41207 matches found
SaltOS Erp Crm 3.1 r8126 - SQL Injection
SaltOS Erp Crm 3.1 r8126 - SQL Injection Exploit Title: SaltOS Erp, Crm 3.1 r8126 - SQL Injection Dork: N/A Date: 2018-10-29 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.saltos.org/ Software Link: http://download.saltos.org/?app=saltos&format=xul&arch=win32 Version: 3.1 r0 / 3.x...
Quick Count 2.0 - txtInstID SQL Injection
Quick Count 2.0 - txtInstID SQL Injection Exploit Title: Quick Count 2.0 - 'txtInstID' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: https://quickcount.sourceforge.io/ Software Link: https://sourceforge.net/projects/quickcount/files/latest/download Version...
Delta Sql 1.8.2 - id SQL Injection
Delta Sql 1.8.2 - id SQL Injection Exploit Title: Delta Sql 1.8.2 - 'id' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://deltasql.sourceforge.net/ Software Link: https://sourceforge.net/projects/deltasql/files/latest/download Software Link:...
MPS Box 0.1.8.0 - Arbitrary File Upload
MPS Box 0.1.8.0 - Arbitrary File Upload Exploit Title: MPS Box 0.1.8.0 - Arbitrary File Upload Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category:...
Veterinary Clinic Management 00.02 - editpetnum SQL Injection
Veterinary Clinic Management 00.02 - editpetnum SQL Injection Exploit Title: Veterinary Clinic Management 00.02 - 'editpetnum' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: https://vetclinic.sourceforge.io/ Software Link:...
Adult Filter 1.0 - Buffer Overflow (SEH)
Adult Filter 1.0 - Buffer Overflow SEH...
Open STA Manager 2.3 - Arbitrary File Download
Open STA Manager 2.3 - Arbitrary File Download Exploit Title: Open STA Manager 2.3 - Arbitrary File Download Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.openstamanager.com/ Software Link: https://sourceforge.net/projects/openstamanager/files/latest/download...
Oracle Weblogic Server - Deserialization Remote Command Execution (Patch Bypass)
Oracle Weblogic Server - Deserialization Remote Command Execution Patch Bypass // All respects goes to Zhiyi Zhang of 360 ESG Codesafe Team // URL: https://blogs.projectmoon.pw/2018/10/19/Oracle-WebLogic-Two-RCE-Deserialization-Vulnerabilities/ package ysoserial.payloads; import...
AjentiCP 1.2.23.13 - Cross-Site Scripting
AjentiCP 1.2.23.13 - Cross-Site Scripting Title: AjentiCP 1.2.23.13 - Cross-Site Scripting Author: Numan OZDEMIR https://infinitumit.com.tr Vendor Homepage: ajenti.org Software Link: https://github.com/ajenti/ajenti Version: Up to v1.2.23.13 CVE: CVE-2018-18548 Description: Attacker can inject...
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting
Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Exploit Title: Ekushey Project Manager CRM 3.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://creativeitem.com/ Software Link : http://creativeitem.com/demo/ekushey/ Software : Ekushey Project...
ClipBucket 2.8 - id SQL Injection
ClipBucket 2.8 - id SQL Injection Exploit Title: ClipBucket 2.8 - 'id' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://clipbucket.com/ Software Link: https://sourceforge.net/projects/clipbucket/files/latest/download Version: 2.8.v3354 Category: Webapp...
Simple Chat System 1.0 - id SQL Injection
Simple Chat System 1.0 - id SQL Injection Exploit Title: Simple Chat System 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/11610/simple-chat-system.html Software Link:...
