luminance Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbluminancestudioinstall.exe...
Liquid Studio 2.17 - Denial of Service (PoC)
Liquid Studio 2.17 - Denial of Service PoC Exploit Title: Liquid Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbliquidstudioinstall.exe Version:...
Joomla! Component JoomCRM 1.1.1 - SQL Injection
Joomla! Component JoomCRM 1.1.1 - SQL Injection Exploit Title: Joomla! Component JoomCRM 1.1.1 - SQL Injection Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link: https://extensions.joomla.org/extensions/extension/marketing/crm/joomcrm/...
Pixel Studio 2.17 - Denial of Service (PoC)
Pixel Studio 2.17 - Denial of Service PoC Exploit Title: Pixel Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpixelstudioinstall.exe Version: 2.17...
Adapt Inventory Management System 1.0 - SQL Injection
Adapt Inventory Management System 1.0 - SQL Injection Exploit Title: Adapt Inventory Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.adaptinventory.com/ Software Link:...
OpenSSH SCP Client - Write Arbitrary Files
OpenSSH SCP Client - Write Arbitrary Files ''' Title: SSHtranger Things Author: Mark E. Haase Homepage: https://www.hyperiongray.com Date: 2019-01-17 CVE: CVE-2019-6111, CVE-2019-6110 Advisory: https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt Tested on: Ubuntu 18.04.1 LTS,...
Code Blocks 17.12 - Local Buffer Overflow (SEH) (Unicode)
Code Blocks 17.12 - Local Buffer Overflow SEH Unicode !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Code Blocks 17.12 - Local Buffer Overflow SEHUnicode Date: 01-10-2019 Vulnerable Software: Code Blocks 17.12 Vendor Homepage: http://www.codeblocks.org/ Version: 17.12 Softwar...
Selfie Studio 2.17 - Denial of Service (PoC)
Selfie Studio 2.17 - Denial of Service PoC Exploit Title: Selfie Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbselfiestudioinstall.exe Version:...
Blob Studio 2.17 - Denial of Service (PoC)
Blob Studio 2.17 - Denial of Service PoC Exploit Title: Blob Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbblobstudioinstall.exe Version: 2.17...
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure
Joomla! Component JoomProject 1.1.3.2 - Information Disclosure Exploit Title: Joomla! Component JoomProject 1.1.3.2 - Information Disclosure Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://joomboost.com/ Software Link:...
Tree Studio 2.17 - Denial of Service (PoC)
Tree Studio 2.17 - Denial of Service PoC Exploit Title: Tree Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbtreestudioinstall.exe Version: 2.17...
Paint Studio 2.17 - Denial of Service (PoC)
Paint Studio 2.17 - Denial of Service PoC Exploit Title: Paint Studio 2.17 - Denial of Service PoC Dork: N/A Date: 2019-01-11 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.pixarra.com/ Software Link: http://www.pixarra.com/uploads/9/4/6/3/94635436/tbpaintstudioinstall.exe Version: 2.17...
Matrix MLM Script 1.0 - Information Disclosure
Matrix MLM Script 1.0 - Information Disclosure Exploit Title: Matrix MLM Script 1.0 - Information Leakage Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://royallifefoundation.org/ Software Link:...
Architectural 1.0 - email SQL Injection
Architectural 1.0 - email SQL Injection Exploit Title: Architectural Cms 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/architectural-multipage-theme-admin-panel/20968597 Version: 1.0...
doitX 1.0 - search SQL Injection
doitX 1.0 - search SQL Injection Exploit Title: doitX 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://mybizcms.com/ Software Link: https://codecanyon.net/item/doitx/23041037 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...
Event Locations 1.0.1 - id SQL Injection
Event Locations 1.0.1 - id SQL Injection Exploit Title: Event Locations 1.0.1 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/event-locations-phpmysql-plugin/22100679 Version: 1.0.1 Category:...
