DVD Photo Slideshow Professional 8.07 - Name Buffer Overflow

DVD Photo Slideshow Professional 8.07 - Name Buffer Overflow Exploit Title: DVD Photo Slideshow Professional 8.07 - 'Name' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-10 Vendor Homepage : http://www.picture-on-tv.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps t...

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting

Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Exploit Title: Vanilla Forums 2.6.3 - Persistent Cross-Site Scripting Google Dork: N/A Date: 2020-02-10 Exploit Author: Sayak Naskar Vendor Homepage: https://vanillaforums.com/en/ Version: 2.6.3 Tested on: Windows, Linux CVE : CVE-2020-8825 A...

FreeSSHd 1.3.1 - FreeSSHDService Unquoted Service Path

FreeSSHd 1.3.1 - FreeSSHDService Unquoted Service Path Exploit Title: FreeSSHd 1.3.1 - 'FreeSSHDService' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeSSHd.exe Version: 1.3.1 Tested On: Windows 10...

Wedding Slideshow Studio 1.36 - Name Buffer Overflow

Wedding Slideshow Studio 1.36 - Name Buffer Overflow Exploit Title: Wedding Slideshow Studio 1.36 - 'Name' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-10 Vendor Homepage : http://www.wedding-slideshow-studio.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to...

CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting

CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Exploit Title: CHIYU BF430 TCP IP Converter - Stored Cross-Site Scripting Google Dork: In Shodan search engine, the filter is "CHIYU" Date: 2020-02-11 Exploit Author: Luca.Chiou Vendor Homepage: https://www.chiyu-t.com.tw/en/ Version: BF4...

freeFTPd v1.0.13 - freeFTPdService Unquoted Service Path

freeFTPd v1.0.13 - freeFTPdService Unquoted Service Path Exploit Title: freeFTPd v1.0.13 - 'freeFTPdService' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.freesshd.com Software Link: http://www.freesshd.com/freeFTPd.exe Version: 1.0.13 Tested On: Windows ...

Disk Savvy Enterprise 12.3.18 - Unquoted Service Path

Disk Savvy Enterprise 12.3.18 - Unquoted Service Path Exploit Title: Disk Savvy Enterprise 12.3.18 - Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.disksavvy.com Software Link: http://www.disksavvy.com/setups/disksavvyentsetupv12.3.18.exe Version: 12.3.18...

Disk Sorter Enterprise 12.4.16 - Disk Sorter Enterprise Unquoted Service Path

Disk Sorter Enterprise 12.4.16 - Disk Sorter Enterprise Unquoted Service Path Exploit Title: Disk Sorter Enterprise 12.4.16 - 'Disk Sorter Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.disksorter.com Software Link:...

Torrent iPod Video Converter 1.51 - Stack Overflow

Torrent iPod Video Converter 1.51 - Stack Overflow Exploit Title: Torrent iPod Video Converter 1.51 - Stack Overflow Exploit Author: boku Date: 2020-02-10 Software Vendor: torrentrockyou Vendor Homepage: http://www.torrentrockyou.com Software Link:...

OpenSMTPD 6.4.0 6.6.1 - Local Privilege Escalation + Remote Code Execution

OpenSMTPD 6.4.0 6.6.1 - Local Privilege Escalation + Remote Code Execution Exploit Title: OpenSMTPD 6.6.1 - Local Privilege Escalation Date: 2020-02-02 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.opensmtpd.org/ Version: OpenSMTPD 6.4.0 - 6.6.1 Tested on: OpenBSD 6.6, Debian GNU/Linu...

DVD Photo Slideshow Professional 8.07 - Key Buffer Overflow

DVD Photo Slideshow Professional 8.07 - Key Buffer Overflow Exploit Title: DVD Photo Slideshow Professional 8.07 - 'Key' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-10 Vendor Homepage : http://www.picture-on-tv.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to...

Sync Breeze Enterprise 12.4.18 - Sync Breeze Enterprise Unquoted Service Path

Sync Breeze Enterprise 12.4.18 - Sync Breeze Enterprise Unquoted Service Path Exploit Title: Sync Breeze Enterprise 12.4.18 - 'Sync Breeze Enterprise' Unquoted Service Path Exploit Author: boku Date: 2020-02-10 Vendor Homepage: http://www.syncbreeze.com Software Link:...

