41207 matches found
Tourism Website Blog - Remote Code Execution SQL Injection
Tourism Website Blog - Remote Code Execution SQL Injection Exploit Title: Tourism Website Blog - Remote Code Execution / SQL Injection Dork: N/A Date: 2018-12-06 Exploit Author: Ihsan Sencan Vendor Homepage:...
ZTE ZXHN H168N - Improper Access Restrictions
ZTE ZXHN H168N - Improper Access Restrictions POC: CVE-2018-7357 and CVE-2018-7358 Disclaimer: This POC is for Educational Purposes , I would Not be responsible for any misuse of the information mentioned in this blog post + Unauthenticated + Author: Usman Saeed usman at xc0re.net + Protocol: UPn...
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation
McAfee True Key - McAfee.TrueKey.Service Privilege Escalation McAfee True Key: Multiple Issues with McAfee.TrueKey.Service Implementation Platform: Version 5.1.173.1 on Windows 10 1809. Class: Elevation of Privilege Summary: There are multiple issues in the implementation of the...
Adobe ColdFusion 2018 - Arbitrary File Upload
Adobe ColdFusion 2018 - Arbitrary File Upload Exploit Title: Unrestricted file upload in Adobe ColdFusion 2018 Google Dork: ext:cfm Date: 10-12-2018 Exploit Author: Pete Freitag of Foundeo Reversed: Vahagn vah13 Vardanian Vendor Homepage: adobe.com Version: 2018 Tested on: Adobe ColdFusion 2018 C...
Apache OFBiz 16.11.05 - Cross-Site Scripting
Apache OFBiz 16.11.05 - Cross-Site Scripting Exploit Title: Apache OFBiz v16.11.05 - Stored Cross-Site Scripting Vulnerability Google Dork: N/A Date: 09 - December - 2018 Exploit Author: DKM Vendor Homepage: https://ofbiz.apache.org/ Software Link:...
GNU inetutils 1.9.4 - telnet.c Multiple Overflows (PoC)
GNU inetutils 1.9.4 - telnet.c Multiple Overflows PoC GNU inetutils = 1.9.4 telnet.c multiple overflows ================================================== GNU inetutils is vulnerable to a stack overflow vulnerability in the client-side environment variable handling which can be exploited to escap...
HotelDruid 2.3.0 - id_utente_mod SQL Injection
HotelDruid 2.3.0 - idutentemod SQL Injection Exploit Title: SQL Injection in HotelDruid version 2.3 Google Dork: N/A Date: 9-12-2018 Exploit Author: Sainadh Jamalpur Vendor Homepage: http://www.hoteldruid.com Software Link: https://sourceforge.net/projects/hoteldruid/ Version: 2.3 REQUIRED Tested...
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection
XNU - POSIX Shared Memory Mappings have Incorrect Maximum Protection When the mmap syscall is invoked on a POSIX shared memory segment DTYPEPSXSHM, pshmmmap maps the shared memory segment's pages into the address space of the calling process. It does this with the following code: int prot =...
PrestaShop 1.6.x1.7.x - Remote Code Execution
PrestaShop 1.6.x1.7.x - Remote Code Execution ?php / PrestaShop 1.6.x = 1.6.1.23 & 1.7.x = 1.7.4.4 - Back Office Remote Code Execution See https://github.com/farisv/PrestaShop-CVE-2018-19126 for explanation. Chaining multiple vulnerabilities to trigger deserialization via phar. Date: December 1st...
TP-Link wireless router Archer C1200 - Cross-Site Scripting
TP-Link wireless router Archer C1200 - Cross-Site Scripting + Unauthenticated + Author: Usman Saeed usman at xc0re.net + Affected Version: Firmware version: 1.13 Build 2018/01/24 rel.52299 EU · Impact: Client side attacks are very common and are the source of maximum number of user compromises...
SmartFTP Client 9.0.2623.0 - Denial of Service (PoC)
SmartFTP Client 9.0.2623.0 - Denial of Service PoC -- coding: utf-8 -- Exploit Title: SmartFTP 9.0 Build 2623 - Denial of Service PoC Date: 06/12/2018 Exploit Author: Alejandra Sánchez Vendor Homepage: https://www.smartftp.com/en-us/ Software Link: https://www.smartftp.com/get/SFTPMSI64.exe...
