41207 matches found
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
ZeusCart 4.0 - Cross-Site Request Forgery Deactivate Customer Accounts Exploit Title: ZeusCart 4.0 Deactivate Customer Accounts CSRF Date: 12/20/2018 Exploit Author: mqt Vendor Homepage: http://http://www.zeuscart.com/ Version: Zeus Cart 4.0 CSRF 1. Vulnerability Description Due to the form not...
Microsoft Edge 42.17134.1.0 - Tree::ANode::DocumentLayout Denial of Service
Microsoft Edge 42.17134.1.0 - Tree::ANode::DocumentLayout Denial of Service Exploit Title: Microsoft Edge edgehtml.dll!Tree::ANode::DocumentLayout. Denial of Service PoC Google Dork: N/A Date: 2018-11-11 Exploit Author: Bogdan Kurinnoy [email protected] Vendor Homepage:...
Netatalk 3.1.12 - Authentication Bypass (PoC)
Netatalk 3.1.12 - Authentication Bypass PoC import socket import struct import sys if lensys.argv != 3: sys.exit0 ip = sys.argv1 port = intsys.argv2 sock = socket.socketsocket.AFINET, socket.SOCKSTREAM print "+ Attempting connection to " + ip + ":" + sys.argv2 sock.connectip, port dsipayload =...
AnyBurn 4.3 - Local Buffer Overflow (SEH)
AnyBurn 4.3 - Local Buffer Overflow SEH !/usr/bin/env python Exploit Title: AnyBurn 4.3 - Local Buffer Overflow SEH Unicode Date: 20-12-2018 Exploit Author: Matteo Malvica Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Tested Version: 4.3 32-bit...
192.168.2.10
A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...
i5KgPODid4AYSjd
A Remote Browser's Agent XSS is a piece of software that allows a remote "operator" to control a browser as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "XSS" software is usually associated with criminal or malicious activity...
VBScript - VbsErase Reference Leak Use-After-Free
VBScript - VbsErase Reference Leak Use-After-Free There is an reference leak in Microsoft VBScript that can be turned into an use-after-free given sufficient time. The vulnerability has been confirmed in Internet Explorer on various Windows versions with the latest patches applied. Details:...
VBScript - MSXML Execution Policy Bypass
VBScript - MSXML Execution Policy Bypass According to https://blogs.windows.com/msedgedev/2017/07/07/update-disabling-vbscript-internet-explorer-11/, Starting from Windows 10 Fall Creators Update, VBScript execution in IE 11 should be disabled for websites in the Internet Zone and the Restricted...
Microsoft Windows - MsiAdvertiseProduct Arbitrary File CopyRead
Microsoft Windows - MsiAdvertiseProduct Arbitrary File CopyRead The bug is in “MsiAdvertiseProduct” Calling this function will result in a file copy by the installer service. This will copy an arbitrary file that we can control with the first parameter into c:\windows\installer … a check gets don...
Base64 Decoder 1.1.2 - Local Buffer Overflow (SEH)
Base64 Decoder 1.1.2 - Local Buffer Overflow SEH !/usr/bin/env python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Base64 Decoder 1.1.2 - Local Buffer Overflow SEH Date: 12-20-18 Vulnerable Software: Base64 Decoder 1.1.2 Vendor Homepage: http://4mhz.de/b64dec.html Version: 1.1.2 Software...
LanSpy 2.0.1.159 - Buffer Overflow (SEH) (Egghunter)
LanSpy 2.0.1.159 - Buffer Overflow SEH Egghunter...
XMPlay 3.8.3 - .m3u Local Stack Overflow Code Execution
XMPlay 3.8.3 - .m3u Local Stack Overflow Code Execution !/usr/bin/env python -- coding: utf-8 -- Exploit Title: XMPlay 3.8.3 - '.m3u' Code Execution PoC Date: 2018-12-19 Exploit Author: s7acktrac3 Vendor Homepage: https://www.xmplay.com/ Software Link:...
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution (Metasploit)
Rukovoditel Project Management CRM 2.3.1 - Remote Code Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class MetasploitModule 'Rukovoditel Project Management/CRM...