User Management 1.1 - Cross-Site Scripting
User Management 1.1 - Cross-Site Scripting Exploit Title: User Management 1.1 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://ardawan.com/ Software Link : http://um.ardawan.com Software : User Management Version : 1.1 Vulernability Type : Cross-site...
xorg-x11-server 1.20.3 - Local Privilege Escalation
xorg-x11-server 1.20.3 - Local Privilege Escalation CVE-2018-14665 - a LPE exploit via http://X.org fits in a tweet cd /etc; Xorg -fp "root::16431:0:99999:7:::" -logfile shadow :1;su Overwrite shadow or any file on most Linux, get root privileges. BSD and any other Xorg desktop also affected...
libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer
libtiff 4.0.9 - Decodes Arbitrarily Sized JBIG into a Target Buffer / libtiff up to and including 4.0.9 decodes arbitrarily-sized JBIG into a buffer, ignoring the buffer size. The issue occurs because JBIGDecode entirely ignores the size of the buffer that is passed to it: static int JBIGDecodeTI...
Simple POS and Inventory 1.0 - cat SQL Injection
Simple POS and Inventory 1.0 - cat SQL Injection Exploit Title: Simple POS and Inventory 1.0 - 'cat' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/php/11625/simple-pos-and-inventory-system.html Software Link:...
phptpoint Hospital Management System 1.0 - user SQL injection
phptpoint Hospital Management System 1.0 - user SQL injection Exploit Title: phptpoint Hospital Management System 1.0 - 'user' SQL injection Date: 2018-10-24 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.phptpoint.com/ Software Link: Version: 1...
MPS Box 0.1.8.0 - uuid SQL Injection
MPS Box 0.1.8.0 - uuid SQL Injection Exploit Title: MPS Box 0.1.8.0 - 'uuid' SQL Injection Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.mpsbox.com/ Software Link: https://sourceforge.net/projects/mpsbox/files/latest/download Version: 0.1.8.0 Category: Webapp...
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution
ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Exploit Title: ProjeQtOr Project Management Tool 7.2.5 - Remote Code Execution Date: 2018-10-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Contact: https://pentest.com.tr Vendor Homepage: https://www.projeqtor.org Software Link:...
Delta Sql 1.8.2 - Arbitrary File Upload
Delta Sql 1.8.2 - Arbitrary File Upload Exploit Title: Delta Sql 1.8.2 - Arbitrary File Upload Dork: N/A Date: 2018-10-25 Exploit Author: Ihsan Sencan Vendor Homepage: http://deltasql.sourceforge.net/ Software Link: https://sourceforge.net/projects/deltasql/files/latest/download Software Link:...
BORGChat 1.0.0 build 438 - Denial of Service (PoC)
BORGChat 1.0.0 build 438 - Denial of Service PoC Exploit Title: BORGChat 1.0.0 build 438 - Denial of Service PoC Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: http://borgchat.10n.ro Software Link: http://borgchat.10n.ro/download.php Version: 1.0.0 build 438 Category: Do...
AiOPMSD Final 1.0.0 - q SQL Injection
AiOPMSD Final 1.0.0 - q SQL Injection Exploit Title: AiOPMSD Final 1.0.0 - 'q' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: https://aiopmsd.sourceforge.io/ Software Link: https://sourceforge.net/projects/aiopmsd/files/latest/download Version: 1.0.0...
Fifa Master XLS 2.3.2 - usw SQL Injection
Fifa Master XLS 2.3.2 - usw SQL Injection Exploit Title: Fifa Master XLS 2.3.2 - 'usw' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: http://fankstribe.org/ Software Link: https://sourceforge.net/projects/fifamasterxls/files/latest/download Version: 2.3.2...
Axioscloud Sissiweb Registro Elettronico 7.0.0 - Error_desc Cross-Site Scripting
Axioscloud Sissiweb Registro Elettronico 7.0.0 - Errordesc Cross-Site Scripting Exploit Title: Axioscloud Sissiweb Registro Elettronico 7.0.0 - 'Errordesc' Cross-Site Scripting Dork: n/a Date: 2018-10-11 Exploit Author: Dino Barlattani Vendor Homepage: http://axiositalia.it/ Software Link:...
Apache OFBiz 16.11.04 - XML External Entity Injection
Apache OFBiz 16.11.04 - XML External Entity Injection Exploit Title: Apache OFBiz 16.11.04 - XML External Entity Injection Date: 2018-10-15 Exploit Author: Jamie Parfet Vendor Homepage: https://ofbiz.apache.org/ Software Link: https://archive.apache.org/dist/ofbiz/ Version: xXx xXx """ if...