Dota 2 7.23f - Denial of Service (PoC)

Dota 2 7.23f - Denial of Service PoC Exploit Title: Dota 2 7.23f - Denial of Service PoC Google Dork: N/A Date: 2020-02-05 Exploit Author: Bogdan Kurinnoy [email protected] bi7s Vendor Homepage: https://www.valvesoftware.com/en/ Software Link: N/A Version: 7.23f Tested on: Windows 10 x64 CVE :...

Wedding Slideshow Studio 1.36 - Key Buffer Overflow

Wedding Slideshow Studio 1.36 - Key Buffer Overflow Exploit Title: Wedding Slideshow Studio 1.36 - 'Key' Buffer Overflow Exploit Author : ZwX Exploit Date: 2020-02-09 Vendor Homepage : http://www.wedding-slideshow-studio.com/ Tested on OS: Windows 10 v1803 Social: twitter.com/ZwX2a Steps to...

iOSmacOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand()

iOSmacOS - Out-of-Bounds Timestamp Write in IOAccelCommandQueue2::processSegmentKernelCommand While investigating possible shared memory issues in AGXCommandQueue::processSegmentKernelCommand, I noticed that the size checks used to parse the IOAccelKernelCommand in...

LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting

LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Exploit Title: LearnDash WordPress LMS Plugin 3.1.2 - Reflective Cross-Site Scripting Date: 2020-01-14 Vendor Homepage: https://www.learndash.com Vendor Changelog: https://learndash.releasenotes.io/release/uCskc-version-312...

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting

Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Title: Forcepoint WebSecurity 8.5 - Reflective Cross-Site Scripting Exploit Author: Prasenjit Kanti Paul Vendor Homepage: https://www.forcepoint.com/ Software Link: https://www.forcepoint.com/product/cloud-security/web-security...

usersctp - Out-of-Bounds Reads in sctp_load_addresses_from_init

usersctp - Out-of-Bounds Reads in sctploadaddressesfrominit ''' usersctp is SCTP library used by a variety of software including WebRTC. There is a vulnerability in the sctploadaddressesfrominit function of usersctp that can lead to a number of out-of-bound reads. The input to...

EyesOfNetwork 5.3 - Remote Code Execution

EyesOfNetwork 5.3 - Remote Code Execution Exploit Title: EyesOfNetwork 5.3 - Remote Code Execution Date: 2020-02-01 Exploit Author: Clément Billac Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 CVE :...

Google Invisible RECAPTCHA 3 - Spoof Bypass

Google Invisible RECAPTCHA 3 - Spoof Bypass Exploit Title: Google Invisible RECAPTCHA 3 - Spoof Bypass Date: 2020-02-07 Vendor Homepage: https://developers.google.com/recaptcha/docs/invisible Exploit Git Repo: https://github.com/matamorphosis/Browser-Exploits/tree/master/RECAPTCHABypass Exploit...

QuickDate 1.3.2 - SQL Injection

QuickDate 1.3.2 - SQL Injection Exploit Title: QuickDate 1.3.2 - SQL Injection Dork: N/A Date: 2020-02-07 Exploit Author: Ihsan Sencan Vendor Homepage: https://quickdatescript.com/ Version: 1.3.2 Tested on: Linux CVE: N/A POC: 1 POST /findmatches HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0...

PackWeb Formap E-learning 1.0 - NumCours SQL Injection

PackWeb Formap E-learning 1.0 - NumCours SQL Injection Exploit Title: PackWeb Formap E-learning 1.0 - 'NumCours' SQL Injection Google Dork: intitle: "PackWeb Formap E-learning" Date: 2020-02-07 Exploit Author: Amel BOUZIANE-LEBLOND Vendor Homepage: https://www.ediser.com/ Software Link:...

ExpertGPS 6.38 - XML External Entity Injection

ExpertGPS 6.38 - XML External Entity Injection + Exploit Title: ExpertGPS 6.38 - XML External Entity Injection + Date: 2019-12-07 + Exploit Author: Trent Gordon + Vendor Homepage: https://www.topografix.com/ + Software Link: http://download.expertgps.com/SetupExpertGPS.exe + Disclosed at: 7FEB202...

TapinRadio 2.12.3 - address Denial of Service (PoC)

TapinRadio 2.12.3 - address Denial of Service PoC Exploit Title: TapinRadio 2.12.3 - 'address' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link :...