IBM Operational Decision Manager 8.x - XML External Entity Injection
IBM Operational Decision Manager 8.x - XML External Entity Injection Exploit Title: XML External Entity Injection XXE Date: 2018-12-18 Exploit Author: Mohamed M.Fouad - From SecureMisr Company Vendor Homepage: https://www-01.ibm.com/support/docview.wss?uid=ibm10744149 Version: v8.6 - v8.7 - v8.8 ...
LanSpy 2.0.1.159 - Local Buffer Overflow
LanSpy 2.0.1.159 - Local Buffer Overflow !/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: LanSpy 2.0.1.159 - Local Buffer Overflow RCEPoC Date: 2018-12-16 Author: Juan Prescotto Tested...
PassFab RAR 9.3.2 - Buffer Overflow (SEH)
PassFab RAR 9.3.2 - Buffer Overflow SEH Exploit Title: PassFab RAR Password Recovery SEH Local Exploit Date: 16-12-2018 Vendor Homepage:https://www.passfab.com/products/rar-password-recovery.html Software Link: https://www.passfab.com/downloads/passfab-rar-password-recovery.exe Exploit Author:...
Integria IMS 5.0.83 - Cross-Site Request Forgery
Integria IMS 5.0.83 - Cross-Site Request Forgery Exploit Title: Integria IMS 5.0.83 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-12-19 Google Dork: N/A Vendor: Artica ST Software Link: https://github.com/articaST/integriaims Affected Versio...
Yeswiki Cercopitheque - id SQL Injection
Yeswiki Cercopitheque - id SQL Injection Exploit Title: SQL Injection in Yeswiki Cercopitheque Date: 02/07/2018 Exploit Author: Mickael BROUTY @ark1nar - FIDENS Vendor Homepage: https://yeswiki.net Software Link: https://repository.yeswiki.net/cercopitheque/yeswiki-cercopitheque-2018-12-07-1.zip...
PDF Explorer 1.5.66.2 - Buffer Overflow (SEH)
PDF Explorer 1.5.66.2 - Buffer Overflow SEH Exploit Title: PDF Explorer SEH Local Exploit Original Discovery:Gionathan "John" Reale DoS exploit Exploit Author: Achilles Date: 18-12-2018 Vendor Homepage: http://www.rttsoftware.com/ Software Link:...
Bolt CMS 3.6.2 - Cross-Site Scripting
Bolt CMS 3.6.2 - Cross-Site Scripting Exploit Title: Bolt CMS https://github.com/rdincel1/Bolt-CMS-3.6.2---Cross-Site-Scripting/raw/master/bolt-v3.6.2.zip Affected Version: alert"Raif" Description Bolt CMS 3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of ...
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
Hotel Booking Script 3.4 - Cross-Site Request Forgery Change Admin Password Exploit Title: Admin Account take over Via CSRF Google Dork: N/A Date: 17-12-2018 Exploit Author: Sainadh Jamalpur Vendor Homepage: https://www.phpjabbers.com/hotel-booking-system/ Software Link:...
Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure
Linux Kernel 4.4 - rtnetlink Stack Memory Disclosure / Briefs - CVE-2016-4486 has discovered and reported by Kangjie Lu. - This is local exploit against the CVE-2016-4486. Tested version - Distro : Ubuntu 16.04 - Kernel version : 4.4.0-21-generic - Arch : x8664 Prerequisites - None Goal - Leak...
Integria IMS 5.0.83 - search_string Cross-Site Scripting
Integria IMS 5.0.83 - searchstring Cross-Site Scripting Exploit Title: Integria IMS 5.0.83 - Cross-Site Scripting Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-12-18 Google Dork: N/A Vendor: Artica ST Software Link: https://github.com/articaST/integriaims Affected...
MiniShare 1.4.1 - HEADPOST Remote Buffer Overflow
MiniShare 1.4.1 - HEADPOST Remote Buffer Overflow Not only the GET method is vulnerable to BOF CVE-2004-2271. HEAD and POST methods are also vulnerable. The difference is minimal, both are exploited in the same way. Only 1 byte difference: GET = 3, HEAD and POST = 4 length...