RGui 3.5.0 - Local Buffer Overflow (SEH)(DEP Bypass)
RGui 3.5.0 - Local Buffer Overflow SEHDEP Bypass !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: RGui 3.5.0 - Local Buffer Overflow SEHDEP Bypass Date: 01-09-2018 Vulnerable Software: RGui 3.5.0 Vendor Homepage: https://www.r-project.org/ Version: 3.5.0 Software Link:...
OpenSource ERP 6.3.1. - SQL Injection
OpenSource ERP 6.3.1. - SQL Injection Exploit Title: OpenSource ERP SQL Injection Date: 10.01.2019 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.nelson-it.ch Software Link: http://sourceforge.net/projects/opensourceerp/files/Windows/erp6.3.1.exe/download Version: v6.3.1 Tested on: Window...
PEAR Archive_Tar 1.4.4 - PHP Object Injection
PEAR ArchiveTar 1.4.4 - PHP Object Injection PEAR ArchiveTar temptarname will be called in the destructor method. If another class with useful gadget is loaded, remote code execution may be possible. Steps to reproduce object injection and arbitrary file deletion: 1. Make sure that PHP & PEAR are...
MLMPro 1.0 - SQL Injection
MLMPro 1.0 - SQL Injection Exploit Title: Matrix MLM Script 1.0 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://royallifefoundation.org/ Software Link: https://codecanyon.net/item/mlmpro-multistage-forced-matrix-mlm-script/23050292 Version: 1.0...
Event Calendar 3.7.4 - id SQL Injection
Event Calendar 3.7.4 - id SQL Injection Exploit Title: Event Calendar 3.7.4 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link: https://codecanyon.net/item/event-calendar-phpmysql-plugin/19246267 Version: 3.7.4 Category: Webapp...
Shield CMS 2.2 - email SQL Injection
Shield CMS 2.2 - email SQL Injection Exploit Title: SHIELD - Freelancer Content Management System 2.2 - SQL Injection / CSRF Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: http://ezcode.pt/ Software Link:...
eBrigade ERP 4.5 - SQL Injection
eBrigade ERP 4.5 - SQL Injection Exploit Title: eBrigade ERP 4.5 - SQL Injection Dork: N/A Date: 2019-01-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://ebrigade.net/ Software Link: https://netcologne.dl.sourceforge.net/project/ebrigade/ebrigade/eBrigade%204.5/ebrigade4.5.zip Version: 4....
eBrigade ERP 4.5 - Arbitrary File Download
eBrigade ERP 4.5 - Arbitrary File Download !/usr/bin/python import mechanize, sys, cookielib, requests import colorama, urllib, re, random, urllib2 import wget from colorama import Fore from tqdm import tqdm from pathlib import Path def bannerche: print '''...
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service PoC function main var vArr = new Array; var bigArray = new Array0x20000000; vArr0 = String.prototype.toLowerCase.callbigArray; vArr1 = String.prototype.toLowerCase.callbigArray; vArr2 =...
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork
polkit - Temporary auth Hijacking via PID Reuse and Non-atomic Fork / When a non-root user attempts to e.g. control systemd units in the system instance from an active session over DBus, the access is gated by a polkit policy that requires "authadminkeep" auth. This results in an auth prompt bein...
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery (Update Admin)
Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Update Admin Exploit Title: Heatmiser Wifi Thermostat 1.7 - Cross-Site Request Forgery Dork: intitle:"Heatmiser Wifi Thermostat" & you can use shodan Date: 2019-01-09 Exploit Author: sajjadbnd Vendor Lnk: https://www.heatmiser.com/en/...
Microsoft Office SharePoint Server 2016 - Denial of Service (Metasploit)
Microsoft Office SharePoint Server 2016 - Denial of Service Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'sharepoint-ruby' class MetasploitModule 'DOS Vulnerability in SharePoint 2016 Server',...