Adult Filter 1.0 - Denial of Service (PoC)
Adult Filter 1.0 - Denial of Service PoC Exploit Title: ADULT FILTER 1.0 - Denial of Service PoC Date: 2018-10-28 Exploit Author: Beren Kuday GÖRÜN Vendor Homepage: http://www.armcode.com/adult-filter/ Software Link: http://www.armcode.com/downloads/adult-filter.exe Version: 1.0 Build 2007-Mar-...
SG ERP 1.0 - info SQL Injection
SG ERP 1.0 - info SQL Injection Exploit Title: SG ERP 1.0 - 'info' SQL Injection Dork: N/A Date: 2018-10-24 Exploit Author: Ihsan Sencan Vendor Homepage: http://fankstribe.org/ Software Link: https://sourceforge.net/projects/sgerp/files/latest/download Version: 1.0 Category: Webapps Tested on:...
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting
LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Exploit Title: LANGO Codeigniter Multilingual Script 1.0 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: http://pokkho.com/lango/ Software Link : http://pokkho.com/lango/auth/login Software :...
exim 4.90 - Remote Code Execution
exim 4.90 - Remote Code Execution Exploit Title: exim 4.90 - Remote Code Execution Date: 2018-10-24 Exploit Author: hackk.gr Vendor Homepage: exim.org Version: exim -1: authplainavailable = True if test: if lenl 70: sys.stdout.writel:70 + " ...\n" sys.stdout.flush else: print l.strip"\r".strip"\n...
Appsource School Management System 1.0 - student_id SQL Injection
Appsource School Management System 1.0 - studentid SQL Injection Exploit Title: Appsource School Management System 1.0 - 'studentid' SQL Injection Dork: N/A Date: 2018-10-19 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.appsource.ug/school/ Software Link:...
Microsoft Data Sharing - Local Privilege Escalation (PoC)
Microsoft Data Sharing - Local Privilege Escalation PoC Bug description: RpcDSSMoveFromSharedFilehandle,L"token",L"c:\blah1\pci.sys"; This function exposed over alpc, has a arbitrary delete vuln. Hitting the timing was pretty annoying. But my PoC will keep rerunning until...
SIM-PKH 2.4.1 - id SQL Injection
SIM-PKH 2.4.1 - id SQL Injection Exploit Title: SIM-PKH 2.4.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category: Webapps...
School ERP Pro+Responsive 1.0 - fid SQL Injection
School ERP Pro+Responsive 1.0 - fid SQL Injection Exploit Title: School ERP Pro+Responsive 1.0 - 'fid' SQL Injection Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.arox.in/ Software Link:...
ServersCheck Monitoring Software 14.3.3 - id SQL Injection
ServersCheck Monitoring Software 14.3.3 - id SQL Injection Exploit Title: ServersCheck Monitoring Software 14.3.3 - 'id' SQL Injection Author: John Page aka hyp3rlinx Date: 2018-10-23 Vendor: www.serverscheck.com Software link: http://downloads.serverscheck.com/monitoringsoftware/setup.exe CVE: N...
SIM-PKH 2.4.1 - Arbitrary File Upload
SIM-PKH 2.4.1 - Arbitrary File Upload Exploit Title: SIM-PKH 2.4.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-22 Exploit Author: Ihsan Sencan Vendor Homepage: https://simpkh.sourceforge.io/ Software Link: https://sourceforge.net/projects/simpkh/files/latest/download Version: 2.4.1 Category:...
School ERP Pro+Responsive 1.0 - Arbitrary File Download
School ERP Pro+Responsive 1.0 - Arbitrary File Download Exploit Title: School ERP Pro+Responsive 1.0 - Arbitrary File Download Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.arox.in/ Software Link:...
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write
ServersCheck Monitoring Software 14.3.3 - Arbitrary File Write Exploit Title: ServersCheck Monitoring Software 14.3.3 - Denial of Service PoC Author: John Page aka hyp3rlinx Date: 2018-10-23 Vendor: www.serverscheck.com Software Link: http://downloads.serverscheck.com/monitoringsoftware/setup.exe...