Alumni Tracer SMS Notification - SQL Injection Cross-Site Request Forgery
Alumni Tracer SMS Notification - SQL Injection Cross-Site Request Forgery Exploit Title: Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery Add/Update Admin Dork: N/A Date: 2018-12-06 Exploit Author: Ihsan Sencan Vendor Homepage:...
LanSpy 2.0.1.159 - Local Buffer Overflow (PoC)
LanSpy 2.0.1.159 - Local Buffer Overflow PoC Exploit Title: LanSpy 2.0.1.159 - Local BoF PoC Author: Gionathan "John" Reale Discovey Date: 2018-12-07 Homepage: https://lizardsystems.com Software Link: https://lizardsystems.com/download/lanspysetup.exe Tested Version: 2.0.1.159 Tested on OS: Windo...
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion
PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion Exploit Author: bzyo CVE: CVE-2018-19936 Twitter: @bzyo Exploit Title: PrinterOn Enterprise 4.1.4 - Arbitrary File Deletion Date: 12-07-18 Vulnerable Software: PrinterOn Enterprise 4.1.4 Vendor Homepage: https://www.printeron.com/ Version: 4.1....
Huawei B315s-22 - Information Leak
Huawei B315s-22 - Information Leak Product Family: LTE Model B315s – 22 Firmware version: 21.318.01.00.26 Author: Usman Saeed usman at xc0re.net 1. Unauthenticated access to sensitive files: It was observed that the web application running on the router, allows unauthenticated access to sensitive...
WordPress Plugin AutoSuggest 0.24 - wpas_keys SQL Injection
WordPress Plugin AutoSuggest 0.24 - wpaskeys SQL Injection Exploit Title: WP AutoSuggest 0.24 - SQL Injection Date: 01-12-2018 Software Link: https://wordpress.org/plugins/wp-autosuggest/ Exploit Author: Kaimi Website: https://kaimi.io Version: 0.24 Category: webapps SQL Injection File:...
Kubernetes - (Unauthenticated) Arbitrary Requests
Kubernetes - Unauthenticated Arbitrary Requests !/usr/bin/env python3 import argparse from ssl import wrapsocket from json import loads, dumps from socket import createconnection def requeststage1base, version, target: stage1 = "" with open'ustage1', 'r' as stage1fd: stage1 = stage1fd.read return...
Kubernetes - (Authenticated) Arbitrary Requests
Kubernetes - Authenticated Arbitrary Requests !/usr/bin/env python3 import argparse from ssl import wrapsocket from socket import createconnection from secrets import base64, tokenbytes def requeststage1namespace, pod, method, target, token: stage1 = "" with open'stage1', 'r' as stage1fd: stage1 ...
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting
Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting Exploit Title: Adiscon LogAnalyzer 4.1.7 - Cross-Site Scripting Date: 2018-12-05 Software Link: httpås://loganalyzer.adiscon.com/ https://github.com/rsyslog/loganalyzer Exploit Author: Gustavo Sorondo Contact: http://twitter.com/iampuky Website:...
Textpad 8.1.2 - Denial Of Service (PoC)
Textpad 8.1.2 - Denial Of Service PoC Exploit Title: Textpad 8.1.2 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-12-06 Homepage: https://textpad.com Software Link: https://www.textpad.com/download/v81/win32/txpeng812-32.zip Tested Version: 8.1.2 Tested on OS: Windows ...
i-doit CMDB 1.11.2 - Remote Code Execution
i-doit CMDB 1.11.2 - Remote Code Execution Exploit Title: i-doit CMDB 1.11.2 - Remote Code Execution Date: 2018-12-05 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.i-doit.org/ Software Link: https://www.i-doit.org/i-doit-open-1-11-2/ Versio...
DomainMOD 4.11.01 - DisplayName Cross-Site Scripting
DomainMOD 4.11.01 - DisplayName Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version: v4.09.03 t...
