LUYA CMS 1.0.12 - Cross-Site Scripting

LUYA CMS 1.0.12 - Cross-Site Scripting Exploit Title: LUYA CMS 1.0.12 - Cross-Site Scripting Date: 2018-10-11 Exploit Author: Ismail Tasdelen Vendor Homepage: https://luya.io/ Software Link : https://github.com/luyadev/luya/ Software : LUYA CMS Version : 1.0.12 Vulernability Type : Cross-site...

HaPe PKH 1.1 - id SQL Injection

HaPe PKH 1.1 - id SQL Injection Exploit Title: HaPe PKH 1.1 - 'id' SQL Injection Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download Version: 1.1 Category: Webapps Tested on:...

D-Link Routers - Command Injection

D-Link Routers - Command Injection Shell command injection CVE: CVE-2018-10823 CVSS v3: 9.1 AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Description: An issue was discovered on D-Link routers: DWR-116 through 1.06, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02,...

HaPe PKH 1.1 - Cross-Site Request Forgery (Update Admin)

HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Exploit Title: HaPe PKH 1.1 - Cross-Site Request Forgery Update Admin Dork: N/A Date: 2018-10-12 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.sitejo.id Software Link: https://sourceforge.net/projects/hape-pkh/files/latest/download...

SugarCRM 6.5.26 - Cross-Site Scripting

SugarCRM 6.5.26 - Cross-Site Scripting Exploit Title: SugarCRM 6.5.26 - Cross-Site Scripting Date: 2018-09-29 Exploit Author: Purplemet Security Author Website: https://www.purplemet.com/ Vendor Homepage: https://www.sugarcrm.com/ Software Link: https://sourceforge.net/projects/sugarcrm/ Version:...

WAGO 750-881 01.09.18 - Cross-Site Scripting

WAGO 750-881 01.09.18 - Cross-Site Scripting Exploit Title: WAGO 750-881 01.09.18 - Cross-Site Scripting Date: 2018-08-30 Exploit Author: SecuNinja @secuninja Vendor Homepage: wago.com Version: 01.09.1813 and earlier Affected Products: Ethernet Controller 750-881 - 01.09.1813, 01.08.01 10 CVE : N...

E-Registrasi Pencak Silat 18.10 - id_partai SQL Injection

E-Registrasi Pencak Silat 18.10 - idpartai SQL Injection Exploit Title: E-Registrasi Pencak Silat 18.10 - 'idpartai' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-11 Vendor Homepage: https://sourceforge.net/projects/eregistrasi-kejuaraan-silat/ Software Link:...

Phoenix Contact WebVisit 6.40.00 - Password Disclosure

Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Title: Phoenix Contact WebVisit 6.40.00 - Password Disclosure Exploit Author: Deneut Tijl Date: 2018-09-30 Vendor Homepage: www.phoenixcontact.com Software Link:...

jQuery-File-Upload 9.22.0 - Arbitrary File Upload

jQuery-File-Upload 9.22.0 - Arbitrary File Upload Title: jQuery-File-Upload 9.22.0 - Arbitrary File Upload Author: Larry W. Cashdollar, @larry0 Date: 2018-10-09 Vendor: https://github.com/blueimp Download Site: https://github.com/blueimp/jQuery-File-Upload/releases CVE-ID: N/A Vulnerability: The...

Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - .xel XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xel' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software...

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com Software: SQL Server...

Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection

Microsoft SQL Server Management Studio 17.9 - .xmla XML External Entity Injection Exploit Title: Microsoft SQL Server Management Studio 17.9 - '.xmla' XML External Entity Injection Date: 2018-10-10 Author: John Page aka hyp3rlinx Website: hyp3rlinx.altervista.org Venodor: www.microsoft.com...

Wikidforum 2.20 - Cross-Site Scripting

Wikidforum 2.20 - Cross-Site Scripting Exploit Title: Wikidforum 2.20 - Cross-Site Scripting Date: 2018-10-10 Exploit Author: Amir Hossein Mahboubi Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

FileZilla 3.33 - Buffer Overflow (PoC)

FileZilla 3.33 - Buffer Overflow PoC Exploit Title: FileZilla 3.33 Buffer-Overflow PoC Author: Kağan Çapar Discovery Date: 2018-10-10 Software Link: https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/filezilla/3.33.0-1/filezilla3.33.0-1.debian.tar.xz Vendor Homepage :...

