School ERP Ultimate 2018 - fid SQL Injection

School ERP Ultimate 2018 - fid SQL Injection Exploit Title: School ERP Ultimate 2018 - 'fid' SQL Injection Dork: N/A Date: 2018-10-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://freeschoolerp.com/ Software Link: http://freeschoolerp.com/schoolerp30Nov2017free.zip Software Link:...

Modbus Poll 7.2.2 - Denial of Service (PoC)

Modbus Poll 7.2.2 - Denial of Service PoC Exploit Title: Modbus Poll 7.2.2 - Denial of Service PoC Discovery by: Cemal Cihad ÇİFTÇİ Discovery Date: 2018-10-19 Tested Version: 7.2.2 Vulnerability Type: DOS Tested on OS: Windows XP Professional Service Pack 3 Vendor Homepage:...

Microsoft Windows 10 - Local Privilege Escalation (UAC Bypass)

Microsoft Windows 10 - Local Privilege Escalation UAC Bypass !/usr/bin/env python Exploit Title: Windows 10 UAC Bypass by computerDefault Date: 2018-10-18 Exploit Author: Fabien DROMAS - Security consultant @ Synetis Twitter: st0rnpentest Vendor Homepage: www.microsoft.com Version: Version...

eNdonesia Portal 8.7 - artid SQL Injection

eNdonesia Portal 8.7 - artid SQL Injection Exploit Title: eNdonesia Portal 8.7 - 'artid' SQL Injection Dork: N/A Date: 2018-10-21 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.endonesia.org/ Software Link: https://sourceforge.net/projects/endonesia/files/latest/download Version: 8.7...

The Open ISES Project 3.30A - Arbitrary File Download

The Open ISES Project 3.30A - Arbitrary File Download Exploit Title: The Open ISES Project 3.30A - Arbitrary File Download Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://openises.sourceforge.net/ Software Link:...

Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value

Apple iOS - Kernel Stack Memory Disclosure due to Failure to Check copyin Return Value Here's a code snippet from sleh.c with the second level exception handler for undefined instruction exceptions: static void handleuncategorizedarmsavedstatet state, booleant instrLen2 exceptiontypet exception =...

LibSSH 0.7.6 0.8.4 - Unauthorized Access

LibSSH 0.7.6 0.8.4 - Unauthorized Access !/usr/bin/env python3 import sys import paramiko import socket import logging pip3 install paramiko==2.0.8 logging.basicConfigstream=sys.stdout, level=logging.DEBUG logging.basicConfigstream=sys.stdout bufsize = 2048 def executehostname, port, command: soc...

libSSH - Authentication Bypass

libSSH - Authentication Bypass !/usr/bin/env python3 import paramiko import socket import argparse from sys import argv, exit parser = argparse.ArgumentParserdescription="libSSH Authentication Bypass" parser.addargument'--host', help='Host' parser.addargument'-p', '--port', help='libSSH port',...

Learning with Texts 1.6.2 - start SQL Injection

Learning with Texts 1.6.2 - start SQL Injection Exploit Title: Learning with Texts 1.6.2 - 'start' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: http://lwt.sourceforge.net/ Software Link: https://sourceforge.net/projects/lwt/files/latest/download Version:...

OwnTicket 1.0 - TicketID SQL Injection

OwnTicket 1.0 - TicketID SQL Injection Exploit Title: OwnTicket 1.0 - 'TicketID' SQL Injection Dork: N/A Date: 2018-10-18 Exploit Author: Ihsan Sencan Vendor Homepage: https://ownticket.sourceforge.io/ Software Link: https://sourceforge.net/projects/ownticket/files/latest/download Version: 1.0...

PHP-SHOP master 1.0 - Cross-Site Request Forgery (Add Admin)

PHP-SHOP master 1.0 - Cross-Site Request Forgery Add Admin Exploit Title: PHP-SHOP master 1.0 - Cross-Site Request Forgery Add admin Exploit Author : Alireza Norkazemi Date: 2018-10-15 Vendor Homepage : https://github.com/joeyrush/PHP-SHOP Software link:...