HasanMWB 1.0 - SQL Injection
HasanMWB 1.0 - SQL Injection Exploit Title: HasanMWB 1.0 - SQL Injection Dork: N/A Date: 2018-12-05 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/hasanmwb/ Software Link: https://netcologne.dl.sourceforge.net/project/hasanmwb/HasanMWB-v1.zip Version: 1.0 Category:...
Wireshark - cdma2k_message_ACTIVE_SET_RECORD_FIELDS Stack Corruption
Wireshark - cdma2kmessageACTIVESETRECORDFIELDS Stack Corruption The following crash due to a stack-based out-of-bounds memory access can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": Attached are three files...
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom Domain Fields Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version:...
Wireshark - find_signature Heap Out-of-Bounds Read
Wireshark - findsignature Heap Out-of-Bounds Read The following crash due to a heap-based out-of-bounds read can be observed in an ASAN build of Wireshark current git master, by feeding a malformed file to tshark "$ ./tshark -nVxr /path/to/file": --- cut --- ==35788==ERROR: AddressSanitizer:...
Microsoft Lync for Mac 2011 - Injection Forced BrowsingDownload
Microsoft Lync for Mac 2011 - Injection Forced BrowsingDownload Exploit Title: Microsoft Lync for Mac 2011 Injection Forced Browsing/Download Author: @nyxgeek - TrustedSec Date: 2018-03-20 Vendor Homepage: microsoft.com Software Link: https://www.microsoft.com/en-us/download/details.aspx?id=36517...
KeyBase Botnet 1.5 - SQL Injection
KeyBase Botnet 1.5 - SQL Injection Exploit Title: KeyBase Botnet v1.5 - SQL Injection Vulnerability Google Dork: intitle:"KeyBase: Login" + intext:" Login to get access to your logs " Date: 3/12/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: unkn0wn Version: v1.5 Tested on:...
Dolibarr ERPCRM 8.0.3 - Cross-Site Scripting
Dolibarr ERPCRM 8.0.3 - Cross-Site Scripting Exploit Title: Dolibarr ERP/CRM = 8.0.3 - Cross-Site Scripting CVE: CVE-2018-19799 Date: 2018-11-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://dolibarr.org Software Link:...
Xorg X11 Server (AIX) - Local Privilege Escalation
Xorg X11 Server AIX - Local Privilege Escalation Exploit Title: AIX Xorg X11 Server - Local Privilege Escalation Date: 29/11/2018 Exploit Author: @0xdono Original Discovery and Exploit: Narendra Shinde Vendor Homepage: https://www.x.org/ Platform: AIX Version: X Window System Version 7.1.1 Filese...
NUUO NVRMini2 3.9.1 - (Authenticated) Command Injection
NUUO NVRMini2 3.9.1 - Authenticated Command Injection Exploit Title: NUUO NVRMini2 Authenticated Command Injection Date: December 3, 2018 Exploit Author: Artem Metla Vendor Homepage: https://www.nuuo.com/ProductNode.php?node=2 Version: 3.9.1 Tested on: NUUO NVRMini2 with firmware 3.9.1 CVE :...
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting
DomainMOD 4.11.01 - Owner name Field Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/domainmod/domainmod Version:...
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting
DomainMOD 4.11.01 - Custom SSL Fields Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version:...
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Authentication Bypass Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Incorrect Access Control Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/...
DomainMOD 4.11.01 - Registrar Cross-Site Scripting
DomainMOD 4.11.01 - Registrar Cross-Site Scripting Exploit Title: DomainMOD 4.11.01 - Cross-Site Scripting Date: 2018-11-22 Exploit Author: Mohammed Abdul Raheem Vendor Homepage: domainmod https://domainmod.org/ Software Link: domainmod https://github.com/DomainMod/DomainMod Version: v4.09.03 to...
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID Clear Text Password Storage
NEC Univerge Sv9100 WebPro - 6.00 - Predictable Session ID Clear Text Password Storage ''' + Credits: hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NEC-UNIVERGE-WEBPRO-v6.00-PREDICTABLE-SESSIONID-CLEARTEXT-PASSWORDS.txt + ISR: ApparitionSec...
FreshRSS 1.11.1 - Cross-Site Scripting
FreshRSS 1.11.1 - Cross-Site Scripting Multiple Cross-Site Scripting Vulnerabilities in FreshRSS 1.11.1 Information -------------------- Advisory by Netsparker Name: Multiple Cross-Site Scripting Vulnerabilities in FreshRSS Affected Software: FreshRSS Affected Versions: 1.11.1 Homepage:...
