41207 matches found
MySQL Edit Table 1.0 - id SQL Injection
MySQL Edit Table 1.0 - id SQL Injection Exploit Title: MySQL Edit Table 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.bookman.nl Software Link: https://sourceforge.net/projects/sql-edit-table/files/latest/download Version: 1.0...
Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)
Microsoft Windows 10 - Local Privilege Escalation UAC Bypass !/usr/bin/env python Exploit Title: Windows 10 UAC Bypass by computerDefault Date: 2018-10-18 Exploit Author: Fabien DROMAS - Security consultant @ Synetis Twitter: st0rnpentest Vendor Homepage: www.microsoft.com Version: Version...
Apple iOSmacOS - Sandbox Escape due to mach Message sent from Shared Memory
Apple iOSmacOS - Sandbox Escape due to mach Message sent from Shared Memory iohideventsystem sets up a shared memory event queue; at the end of this shared memory buffer it puts a mach message which it sends whenever it wants to notify a client that there's data available in the queue. As a clien...
Apple Intel GPU Driver - Use-After-FreeDouble-Delete due to bad Locking
Apple Intel GPU Driver - Use-After-FreeDouble-Delete due to bad Locking / This PoC file might look familiar; this bug is a trivial variant of CVE-2016-1744 Apple bug id 635599405. That report showed the bug in the unmapusermemory external methods; a variant also exists in the mapusermemory extern...
Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem
Apple iOSmacOS - Sandbox Escape due to Trusted Length Field in Shared Memory used by HID Event Subsystem iohideventsystem is a MIG service which provides proxy access to various HID devices for untrusted clients. On iOS it's hosted by backboardd and on MacOS by hidd. The actual implementation is ...
Audacity 2.3 - Denial of Service (PoC)
Audacity 2.3 - Denial of Service PoC Exploit Title: AudaCity 2.3 - Denial of Service PoC Author: Kağan Çapar Discovery Date: 2018-10-19 Software Link: https://www.fosshub.com/Audacity.html Vendor Homepage : https://www.audacityteam.org Tested Version: 2.3 Tested on OS: Windows 10 x64/86 Normal us...
LibSSH 0.7.6 0.8.4 - Unauthorized Access
LibSSH 0.7.6 0.8.4 - Unauthorized Access !/usr/bin/env python3 import sys import paramiko import socket import logging pip3 install paramiko==2.0.8 logging.basicConfigstream=sys.stdout, level=logging.DEBUG logging.basicConfigstream=sys.stdout bufsize = 2048 def executehostname, port, command: soc...
PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)
PHP-SHOP master 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: PHP-SHOP master 1.0 - Cross-Site Request Forgery Add admin Exploit Author : Alireza Norkazemi Date: 2018-10-15 Vendor Homepage : https://github.com/joeyrush/PHP-SHOP Software link:...
OwnTicket 1.0 - TicketID SQL Injection
OwnTicket 1.0 - TicketID SQL Injection Exploit Title: OwnTicket 1.0 - 'TicketID' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: https://ownticket.sourceforge.io/ Software Link: https://sourceforge.net/projects/ownticket/files/latest/download Version: 1.0...
libSSH - Authentication Bypass
libSSH - Authentication Bypass !/usr/bin/env python3 import paramiko import socket import argparse from sys import argv, exit parser = argparse.ArgumentParserdescription="libSSH Authentication Bypass" parser.addargument'--host', help='Host' parser.addargument'-p', '--port', help='libSSH port',...
Learning with Texts 1.6.2 - start SQL Injection
Learning with Texts 1.6.2 - start SQL Injection Exploit Title: Learning with Texts 1.6.2 - 'start' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://lwt.sourceforge.net/ Software Link: https://sourceforge.net/projects/lwt/files/latest/download Version:...
Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)
Time and Expense Management System 3.0 - Cross-Site Request Forgery Add Admin Exploit Title: Time and Expense Management System 3.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-17 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.initechs.com/ Software Link:...