SDL Web Content Manager 8.5.0 - XML External Entity Injection
SDL Web Content Manager 8.5.0 - XML External Entity Injection Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Company : Canon Security Date : 25/11/2018 Software Information Affected Software : SDL Web Content Manager Version: Build 8.5.0 Vendor: SDL Tridion Software websi...
Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service
Exel Password Recovery 8.2.0.0 - Local Buffer Overflow Denial of Service Exploit Title: Excel Password Recovery Professional Date: 15-12-2018 Vendor Homepage:https://www.recoverlostpassword.com/ Software Link :https://www.recoverlostpassword.com/downloads/excelpasswordrecoveryprotrial.exe Exploit...
AnyBurn 4.3 - Local Buffer Overflow (PoC)
AnyBurn 4.3 - Local Buffer Overflow PoC Exploit Title: AnyBurn Date: 15-12-2018 Vendor Homepage: http://www.anyburn.com/ Software Link : http://www.anyburn.com/anyburnsetup.exe Exploit Author: Achilles Tested Version: 4.3 32-bit Tested on: Windows 7 x64 Vulnerability Type: Denial of Service DoS...
MegaPing - Local Buffer Overflow Denial of Service
MegaPing - Local Buffer Overflow Denial of Service Exploit Title: MegaPing Date: 15-12-2018 Vendor Homepage: http://www.magnetosoft.com/ Software Link: http://www.magnetosoft.com/downloads/win32/megapingsetup.exe Exploit Author: Achilles Tested Version: Tested on: Windows 7 x64 Vulnerability Type...
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow
Nsauditor 3.0.28.0 - Local SEH Buffer Overflow Exploit Title: Nsauditor Local SEH Buffer Overflow Date: 15-12-2018 Vendor Homepage:http://www.nsauditor.com Software Link: http://www.nsauditor.com/downloads/nsauditorsetup.exe Exploit Author: Achilles Tested Version: 3.0.28.0 Tested on: Windows XP...
Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write
Microsoft Windows - jscript!JsArrayFunctionHeapSort Out-of-Bounds Write function f0 function f1 f2.prototype = arguments; new f2; function f2 Array.prototype.sort.callthis, f0; f11, 2, 3; !-- ========================================================= Details: JsArrayFunctionHeapSort is called when...
192.168.3.174
A remote administration tool a RAT is a piece of software that allows a remote "operator" to control a system as if he has physical access to that system. While desktop sharing and remote administration have many legal uses, "RAT" software is usually associated with criminal or malicious activity...
Google Chrome 70 - SQLite Magellan Crash (PoC)
Google Chrome 70 - SQLite Magellan Crash PoC This proof-of-concept crashes the Chrome renderer process using Tencent Blade Team's Magellan SQLite3 bug. It's based on a SQLite test case from the commit that fixed the bug. If you're using Chrome 70 or below, tap the button below to crash this page:...
phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read
phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read !/usr/bin/env python coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLoggername log.setLevellogging.DEBUG tmpformat =...
Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure (2)
Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure 2 Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7691 CVE: CVE-2018-7691...
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution
Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution Exploit Title: Facebook And Google Reviews System For Businesses 1.1 - Remote Code Execution Dork: N/A Date: 2018-12-14 Exploit Author: Ihsan Sencan Vendor Homepage:...
Fortify Software Security Center (SSC) 17.1017.2018.10 - Information Disclosure
Fortify Software Security Center SSC 17.1017.2018.10 - Information Disclosure Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-7690 CVE: CVE-2018-7690 CVSS...
Huawei Router HG532e - Command Execution
Huawei Router HG532e - Command Execution !/bin/python ''' Author : Rebellion Github : @rebe11ion Twitter : @rebellion ''' import urllib2,requests,os,sys from requests.auth import HTTPDigestAuth DEFAULTHEADERS = "User-Agent": "Mozilla", DEFAULTTIMEOUT = 5 def fetchurlurl: global DEFAULTHEADERS,...
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery Change Admin Password Exploit Title: Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery Date: 2018-12-13 Exploit Author: Veyselxan Vendor Homepage:...
