TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery (Configuration File Disclosure)

TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Exploit Title: TP-Link Archer C50 Wireless Router 171227 - Cross-Site Request Forgery Configuration File Disclosure Date: 2018-11-07 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com...

The Don 1.0.1 - login SQL Injection

The Don 1.0.1 - login SQL Injection Exploit Title: The Don 1.0.1 - 'login' SQL Injection Dork: N/A Date: 2018-11-11 Exploit Author: Ihsan Sencan Vendor Homepage: https://thedon.sourceforge.io/ Software Link: https://netix.dl.sourceforge.net/project/thedon/thedon-1.0b.rar Version: 1.0.1 Category:...

GPS Tracking System 2.12 - username SQL Injection

GPS Tracking System 2.12 - username SQL Injection Exploit Title: GPS Tracking System 2.12 - 'username' SQL Injection Dork: N/A Date: 2018-11-10 Exploit Author: Ihsan Sencan Vendor Homepage: https://sourceforge.net/projects/gpstracking/ Software Link:...

Microsoft Windows 10 (Build 17134) - Local Privilege Escalation (UAC Bypass)

Microsoft Windows 10 Build 17134 - Local Privilege Escalation UAC Bypass include "stdafx.h" include include "resource.h" void DropResourceconst wchart rsrcName, const wchart filePath HMODULE hMod = GetModuleHandleNULL; HRSRC res = FindResourcehMod, MAKEINTRESOURCEIDRDATA1, rsrcName; DWORD dllSize...

PlayJoom 0.10.1 - catid SQL Injection

PlayJoom 0.10.1 - catid SQL Injection Exploit Title: PlayJoom 0.10.1 - 'catid' SQL Injection Dork: N/A Date: 2018-11-07 Exploit Author: Ihsan Sencan Vendor Homepage: http://playjoom.telgo.info/ Software Link:...

OpenSLP 2.0.0 - Multiple Vulnerabilities

OpenSLP 2.0.0 - Multiple Vulnerabilities / | | | / / | . | . | -| | -| | . | ||/ || |||||| | || || 2018-11-07 MORE BUGS IN OPENSLP-2.0.0 ========================== I discovered some bugs in openslp-2.0.0 back in January, 2018. One of them I disclosed in June...

OpenBiz Cubi Lite 3.0.8 - username SQL Injection

OpenBiz Cubi Lite 3.0.8 - username SQL Injection Exploit Title: OpenBiz Cubi Lite 3.0.8 - 'username' SQL Injection Date: 2018-11-05 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://sourceforge.net/projects/bigchef/ Software Link:...

LibreHealth 2.0.0 - (Authenticated) Arbitrary File Actions

LibreHealth 2.0.0 - Authenticated Arbitrary File Actions Exploit Title: LibreHealth 2.0.0 - Arbitrary File Actions Date: 2018-10-19 Exploit Author: Carlos Avila Vendor Homepage: https://librehealth.io/ Software Link: https://github.com/LibreHealthIO/lh-ehr Version: 2.0.0 Tested on: Debian LAMP,...

Blue Server 1.1 - Denial of Service (PoC)

Blue Server 1.1 - Denial of Service PoC Exploit Title: Blue Server 1.1 - Denial of Service PoC Dork: N/A Date: 2018-11-02 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mafiatic.org/ Software Link: https://master.dl.sourceforge.net/project/blueserver/Blue-Server-1.1.exe Version: 1.1...

FaceTime - RTP Video Processing Heap Corruption

FaceTime - RTP Video Processing Heap Corruption There is a memory corruption issue when processing a malformed RTP video stream in FaceTime that leads to a kernel panic due to a corrupted heap cookie or data abort. This bug can be reached if a user accepts a call from a malicious caller. This iss...

OOP CMS BLOG 1.0 - Cross-Site Request Forgery (Add Admin)

OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: OOP CMS BLOG 1.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link:...

Grocery crud 1.6.1 - search_field SQL Injection

Grocery crud 1.6.1 - searchfield SQL Injection Exploit Title: Grocery crud 1.6.1 - 'searchfield' SQL Injection Google Dork: n/a Date: 2018-11-05 Exploit Author: Loading Kura Kura Vendor Homepage: https://www.grocerycrud.com/ Software Link: https://www.grocerycrud.com/downloads Version: 1.6.1 Test...