Time and Expense Management System 3.0 - Cross-Site Request Forgery (Add Admin)

Time and Expense Management System 3.0 - Cross-Site Request Forgery Add Admin Exploit Title: Time and Expense Management System 3.0 - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-17 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.initechs.com/ Software Link:...

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials

FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Hard-Coded Credentials Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...

Any Sound Recorder 2.93 - Buffer Overflow (SEH)

Any Sound Recorder 2.93 - Buffer Overflow SEH Exploit Title: Any Sound Recorder 2.93 - Buffer Overflow SEH Exploit Author: Abdullah Alic Discovery Date: 2018-10-16 Homepage: http://www.any-sound-recorder.com Software Link: http://www.any-sound-recorder.com/anysoundrecorder.exe Version: 2.93 Teste...

TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure

TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Exploit Title: TP-Link TL-SC3130 1.6.18 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-17 Vendor: TP-LINK Technologies Co., Ltd. Product web page: http://www.tp-link.com Affected version: 1.6.18P12121101 Test...

Time and Expense Management System 3.0 - table SQL Injection

Time and Expense Management System 3.0 - table SQL Injection Exploit Title: Time and Expense Management System 3.0 - 'table' SQL Injection Dork: N/A Date: 2018-10-17 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.initechs.com/ Software Link:...

BigTree CMS 4.2.23 - Cross-Site Scripting

BigTree CMS 4.2.23 - Cross-Site Scripting Exploit Title: BigTree CMS 4.2.23 - Cross-Site Scripting Date: 2018-10-15 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.bigtreecms.org/ Software Link : https://github.com/bigtreecms/BigTree-CMS/ Software : BigTree CMS Version : 4.2.23...

GIU Gallery Image Upload 0.3.1 - category SQL Injection

GIU Gallery Image Upload 0.3.1 - category SQL Injection Exploit Title: GIU Gallery Image Upload 0.3.1 - 'category' SQL Injection Dork: N/A Date: 2018-10-16 Exploit Author: Ihsan Sencan Vendor Homepage: http://tradesouthwest.com Software Link: https://sourceforge.net/projects/giugalleryimageupload...

Kados R10 GreenBee - release_id SQL Injection

Kados R10 GreenBee - releaseid SQL Injection Exploit Title: Kados R10 GreenBee - 'releaseid' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.kados.info/ Software Link: https://sourceforge.net/projects/kados/ Version: R10 GreenBee Category: Webapp...

Navigate CMS 2.8.5 - Arbitrary File Download

Navigate CMS 2.8.5 - Arbitrary File Download Exploit Title: Navigate CMS 2.8.5 - Arbitrary File Download Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.navigatecms.com/ Software Link:...

Vishesh Auto Index 3.1 - fid SQL Injection

Vishesh Auto Index 3.1 - fid SQL Injection Exploit Title: Vishesh Auto Index 3.1 - 'fid' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.vishesh.cf/ Software Link: https://sourceforge.net/projects/vishesh-wap-auto-index/files/latest/download...

WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting

WordPress Plugin Support Board 1.2.3 - Cross-Site Scripting Exploit Title: Wordpress Plugin Support Board 1.2.3 - Cross-Site Scripting Date: 2018-10-16 Exploit Author: Ismail Tasdelen Vendor Homepage: https://schiocco.com/ Software Link : https://board.support/ Software : Support Board - Chat And...

Rukovoditel Project Management CRM 2.3 - path SQL Injection

Rukovoditel Project Management CRM 2.3 - path SQL Injection Exploit Title: Rukovoditel Project Management CRM 2.3 - 'path' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://www.rukovoditel.net/download.php...