Online Job Portal 1.0 - user_email SQL Injection

Online Job Portal 1.0 - useremail SQL Injection Exploit Title: Online Job Portal 1.0 - 'useremail' SQL Injection Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

AbsoluteTelnet 11.12 - license name Denial of Service (PoC)

AbsoluteTelnet 11.12 - license name Denial of Service PoC Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link :...

AbsoluteTelnet 11.12 - SSH2username Denial of Service (PoC)

AbsoluteTelnet 11.12 - SSH2username Denial of Service PoC Exploit Title: AbsoluteTelnet 11.12 - 'SSH2/username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link :...

Cisco Data Center Network Manager 11.2 - Remote Code Execution

Cisco Data Center Network Manager 11.2 - Remote Code Execution !/usr/bin/python """ Cisco Data Center Network Manager SanWS importTS Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date: 18-Jun-2019 -...

Sudo 1.8.25p - pwfeedback Buffer Overflow

Sudo 1.8.25p - pwfeedback Buffer Overflow !/bin/bash We will need socat to run this. if ! -f socat ; then wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x8664/socat chmod +x socat fi cat xpl.pl $bufsz = 256; $askpasssz = 32; $signosz = 465; $tgetpassflag =...

TapinRadio 2.12.3 - username Denial of Service (PoC)

TapinRadio 2.12.3 - username Denial of Service PoC Exploit Title: TapinRadio 2.12.3 - 'username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link :...

RarmaRadio 2.72.4 - server Denial of Service (PoC)

RarmaRadio 2.72.4 - server Denial of Service PoC Exploit Title: RarmaRadio 2.72.4 - 'server' Denial of Service PoC Discovery by: chuyreds Discovery Date: 05-02-2020 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/rarmaradiosetup.exe...

VIM 8.2 - Denial of Service (PoC)

VIM 8.2 - Denial of Service PoC Exploit Title: VIM 8.2 - Denial of Service PoC Date: 2019-12-17 Vulnerability: DoS Vulnerability Discovery: Dhiraj Mishra Vulnerable Version: VIM - Vi IMproved 8.2 Included patches: 1-131 Vendor Homepage: https://www.vim.org/ References:...

Cisco Data Center Network Manager 11.2.1 - getVmHostData SQL Injection

Cisco Data Center Network Manager 11.2.1 - getVmHostData SQL Injection !/usr/bin/python """ Cisco Data Center Network Manager HostEnclHandler getVmHostData SQL Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 Installer for Windows 64-bit - Release: 11.21 - Release Date:...

Online Job Portal 1.0 - Cross Site Request Forgery (Add User)

Online Job Portal 1.0 - Cross Site Request Forgery Add User Exploit Title: Online Job Portal 1.0 - Cross Site Request Forgery Add User Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

AbsoluteTelnet 11.12 - _license name_ Denial of Service (PoC)

AbsoluteTelnet 11.12 - license name Denial of Service PoC Exploit Title: AbsoluteTelnet 11.12 - "license name" Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: https://www.celestialsoftware.net/ Software Link :...

Cisco Data Center Network Manager 11.2.1 - LanFabricImpl Command Injection

Cisco Data Center Network Manager 11.2.1 - LanFabricImpl Command Injection !/usr/bin/python """ Cisco Data Center Network Manager LanFabricImpl createLanFabric Command Injection Remote Code Execution Vulnerability Tested on: Cisco DCNM 11.2.1 ISO Virtual Appliance for VMWare, KVM and Bare-metal...

ELAN Smart-Pad 11.10.15.1 - ETDService Unquoted Service Path

ELAN Smart-Pad 11.10.15.1 - ETDService Unquoted Service Path Exploit Title: ELAN Smart-Pad 11.10.15.1 - 'ETDService' Unquoted Service Path Exploit Author : ZwX Exploit Date: 2020-02-05 Vendor : ELAN Microelectronics Vendor Homepage : http://www.emc.com.tw/ Tested on OS: Windows 10 v1803 Analyze P...

Ecommerce Systempay 1.0 - Production KEY Brute Force

Ecommerce Systempay 1.0 - Production KEY Brute Force Exploit Title: Ecommerce Systempay 1.0 - Production KEY Brute Force Author: live3 Date: 2020-02-05 Vendor Homepage: https://paiement.systempay.fr/doc/fr-FR/ Software Link: https://paiement.systempay.fr/doc/fr-FR/module-de-paiement-gratuit/ Test...