OOP CMS BLOG 1.0 - search SQL Injection

OOP CMS BLOG 1.0 - search SQL Injection Exploit Title: OOP CMS BLOG 1.0 - 'search' SQL Injection Dork: N/A Date: 2018-11-06 Exploit Author: Ihsan Sencan Vendor Homepage: http://zsoft.com.bd/ Software Link: https://datapacket.dl.sourceforge.net/project/php-oop-cms-blog/blogforup.zip Version: 1.0...

eToolz 3.4.8.0 - Denial of Service (PoC)

eToolz 3.4.8.0 - Denial of Service PoC Exploit Title: eToolz 3.4.8.0 - Denial of Service PoC Dork: N/A Date: 2018-11-03 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.gaijin.at Software Link: https://www.gaijin.at/de/software/etoolz Version: 3.4.8.0 Category: Dos Tested on:...

VSAXESS V2.6.2.70 build20171226_053 - organization Denial of Service (PoC)

VSAXESS V2.6.2.70 build20171226053 - organization Denial of Service PoC Exploit Title: VSAXESS V2.6.2.70 build20171226053 - 'organization' Denial of Service PoC Discovery by: Diego Santamaria Discovery Date: 2018-11-05 Vendor Homepage: https:https://www.visionistech.com/en/home/ Software Link:...

libiec61850 1.3 - Stack Based Buffer Overflow

libiec61850 1.3 - Stack Based Buffer Overflow Exploit Title: libiec61850 1.3 - Stack Based Buffer Overflow Date: 2018-11-06 Exploit Author: Dhiraj Mishra Vendor Homepage: http://libiec61850.com/libiec61850/ Software Link: https://github.com/mz-automation/libiec61850 Version: 1.3 Tested on: Linux...

FaceTime - VCPDecompressionDecodeFrame Memory Corruption

FaceTime - VCPDecompressionDecodeFrame Memory Corruption There is a heap corruption vulnerability in VCPDecompressionDecodeFrame which is called by FaceTime. This bug can be reached if a user accepts a call from a malicious peer. The issue can be reproduced using the attached sequence of RTP...

FaceTime - readSPSandGetDecoderParams Stack Corruption

FaceTime - readSPSandGetDecoderParams Stack Corruption There are a variety of problems that occur when processing malformed H264 streams in readSPSandGetDecoderParams, leading to OOB read, OOB write and stackchk crashes. I think the root cause is stack corruption. This issue can occur if someone...

CMS Made Simple 2.2.7 - (Authenticated) Remote Code Execution

CMS Made Simple 2.2.7 - Authenticated Remote Code Execution Exploit Title: CMS Made Simple 2.2.7 - Remote Code Execution Date: 2018-11-04 Exploit Author: Lucian Ioan Nitescu Contact: https://twitter.com/LucianNitescu Webiste: https://nitesculucian.github.io Vendor Homepage:...

Arm Whois 3.11 - Buffer Overflow (SEH)

Arm Whois 3.11 - Buffer Overflow SEH...

Microsoft Internet Explorer 11 - Null Pointer Dereference

Microsoft Internet Explorer 11 - Null Pointer Dereference Exloit Title: Microsoft Internet Explorer 11 - Null Pointer Difference Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-03 Vendor: Microsoft Corporation Product web page: https://www.microsoft.com Affected version: 11.345.17134...

WebVet 0.1a - id SQL Injection

WebVet 0.1a - id SQL Injection Exploit Title: WebVet 0.1a - 'id' SQL Injection Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://webvet.exreality.net/ Software Link: https://netix.dl.sourceforge.net/project/webvet/webvet20130708.zip Version: 0.1a Category: Webapps...

Royal TSX - Information Disclosure

Royal TSX - Information Disclosure RoyalTS/X Exploit var wsUri = "ws://127.0.0.1:54890/"; var output; function init output = document.getElementById"output"; testWebSocket; function testWebSocket writeToScreen"Let's retrieve some data..."; websocket = new WebSocketwsUri; websocket.onopen =...