Heatmiser Wifi Thermostat 1.7 - Credential Disclosure

Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Exploit Title: Heatmiser Wifi Thermostat 1.7 - Credential Disclosure Dork: intitle:"Heatmiser Wifi Thermostat" Date: 2018-08-17 Exploit Author: d0wnp0ur Original Discoverer: Andrew Tierney Vendor Lnk: https://www.heatmiser.com/en/ Product Link...

Library CMS 2.1.1 - Cross-Site Scripting

Library CMS 2.1.1 - Cross-Site Scripting Exploit Title: Library CMS 2.1.1 - Cross-Site Scripting Date: 2018-10-15 Exploit Author: Ismail Tasdelen Vendor Homepage: https://kaasoft.pro/ Software Link : https://library.kaasoft.pro/ Software : Library CMS - Powerful Book Management System Version : v...

Microsoft Windows - FSCTL_FIND_FILES_BY_SID Information Disclosure

Microsoft Windows - FSCTLFINDFILESBYSID Information Disclosure Windows: FSCTLFINDFILESBYSID Information Disclosure Platform: Windows 10 1709, 1803 Class: Information Disclosure / Elevation of Privilege Summary: The FSCTLFINDFILESBYSID control code doesn’t check for permissions to list a directory...

HotelDruid 2.2.4 - anno SQL Injection

HotelDruid 2.2.4 - anno SQL Injection Exploit Title: HotelDruid 2.2.4 - 'anno' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.hoteldruid.com/ Software Link: http://www.hoteldruid.com/en/download.html Version: 2.2.4 Category: Webapps Tested on:...

MV Video Sharing Software 1.2 - searchname SQL Injection

MV Video Sharing Software 1.2 - searchname SQL Injection Exploit Title: MV Video Sharing Software 1.2 - 'searchname' SQL Injection Dork: N/A Date: 2018-10-16 Exploit Author: Ihsan Sencan Vendor Homepage: https://melerovideo.com/software/ Software Link:...

Git Submodule - Arbitrary Code Execution

Git Submodule - Arbitrary Code Execution CVE-2018-17456 I've gotten a couple of questions about exploitation for the recent RCE in Git. So here we go with some technical details. TL;DR Here is a PoC repository. EDB Note: Mirror...

Academic Timetable Final Build 7.0 - Information Disclosure

Academic Timetable Final Build 7.0 - Information Disclosure \n"; printr$ver; echo "\n"; / Array sEcho = 10 iTotalRecords = 3 iTotalDisplayRecords = 3 aaData = Array 0 = Array 0 = testdb1 1 = testdb1 2 = ADMIN 3 = 6CC4E8CFFEAF202D7475BC906612F9A29A9C8117 1 = Array 0 = ADMIN 1 = admin 2 = ADMIN...

Advanced HRM 1.6 - Remote Code Execution

Advanced HRM 1.6 - Remote Code Execution Exploit Title: Advanced HRM 1.6 - Remote Code Execution Google Dork: intext:"Advanced HRM" Date: 2018-10-06 Exploit Author: Renos Nikolaou Vendor Homepage: https://coderpixel.com/ Software Link: https://codecanyon.net/item/advanced-hrm/17767006 Version: 1....

NoMachine 5.3.27 - Remote Code Execution

NoMachine 5.3.27 - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/NOMACHINE-TROJAN-FILE-REMOTE-CODE-EXECUTION.txt + ISR: ApparitionSec Greetz: Greetz: indoushka | Eduardo Vendor www.nomachine.com...

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure

FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Arbitrary File Disclosure Auhor: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16, 1.17.13 O...

Snes9K 0.0.9z - Buffer Overflow (SEH)

Snes9K 0.0.9z - Buffer Overflow SEH...

College Notes Management System 1.0 - user SQL Injection

College Notes Management System 1.0 - user SQL Injection Exploit Title: College Notes Management System 1.0 - 'user' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: https://anirbandutta.ml/ Software Link:...

Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities

Centos Web Panel 0.9.8.480 - Multiple Vulnerabilities Exploit Title: Centos Web Panel 0.9.8.480 Multiple Vulnerabilities Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: http://centos-webpanel.com/ Software Link: http://centos-webpanel.com/system-requiremen...

AlchemyCMS 4.1 - Cross-Site Scripting

AlchemyCMS 4.1 - Cross-Site Scripting Exploit Title: AlchemyCMS 4.1 - Cross-Site Scripting Date: 2018-10-14 Exploit Author: Ismail Tasdelen Vendor Homepage: https://alchemy-cms.com/ Software Link : https://github.com/AlchemyCMS/alchemycms Software : AlchemyCMS Version : 4.1-stable Vulernability...

FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure

FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...

FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution

FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Exploit Title: FLIR AX8 Thermal Camera 1.32.16 - Remote Code Execution Author: Gjoko 'LiquidWorm' Krstic @zeroscience Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: https://www.flir.com Affected version: Firmware: 1.32.16,...

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure

FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Exploit Title: FLIR Brickstream 3D+ 2.1.742.1842 - Config File Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-14 Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842,...

Academic Timetable Final Build 7.0b - Cross-Site Request Forgery (Add Admin)

Academic Timetable Final Build 7.0b - Cross-Site Request Forgery Add Admin Exploit Title: Academic Timetable Final Build 7.0b - Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link:...

Academic Timetable Final Build 7.0a-7.0b - id SQL Injection

Academic Timetable Final Build 7.0a-7.0b - id SQL Injection Exploit Title: Academic Timetable Final Build 7.0a-7.0b - 'id' SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://geoffpartridge.net/ Software Link:...

FLIR Brickstream 3D+ - RTSP Stream Disclosure

FLIR Brickstream 3D+ - RTSP Stream Disclosure FLIR Systems FLIR Brickstream 3D+ Unauthenticated RTSP Stream Disclosure Vendor: FLIR Systems, Inc. Product web page: http://www.brickstream.com Affected version: Firmware: 2.1.742.1842 Api: 1.0.0 Node: 0.10.33 Onvif: 0.1.1.47 Summary: The Brickstream...

KORA 2.7.0 - cid SQL Injection

KORA 2.7.0 - cid SQL Injection Exploit Title: KORA 2.7.0 - SQL Injection Dork: N/A Date: 2018-10-13 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.matrix.msu.edu/ Software Link: https://sourceforge.net/projects/kora/files/latest/download Version: 2.7.0 Category: Webapps Tested on:...

MaxOn ERP Software 8.x-9.x - nomor SQL Injection

MaxOn ERP Software 8.x-9.x - nomor SQL Injection Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...

Phoenix Contact WebVisit 2985725 - Authentication Bypass

Phoenix Contact WebVisit 2985725 - Authentication Bypass Exploit Title: Phoenix Contact WebVisit 2985725 - Authentication Bypass Date: 2018-09-30 Exploit Author: Deneut Tijl Vendor Homepage: www.phoenixcontact.com Software Link:...

CAMALEON CMS 2.4 - Cross-Site Scripting

CAMALEON CMS 2.4 - Cross-Site Scripting Exploit Title: CAMALEON CMS 2.4 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: http://camaleon.tuzitio.com/ Software Link : https://github.com/owen2345/camaleon-cms Software : CAMALEON CMS Version : 2.4 Vulernabilit...

D-Link Routers - Plaintext Password

D-Link Routers - Plaintext Password Password stored in plaintext CVE: CVE-2018-10824 Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02,...

D-Link Routers - Directory Traversal

D-Link Routers - Directory Traversal Directory Traversal CVE: CVE-2018-10822 CVSS v3: 8.6 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N Description: Directory traversal vulnerability in the web interface on D-Link routers: DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through...

HaPe PKH 1.1 - Arbitrary File Upload

HaPe PKH 1.1 - Arbitrary File Upload Exploit Title: HaPe PKH 1.1 - Arbitrary File Upload Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Test...