UltraISO 9.7.1.3519 - Output FileName Denial of Service (PoC)
UltraISO 9.7.1.3519 - Output FileName Denial of Service PoC Exploit Title: UltraISO 9.7.1.3519 - 'Output FileName' Denial of Service PoC and Pointer to next SEH and SE handler records overwrite Discovery by: Francisco Ramirez Discovery Date: 2018-12-14 Vendor Homepage: https://www.ultraiso.com/...
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection
Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Exploit Title: Facebook And Google Reviews System For Businesses 1.1 - SQL Injection Dork: N/A Date: 2018-12-14 Exploit Author: Ihsan Sencan Vendor Homepage:...
Responsive FileManager 9.13.4 - Multiple Vulnerabilities
Responsive FileManager 9.13.4 - Multiple Vulnerabilities Responsive FileManager 9.13.4 - Multiple Vulnerabilities Date: December 12, 2018 Author: farisv Vendor Homepage: https://www.responsivefilemanager.com/ Vulnerable Package Link:...
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow (SEH)
Zortam MP3 Media Studio 24.15 - Local Buffer Overflow SEH Exploit Title: Zortam MP3 Media Studio Version 24.15 Exploit SEH Version: 24.15 Exploit Author: Manpreet Singh Kheberi Date: December 13 2018 Download Link: https://www.zortam.com/download.html Vendor Homepage: https://www.zortam.com Teste...
Angry IP Scanner 3.5.3 - Denial of Service (PoC)
Angry IP Scanner 3.5.3 - Denial of Service PoC !/usr/bin/python -- coding: cp1252 -- Exploit Title: Angry IP Scanner 3.5.3 Denial of Service PoC Author: Fernando Cruz Date: 13/12/2018 Vendor Homepage: https://angryip.org Tested Version: 3.11 Tested on Windows 10 Pro, 64-bit Steps to Produce the...
Double Your Bitcoin Script Automatic - Authentication Bypass
Double Your Bitcoin Script Automatic - Authentication Bypass Exploit Title: Double Your Bitcoin Script Automatic 2018 for $50 - Authentication Bypass Date: 2018-12-08 Exploit Author: Veyselxan Vendor Homepage: https://codeclerks.com/php-programming/1007/Double-Your-Bitcoin-Script-Automatic-2018...
Cisco RV110W - Password Disclosure Command Execution
Cisco RV110W - Password Disclosure Command Execution !/usr/bin/env python2 Cisco RV110W Password Disclosure and OS Command Execute. Tested on version: 1.1.0.9 maybe useable on 1.2.0.9 and later. Exploit Title: Cisco RV110W Password Disclosure and OS Command Execute Date: 2018-08 Exploit Author:...
Linux - userfaultfd Bypasses tmpfs File Permissions
Linux - userfaultfd Bypasses tmpfs File Permissions Using the userfaultfd API, it is possible to first register a userfaultfd region for any VMA that fulfills vmacanuserfault: It must be an anonymous VMA -vmops==NULL, a hugetlb VMA VMHUGETLB, or a shmem VMA -vmops==shmemvmops. This means that it...
WebKit JIT - Int32Double Arrays can have Proxy Objects in the Prototype Chains
WebKit JIT - Int32Double Arrays can have Proxy Objects in the Prototype Chains didBecomePrototype; if structurevm-hasMonoProto DeferredStructureTransitionWatchpointFire deferredvm, structurevm; Structure newStructure = Structure::changePrototypeTransitionvm, structurevm, prototype, deferred;...
phpBB 3.2.3 - Remote Code Execution
phpBB 3.2.3 - Remote Code Execution // All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var pluploadsalt = ''; var formtoken = ''; var creationtime = ''; var filepath = 'phar://./../files/plupload/$saltaaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5'evil.zip' =...
ThinkPHP 5.0.235.1.31 - Remote Code Execution
ThinkPHP 5.0.235.1.31 - Remote Code Execution Exploit Title: ThinkPHP 5.x v5.0.23,v5.1.31 Remote Code Execution Date: 2018-12-11 Exploit Author: VulnSpy Vendor Homepage: https://thinkphp.cn Software Link: https://github.com/top-think/framework/ Version: v5.x below v5.0.23,v5.1.31 CVE: N/A Exploit...
DomainMOD 4.11.01 - Cross-Site Scripting
DomainMOD 4.11.01 - Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to v4.11.01 C...