MGB OpenSource Guestbook 0.7.0.2 - id SQL Injection
MGB OpenSource Guestbook 0.7.0.2 - id SQL Injection Exploit Title: MGB OpenSource Guestbook 0.7.0.2 - 'id' SQL Injection Dork: N/A Date: 2018-10-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m-gb.org/ Software Link: https://sourceforge.net/projects/mopzz-gb/files/latest/download...
Keybase keybase-redirector - $PATH Local Privilege Escalation
Keybase keybase-redirector - $PATH Local Privilege Escalation keybase-redirector is a setuid root binary. keybase-redirector calls the fusermount binary using a relative path and the application trusts the value of $PATH. This allows a local, unprivileged user to trick the application to executin...
The Open ISES Project 3.30A - tick_lat SQL Injection
The Open ISES Project 3.30A - ticklat SQL Injection Exploit Title: The Open ISES Project 3.30A - 'ticklat' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://openises.sourceforge.net/ Software Link:...
Apple iOSmacOS - Sandbox Escape due to mach Message sent from Shared Memory
Apple iOSmacOS - Sandbox Escape due to mach Message sent from Shared Memory iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client that there's data available in the queue. As a clien...
Apple Intel GPU Driver - Use-After-FreeDouble-Delete due to bad Locking
Apple Intel GPU Driver - Use-After-FreeDouble-Delete due to bad Locking / This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory extern...
Audacity 2.3 - Denial of Service (PoC)
Audacity 2.3 - Denial of Service PoC Exploit Title: AudaCity 2.3 - Denial of Service PoC Author: Kağan Çapar Discovery Date: 2018-10-19 Software Link: https://www.fosshub.com/Audacity.html Vendor Homepage : https://www.audacityteam.org Tested Version: 2.3 Tested on OS: Windows 10 x64/86 Normal us...
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas
Apple iOS Kernel - Use-After-Free due to bad Error Handling in Personas / There was recently some cleanup in the persona code to fix some race conditions there, I don't think it was sufficient: In kpersonaallocsyscall if we provide an invalid userspace pointer for the ipd outptr we can cause this...
Apple iOSmacOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport
Apple iOSmacOS - Kernel Memory Corruption due to Integer Overflow in IOHIDResourceQueue::enqueueReport / IOHIDResourceQueue inherits from IOSharedDataQueue and adds its own ::enqueueReport method, which seems to be mostly copy-pasted from IOSharedDataQueue and IODataQueue's ::enqueue methods. I...
Oracle Siebel CRM 8.1.1 - CSV Injection
Oracle Siebel CRM 8.1.1 - CSV Injection Exploit Title: Oracle Siebel CRM 8.1.1 - CSV Injection Date: 2018-10-21 Exploit Author: Sarath Nair aka AceNeon13 Contact: @AceNeon13 Vendor Homepage: www.oracle.com Software Link:...
School ERP Ultimate 2018 - Arbitrary File Download
School ERP Ultimate 2018 - Arbitrary File Download Exploit Title: School ERP Ultimate 2018 - Arbitrary File Download Dork: N/A Date: 2018-10-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://freeschoolerp.com/ Software Link: http://freeschoolerp.com/schoolerp30Nov2017free.zip Software Link:...
Viva Visitor Volunteer ID Tracking 0.95.1 - fname SQL Injection
Viva Visitor Volunteer ID Tracking 0.95.1 - fname SQL Injection Exploit Title: Viva Visitor & Volunteer ID Tracking 0.95.1 - 'fname' SQL Injection Dork: N/A Date: 2018-10-19 Exploit Author: Ihsan Sencan Vendor Homepage: https://viva-visitor.sourceforge.io/ Software Link:...
Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboardd and on MacOS by hidd. The actual implementation is ...
MySQL Edit Table 1.0 - id SQL Injection
MySQL Edit Table 1.0 - id SQL Injection Exploit Title: MySQL Edit Table 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.bookman.nl Software Link: https://sourceforge.net/projects/sql-edit-table/files/latest/download Version: 1.0...