ZTE MF65 BD_HDV6MF65V1.0.0B05 - Cross-Site Scripting
ZTE MF65 BDHDV6MF65V1.0.0B05 - Cross-Site Scripting Exploit Title: Reflected Cross-Site Scripting on ZTE MF65 Date: 01/09/2019 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009483 Version:...
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion
Microsoft Windows - DSSVC CheckFilePermission Arbitrary File Deletion Windows: DSSVC CheckFilePermission Arbitrary File Delete EoP Platform: Windows 10 1803 and 1809. Class: Elevation of Privilege Security Boundary per Windows Security Service Criteria: User boundary NOTE: This is one of multiple...
BlogEngine 3.3 - XML External Entity Injection
BlogEngine 3.3 - XML External Entity Injection XML External Entity Injection Vulnerability in BlogEngine 3.3 Information -------------------- Advisory by Netsparker Name: XML External Entity Injection Vulnerability in BlogEngine 3.3 Affected Software: BlogEngine Affected Versions: 3.3 Homepage:...
Dolibarr ERP-CRM 8.0.4 - rowid SQL Injection
Dolibarr ERP-CRM 8.0.4 - rowid SQL Injection Title: Dolibarr ERP-CRM 8.0.4 - 'rowid' SQL Injection Date: 08.01.2019 Exploit Author: Mehmet Önder Key Vendor Homepage: https://www.dolibarr.org/ Software Link: https://sourceforge.net/projects/dolibarr/files/Dolibarr%20ERP-CRM/8.0.4/dolibarr-8.0.4.zi...
CF Image Hosting Script 1.6.5 - (Delete all Pictures) Privilege Escalation
CF Image Hosting Script 1.6.5 - Delete all Pictures Privilege Escalation !/usr/bin/env python """ Exploit Title: CF Image Hosting Script 1.6.5: Delete database Google Dork: "Powered By CF Image Hosting script" Date: 01/08/2019 Exploit Author: David Tavarez Vendor Homepage:...
Wireshark - get_t61_string Heap Out-of-Bounds Read
Wireshark - gett61string Heap Out-of-Bounds Read The following crash due to a heap-based out-of-bounds memory read can be observed in an ASAN build of Wireshark, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file". --- cut ---...
Wordpress Plugin UserPro 4.9.21 - User Registration Privilege Escalation
Wordpress Plugin UserPro 4.9.21 - User Registration Privilege Escalation Exploit Title: Wordpress Plugin UserPro 4.9.21 User Registration With Administrator Role Google Dork: inurl:/wp-content/plugins/userpro/ Date: 3rd January, 2019 Exploit Author: Noman Riffat Vendor Homepage:...
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation
KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Exploit Title : KioWare Server Version 4.9.6 - Weak Folder Permissions Privilege Escalation Date : 10/12/2018 Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : https://www.kioware.com/ Tested on : Windows...
MyT Project Management 1.5.1 - Charge[group_total] SQL Injection
MyT Project Management 1.5.1 - Chargegrouptotal SQL Injection Exploit Title: MyT-PM 1.5.1 - 'Chargegrouptotal' SQL Injection Date: 03.01.2019 Exploit Author: Mehmet Önder Key Vendor Homepage: https://manageyourteam.net/ Software Link: https://sourceforge.net/projects/myt/ Version: v1.5.1 Category...
All in One Video Downloader 1.2 - (Authenticated) SQL Injection
All in One Video Downloader 1.2 - Authenticated SQL Injection Exploit Title: All in One Video Downloader 1.2 - SQL Injection Google Dork: "developed by Niche Office" Date: 1 Jan 2019 Exploit Author: Deyaa Muhammad Author EMail: contact at deyaa.me Author Blog: http://deyaa.me Vendor Homepage:...
Mailcleaner - (Authenticated) Remote Code Execution (Metasploit)
Mailcleaner - Authenticated Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Mailcleaner Remote Code Execution", 'Description' = %q This module exploits the...