SiAdmin 1.1 - id SQL Injection

SiAdmin 1.1 - id SQL Injection Exploit Title: SiAdmin 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.bubul.net/ Software Link: https://kent.dl.sourceforge.net/project/siadmin/SiAdmin%201.1/SiAdmin%201.1.zip Version: 1.1 Category: Webap...

Softros LAN Messenger 9.2 - Denial of Service (PoC)

Softros LAN Messenger 9.2 - Denial of Service PoC Exploit Title: Softros LAN Messenger 9.2 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-11-02 Vendor Homepage: https://messenger.softros.com/ Software Link: https://messenger.softros.com/downloads/ Tested Version: 9.2...

Mongo Web Admin 6.0 - Information Disclosure

Mongo Web Admin 6.0 - Information Disclosure Exploit Title: Mongo Web Admin 6.0 - Information Disclosure Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mongoadmin.org/ Software Link:...

Voovi Social Networking Script 1.0 - user SQL Injection

Voovi Social Networking Script 1.0 - user SQL Injection Exploit Title: Voovi Social Networking Script 1.0 - 'user' SQL Injection Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.adminspoint.com/voovi/index.php Software Link:...

Virgin Media Hub 3.0 Router - Denial of Service (PoC)

Virgin Media Hub 3.0 Router - Denial of Service PoC Exploit Title: Virgin Media Hub 3.0 Router - Denial of Service PoC Google Dork: N/A Date: 2018-11-03 Exploit Author: Ross Inman Vendor Homepage: https://www.broadbandchoices.co.uk/guides/hardware/virgin-media-broadband-routers Software Link: N/A...

LiquidVPN 1.36 1.37 - Privilege Escalation

LiquidVPN 1.36 1.37 - Privilege Escalation / ======================================================================= Title: Multiple Privilege Escalation Vulnerabilities Product: LiquidVPN for MacOS Vulnerable versions: 1.37, 1.36 and earlier CVE IDs: CVE-2018-18856, CVE-2018-18857, CVE-2018-1885...

Poppy Web Interface Generator 0.8 - Arbitrary File Upload

Poppy Web Interface Generator 0.8 - Arbitrary File Upload Exploit Title: Poppy Web Interface Generator 0.8 - Arbitrary File Upload Dork: N/A Date: 2018-11-04 Exploit Author: Ihsan Sencan Vendor Homepage: http://poppy.dc-development.de/ Software Link:...

PHP Proxy 3.0.3 - Local File Inclusion

PHP Proxy 3.0.3 - Local File Inclusion Exploit Title: PHP-Proxy 3.0.3 - Local File Inclusion Date: 04.11.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.php-proxy.com/ Software Link: https://github.com/Athlon1600/php-proxy-app Version:...

Advantech WebAccess SCADA 8.3.2 - Remote Code Execution

Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Exploit Title: Advantech WebAccess SCADA 8.3.2 - Remote Code Execution Date: 2018-11-02 Exploit Author: Chris Lyne @lynerc Vendor Homepage: http://www.advantech.com Device: NRVMini2 Software Link:...

CdCatalog 2.3.1 - Denial of Service (PoC)

CdCatalog 2.3.1 - Denial of Service PoC Exploit Title: CdCatalog 2.3.1 - Denial of Service PoC Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://cdcat.sourceforge.net Software Link:...

WinMTR 0.91 - Denial of Service (PoC)

WinMTR 0.91 - Denial of Service PoC Exploit Title: WinMTR 0.91 - Denial of Service PoC Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://winmtr.net Software Link: http://winmtr.net/winmtrdownload/ Version: 0.91 Category: Dos Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A...

Intel (Skylake Kaby Lake) - PortSmash CPU SMT Side-Channel

Intel Skylake Kaby Lake - PortSmash CPU SMT Side-Channel Summary This is a proof-of-concept exploit of the PortSmash microarchitecture attack, tracked by CVE-2018-5407. Setup Prerequisites A CPU featuring SMT e.g. Hyper-Threading is the only requirement. This exploit code should work out of the b...

Fantastic Blog CMS 1.0 - id SQL Injection

Fantastic Blog CMS 1.0 - id SQL Injection Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link:...