Any Sound Recorder 2.93 - Buffer Overflow (SEH)
Any Sound Recorder 2.93 - Buffer Overflow SEH Exploit Title: Any Sound Recorder 2.93 - Buffer Overflow SEH Exploit Author: Abdullah Alic Discovery Date: 2018-10-16 Homepage: http://www.any-sound-recorder.com Software Link: http://www.any-sound-recorder.com/anysoundrecorder.exe Version: 2.93 Teste...
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure
TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Exploit Title: TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-17 Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.com Affected version: 1.6.18P12121101 Test...
BigTree CMS 4.2.23 - Cross-Site Scripting
BigTree CMS 4.2.23 - Cross-Site Scripting Exploit Title: BigTree CMS 4.2.23 - Cross-Site Scripting Date: 2018-10-15 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.bigtreecms.org/ Software Link : https://github.com/bigtreecms/BigTree-CMS/ Software : BigTree CMS Version : 4.2.23...
FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials
FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...
Time and Expense Management System 3.0 - table SQL Injection
Time and Expense Management System 3.0 - table SQL Injection Exploit Title: Time and Expense Management System 3.0 - 'table' SQL Injection Dork: N/A Date: 2018-10-17 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.initechs.com/ Software Link:...
Kados R10 GreenBee - release_id SQL Injection
Kados R10 GreenBee - releaseid SQL Injection Exploit Title: Kados R10 GreenBee - 'releaseid' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.kados.info/ Software Link: https://sourceforge.net/projects/kados/ Version: R10 GreenBee Category: Webapp...
MV Video Sharing Software 1.2 - searchname SQL Injection
MV Video Sharing Software 1.2 - searchname SQL Injection Exploit Title: MV Video Sharing Software 1.2 - 'searchname' SQL Injection Dork: N/A Date: 2018-10-16 Exploit Author: Ihsan Sencan Vendor Homepage: https://melerovideo.com/software/ Software Link:...
Microsoft Windows - FSCTL_FIND_FILES_BY_SID Information Disclosure
Microsoft Windows - FSCTLFINDFILESBYSID Information Disclosure Windows: FSCTLFINDFILESBYSID Information Disclosure Platform: Windows 10 1709, 1803 Class: Information Disclosure / Elevation of Privilege Summary: The FSCTLFINDFILESBYSID control code doesn’t check for permissions to list a directory...
GIU Gallery Image Upload 0.3.1 - category SQL Injection
GIU Gallery Image Upload 0.3.1 - category SQL Injection Exploit Title: GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection Dork: N/A Date: 2018-10-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://tradesouthwest.com Software Link: https://sourceforge.net/projects/giugalleryimageupload...
HotelDruid 2.2.4 - anno SQL Injection
HotelDruid 2.2.4 - anno SQL Injection Exploit Title: HotelDruid 2.2.4 - 'anno' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.hoteldruid.com/ Software Link: http://www.hoteldruid.com/en/download.html Version: 2.2.4 Category: Webapps Tested on:...
Navigate CMS 2.8.5 - Arbitrary File Download
Navigate CMS 2.8.5 - Arbitrary File Download Exploit Title: Navigate CMS 2.8.5 - Arbitrary File Download Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.navigatecms.com/ Software Link:...
Vishesh Auto Index 3.1 - fid SQL Injection
Vishesh Auto Index 3.1 - fid SQL Injection Exploit Title: Vishesh Auto Index 3.1 - 'fid' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.vishesh.cf/ Software Link: https://sourceforge.net/projects/vishesh-wap-auto-index/files/latest/download...
Rukovoditel Project Management CRM 2.3 - path SQL Injection
Rukovoditel Project Management CRM 2.3 - path SQL Injection Exploit Title: Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php...
Library CMS 2.1.1 - Cross-Site Scripting
Library CMS 2.1.1 - Cross-Site Scripting Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Date: 2018-10-15 Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v...
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting
WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: https://schiocco.com/ Software Link : https://board.support/ Software : Support Board - Chat And...