Online Job Portal 1.0 - Remote Code Execution

Online Job Portal 1.0 - Remote Code Execution Exploit Title: Online Job Portal 1.0 - Remote Code Execution Dork: N/A Date: 2020-02-06 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/13850/online-job-portal-phppdo.html Software Link:...

RarmaRadio 2.72.4 - username Denial of Service (PoC)

RarmaRadio 2.72.4 - username Denial of Service PoC Exploit Title: RarmaRadio 2.72.4 - 'username' Denial of Service PoC Discovery by: chuyreds Discovery Date: 2020-02-05 Vendor Homepage: http://www.raimersoft.com/rarmaradio.html Software Link : http://www.raimersoft.com/downloads/rarmaradiosetup.e...

Socat 1.7.3.4 - Heap-Based Overflow (PoC)

Socat 1.7.3.4 - Heap-Based Overflow PoC Exploit Title: Socat 1.7.3.4 - Heap Based Overflow PoC Date: 2020-02-03 Exploit Author: hieubl from HPT Cyber Security Vendor Homepage: http://www.dest-unreach.org/ Software Link: http://www.dest-unreach.org/socat/ Version: 1.7.3.4 Tested on: Ubuntu 16.04.6...

AVideo Platform 8.1 - Cross Site Request Forgery (Password Reset)

AVideo Platform 8.1 - Cross Site Request Forgery Password Reset Exploit Title: AVideo Platform 8.1 - Cross Site Request Forgery Password Reset Dork: N/A Date: 2020-02-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1...

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)

Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/...

HiSilicon DVRNVR hi3520d firmware - Remote Backdoor Account

HiSilicon DVRNVR hi3520d firmware - Remote Backdoor Account Exploit Title: HiSilicon DVR/NVR hi3520d firmware - Remote Backdoor Account Dork: N/A Date: 2020-02-03 Exploit Author: Snawoot Vendor Homepage: http://www.hisilicon.com Product Link: http://www.hisilicon.com/en/Products Version: hi3520d...

xglance-bin 11.00 - Privilege Escalation

xglance-bin 11.00 - Privilege Escalation Exploit Title: xglance-bin 11.00 - Privilege Escalation Exploit Author: Robert Jaroszuk and Marco Ortisi RedTimmy Security Date: 2020-02-01 Tested on: RHEL 5.x/6.x/7.x/8.x CVE: CVE-2014-2630 Disclamer: This exploit is for educational purpose only More...

Wago PFC200 - Authenticated Remote Code Execution (Metasploit)

Wago PFC200 - Authenticated Remote Code Execution Metasploit Exploit Title: Wago PFC200 - Authenticated Remote Code Execution Metasploit Date: 2020-02-05 Exploit Author: Nico Jansen 0x483d Vendor Homepage: https://www.wago.com/ Version: 'Wago PFC200 authenticated remote code execution',...

AVideo Platform 8.1 - Information Disclosure (User Enumeration)

AVideo Platform 8.1 - Information Disclosure User Enumeration Exploit Title: AVideo Platform 8.1 - Information Disclosure User Enumeration Dork: N/A Date: 2020-02-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://avideo.com Software Link: https://github.com/WWBN/AVideo Version: 8.1 Tested...

Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation

Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Exploit Title: Kronos WebTA 4.0 - Authenticated Remote Privilege Escalation Discovered by: Elwood Buck & Nolan B. Kennedy of Mindpoint Group Exploit Author: Nolan B. Kennedy nxkennedy Discovery date: 2019-09-20 Vendor Homepage:...

Centreon 19.10.5 - Pollers Remote Command Execution (Metasploit)

Centreon 19.10.5 - Pollers Remote Command Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Centreon Poller Authenticated Remote Command Execution', 'Description' = %q TODO ,...

F-Secure Internet Gatekeeper 5.40 - Heap Overflow (PoC)

F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Title: F-Secure Internet Gatekeeper 5.40 - Heap Overflow PoC Date: 2020-01-30 Author: Kevin Joensen Vendor: F-Secure Software: https://www.f-secure.com/en/business/downloads/internet-gatekeeper CVE: N/A Reference:...