Zint Barcode Generator 2.6 - Denial of Service (PoC)

Zint Barcode Generator 2.6 - Denial of Service PoC Exploit Title: Zint Barcode Generator 2.6 - Denial of Service PoC Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.zint.org.uk Software Link: https://sourceforge.net/projects/zint/files/latest/download Version:...

Anviz AIM CrossChex Standard 4.3 - CSV Injection

Anviz AIM CrossChex Standard 4.3 - CSV Injection Exploit Title: Anviz AIM CrossChex Standard 4.3 - CSV Injection Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-11-01 Vendor: Anviz Biometric Technology Co., Ltd. Product web page: https://www.anviz.com Affected version: 4.3.6.0 Tested on...

Yot CMS 3.3.1 - aid SQL Injection

Yot CMS 3.3.1 - aid SQL Injection Exploit Title: Yot CMS 3.3.1 - 'aid' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: https://yot.sourceforge.io/ Software Link: https://ayera.dl.sourceforge.net/project/yot/Yot%203.3.1.zip Version: 3.3.1 Category: Webapps...

Jelastic 5.4 - host SQL Injection

Jelastic 5.4 - host SQL Injection Exploit Title: Jelastic 5.4 - 'host' SQL injection Google Dork: N/A Date: date Exploit Author: Procode701 Vendor Homepage: https://jelastic.com/ Software Link: https://jelastic.com/ Version: 5.4 Tested on: Kali Linux CVE : N/A POC: The application...

qdPM 9.1 - filter_by SQL Injection

qdPM 9.1 - filterby SQL Injection Exploit Title: qdPM 9.1 - 'filterby' SQL Injection Date: 2018-11-01 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: http://qdpm.net Software Link: http://qdpm.net/download-qdpm-free-project-management Version: v9.1...

Gate Pass Management System 2.1 - login SQL Injection

Gate Pass Management System 2.1 - login SQL Injection Exploit Title: Gate Pass Management System 2.1 - 'login' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.livebms.com Software Link:...

WebDrive 18.00.5057 - Denial of Service (PoC)

WebDrive 18.00.5057 - Denial of Service PoC Exploit Title: WebDrive 18.00.5057 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-10-31 Vendor Homepage: https://webdrive.com/ Software Link: https://webdrive.com/download/ Tested Version: 18.00.5057 Tested on: Windows 10...

Artha The Open Thesaurus 1.0.3.0 - Denial of Service (PoC)

Artha The Open Thesaurus 1.0.3.0 - Denial of Service PoC Exploit Title: Artha The Open Thesaurus 1.0.3.0 - Denial of Service PoC Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://artha.sourceforge.net Software Link:...

Arm Whois 3.11 - Denial of Service (PoC)

Arm Whois 3.11 - Denial of Service PoC Exploit Title: Arm Whois 3.11 - Denial of Service PoC Date: 2018-10-31 Exploit Author: Yair Rodríguez Aparicio Vendor Homepage: http://www.armcode.com/ Software Link: http://www.armcode.com/downloads/arm-whois.exe Version: 3.11 Tested on: Windows XP...

WordPress Plugin GoURL.io 1.4.14 - File Upload

WordPress Plugin GoURL.io 1.4.14 - File Upload Shell link...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User...

SmartFTP Client 9.0.2615.0 - Denial of Service (PoC)

SmartFTP Client 9.0.2615.0 - Denial of Service PoC Exploit Title: SmartFTP Client 9.0.2615.0 - Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-10-30 Vendor Homepage: https://www.smartftp.com/en-us/ Software Link: https://www.smartftp.com/en-us/download Tested Version:...

Notes Manager 1.0 - Arbitrary File Upload

Notes Manager 1.0 - Arbitrary File Upload Exploit Title: Notes Manager 1.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.webprojectbuilder.com/item/notes-management Software Link:...

xorg-x11-server 1.20.3 - Privilege Escalation

xorg-x11-server 1.20.3 - Privilege Escalation Exploit Title: xorg-x11-server 1.20.3 - Privilege Escalation Date: 2018-10-27 Exploit Author: Marco Ivaldi Vendor Homepage: https://www.x.org/ Version: xorg-x11-server 1.19.0 - 1.20.2 Tested on: OpenBSD 6.3 and 6.4 CVE : CVE-2018-14665 raptorxorgasm...