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure
Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Exploit Title: Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Dork: intitle:"Heatmiser Wifi Thermostat" Date: 2018-08-17 Exploit Author: d0wnp0ur Original Discoverer: Andrew Tierney Vendor Lnk: https://www.heatmiser.com/en/ Product Link...
Git Submodule - Arbitrary Code Execution
Git Submodule - Arbitrary Code Execution CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror...
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)
Academic Timetable Final Build 7.0b - Cross-Site Request Forgery Add Admin Exploit Title: Academic Timetable Final Build 7.0b - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link:...
Advanced HRM 1.6 - Remote Code Execution
Advanced HRM 1.6 - Remote Code Execution Exploit Title: Advanced HRM 1.6 - Remote Code Execution Google Dork: intext:"Advanced HRM" Date: 2018-10-06 Exploit Author: Renos Nikolaou Vendor Homepage: https://coderpixel.com/ Software Link: https://codecanyon.net/item/advanced-hrm/17767006 Version: 1....
College Notes Management System 1.0 - user SQL Injection
College Notes Management System 1.0 - user SQL Injection Exploit Title: College Notes Management System 1.0 - 'user' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://anirbandutta.ml/ Software Link:...
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution
FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...
MaxOn ERP Software 8.x-9.x - nomor SQL Injection
MaxOn ERP Software 8.x-9.x - nomor SQL Injection Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...
FLIR Brickstream 3D+ - RTSP Stream Disclosure
FLIR Brickstream 3D+ - RTSP Stream Disclosure FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842 Api: 1.0.0 Node: 0.10.33 Onvif: 0.1.1.47 Summary: The Brickstream...
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure
FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 O...
Snes9K 0.0.9z - Buffer Overflow (SEH)
Snes9K 0.0.9z - Buffer Overflow SEH...
Academic Timetable Final Build 7.0 - Information Disclosure
Academic Timetable Final Build 7.0 - Information Disclosure \n"; printr$ver; echo "\n"; / Array sEcho = 10 iTotalRecords = 3 iTotalDisplayRecords = 3 aaData = Array 0 = Array 0 = testdb1 1 = testdb1 2 = ADMIN 3 = 6CC4E8CFFEAF202D7475BC906612F9A29A9C8117 1 = Array 0 = ADMIN 1 = admin 2 = ADMIN...
Academic Timetable Final Build 7.0a-7.0b - id SQL Injection
Academic Timetable Final Build 7.0a-7.0b - id SQL Injection Exploit Title: Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link:...
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure
FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...
KORA 2.7.0 - cid SQL Injection
KORA 2.7.0 - cid SQL Injection Exploit Title: KORA 2.7.0 - SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.matrix.msu.edu/ Software Link: https://sourceforge.net/projects/kora/files/latest/download Version: 2.7.0 Category: Webapps Tested on:...
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure
FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities
Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities Exploit Title: Centos Web Panel 0.9.8.480 Multiple Vulnerabilities Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/system-requiremen...
AlchemyCMS 4.1 - Cross-Site Scripting
AlchemyCMS 4.1 - Cross-Site Scripting Exploit Title: AlchemyCMS 4.1 - Cross-Site Scripting Date: 2018-10-14 Exploit Author: Ismail Tasdelen Vendor Homepage: https://alchemy-cms.com/ Software Link : https://github.com/AlchemyCMS/alchemycms Software : AlchemyCMS Version : 4.1-stable Vulernability...
NoMachine 5.3.27 - Remote Code Execution
NoMachine 5.3.27 - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo Vendor www.nomachine.com...
CAMALEON CMS 2.4 - Cross-Site Scripting
CAMALEON CMS 2.4 - Cross-Site Scripting Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernabilit...
SugarCRM 6.5.26 - Cross-Site Scripting
SugarCRM 6.5.26 - Cross-Site Scripting Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...
HaPe PKH 1.1 - id SQL Injection
HaPe PKH 1.1 - id SQL Injection Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on:...
HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)
HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Exploit Title: HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download...
HaPe PKH 1.1 - Arbitrary File Upload
HaPe PKH 1.1 - Arbitrary File Upload Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Test...