OpenSSH 7.7 - User Enumeration (2)
OpenSSH 7.7 - User Enumeration 2 !/usr/bin/env python2 CVE-2018-15473 SSH User Enumeration by Leap Security @LeapSecurity https://leapsecurity.io Credits: Matthew Daley, Justin Gardner, Lee David Painter import argparse, logging, paramiko, socket, sys, os class InvalidUsernameException: pass...
Mozilla Firefox 63.0.1 - Denial of Service (PoC)
Mozilla Firefox 63.0.1 - Denial of Service PoC Exploit Title: Mozilla Firefox 63.0.1 - Denial of Service PoC Date: 2018-11-29 Exploit Author: SAIKUMAR CHEBROLU Vendor Homepage: https://www.mozilla.org/en-US/firefox/new/ Bugzilla report: https://bugzilla.mozilla.org/showbug.cgi?id=1504512 Version:...
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution
Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Exploit Title: Fleetco Fleet Maintenance Management 1.2 - Remote Code Execution Date: 2018-11-23 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.fleetco.space Software Link:...
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Title: PHP Server Monitor 3.3.1 - Cross-Site Request Forgery Exploit Author: Javier Olmedo Website: https://www.sidertia.com Date: 2018-11-28 Google Dork: N/A Vendor: https://www.phpservermonitor.org/ Software Link:...
Joomla! Component JE Photo Gallery 1.1 - categoryid SQL Injection
Joomla! Component JE Photo Gallery 1.1 - categoryid SQL Injection Exploit Title: Joomla! Component JE Photo Gallery 1.1 - SQL Injection Dork: N/A Date: 2018-11-26 Exploit Author: Ihsan Sencan Vendor Homepage: https://joomlaextensions.co.in Software Link:...
CyberArk 9.7 - Memory Disclosure
CyberArk 9.7 - Memory Disclosure Exploit Title: CyberArk 9.7 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk @Freakazoidile Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 200...
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Exploit Title: Rockwell Automation Allen-Bradley PowerMonitor 1000 - Cross-Site Scripting Date: 2018-11-27 Exploit Author: Luca.Chiou Vendor Homepage: https://www.rockwellautomation.com/ Version: 1408-EM3A-ENT B Tested on:...
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure
PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Exploit Title: PaloAlto Networks Expedition Migration Tool 1.0.106 - Information Disclosure Date: 2018-11-28 Exploit Author: paragonsec @ Critical Start Vendor Homepage:...
Apache Superset 0.23 - Remote Code Execution
Apache Superset 0.23 - Remote Code Execution Exploit Title: Apache Superset ' sys.exit else: Script arguments supersetIP = sys.argv1 supersetPort = sys.argv2 Verify these URLs match your environment loginURL = 'http://' + supersetIP + ':' + supersetPort + '/login/' uploadURL = 'http://' +...
Budabot 4.0 - Denial of Service (PoC)
Budabot 4.0 - Denial of Service PoC Exploit Title: Budabot 4.0 - Denial of Service PoC Date: 2018-10-15 Exploit Author: Ryan Delaney Author Contact: [email protected] Vendor Homepage: http://budabot.com/ Software Link: http://budabot.com/forum/viewtopic.php?f=8&t=1413 Version: 0.6 - 4.0 Test...
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting Exploit Title: Wordpress Plugins Advanced-custom-fields 5.7.7 - Cross-Site Scripting Google Dork: N/A Date: 2018-12-02 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.advancedcustomfields.com/ Software Link:...
Synaccess netBooter NP-02xNP-08x 6.8 - Authentication Bypass
Synaccess netBooter NP-02xNP-08x 6.8 - Authentication Bypass Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver...
VBScript - rtFilter Out-of-Bounds Read
VBScript - rtFilter Out-of-Bounds Read On Error Resume Next Class class1 Public Default Property Get x ReDim arr1 End Property End Class set c = new class1 arr = Array"b", "b", "a", "a", c Call Filterarr, "a" !-- ===============================================================================...