MicroTik RouterOS 6.43rc3 - Remote Root

MicroTik RouterOS 6.43rc3 - Remote Root / Exploit Title: RouterOS Remote Rooting Date: 10/07/2018 Exploit Author: Jacob Baines Vendor Homepage: www.mikrotik.com Software Link: https://mikrotik.com/download Version: Longterm: 6.30.1 - 6.40.7 Stable: 6.29 - 6.42 Beta: 6.29rc1 - 6.43rc3 Tested on:...

WhatsApp - RTP Processing Heap Corruption

WhatsApp - RTP Processing Heap Corruption Heap corruption can occur when the WhatsApp mobile application receives a malformed RTP packet. 08-31 15:43:50.721 9428 9713 F libc : Fatal signal 11 SIGSEGV, code 1, fault addr 0x7104200000 in tid 9713 Thread-11 08-31 15:43:50.722 382 382 W : debuggerd:...

Ektron CMS 9.20 SP2 - Improper Access Restrictions

Ektron CMS 9.20 SP2 - Improper Access Restrictions Details ================ Software: Ektron Content Management System CMS Version: 9.20 SP2 Homepage: https://www.episerver.com Advisory report: https://github.com/alt3kx/CVE-2018-12596 CVE: CVE-2018-12596 CVSS: 7.5 HIGH:...

Wikidforum 2.20 - select_sort SQL Injection

Wikidforum 2.20 - selectsort SQL Injection Exploit Title: Wikidforum 2.20 - 'selectsort' SQL Injection Date: 2018-10-08 Exploit Author: Seccops - Siber Güvenlik Hizmetleri https://seccops.com Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

Microsoft Edge Chakra JIT - Type Confusion

Microsoft Edge Chakra JIT - Type Confusion / The switch statement only handles Js::TypeIdsArray but not Js::TypeIdsNativeIntArray and Js::TypeIdsNativeFloatArray. So for example, a native float array can be considered as of type ObjectType::Object under certain circumstances where...

Seqrite End Point Security 7.4 - Privilege Escalation

Seqrite End Point Security 7.4 - Privilege Escalation Exploit Title: Seqrite End Point Security 7.4 - Privilege Escalation Date: 2018-09-13 Exploit Author: Hashim Jawad - @ihack4falafel Vendor Homepage: https://www.seqrite.com/ Tested on: Windows 7 Enterprise SP1 x64 CVE: CVE-2018-17775...

Wikidforum 2.20 - message_id SQL Injection

Wikidforum 2.20 - messageid SQL Injection Exploit Title: Wikidforum 2.20 - 'messageid' SQL Injection Exploit Author: Ihsan Sencan Exploit Author: Ihsan Sencan Date: 2018-10-09 Vendor Homepage: https://sourceforge.net/projects/wikidforum/ Software Link:...

Microsoft Edge Chakra JIT - BailOutOnInvalidatedArrayHeadSegment Check Bypass

Microsoft Edge Chakra JIT - BailOutOnInvalidatedArrayHeadSegment Check Bypass / The BailOutOnInvalidatedArrayHeadSegment check uses the JavascriptArray::GetArrayForArrayOrObjectWithArray method to check whether the given object is an array. If it's not an array, it will decide to skip the check...

Free MP3 CD Ripper 2.8 - .wma Buffer Overflow (SEH) (DEP Bypass)

Free MP3 CD Ripper 2.8 - .wma Buffer Overflow SEH DEP Bypass Exploit Title: Free MP3 CD Ripper 2.8 - '.wma' Buffer Overflow SEH DEP Bypass Date: 2018-10-08 Exploit Author: Matteo Malvica Vendor: Cleanersoft Software Software Link:...

ghostscript - executeonly Bypass with errorhandler Setup

ghostscript - executeonly Bypass with errorhandler Setup While documenting bug 1675, I noticed another problem with errordict in ghostscript. Full working exploit that works in the last few versions is attached, viewing it in evince, imagemagick, gimp, okular, etc should add a line to /.bashrc...

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - Information Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: FLIR Systems, Inc. Link: https://www.flir.com Tested on: nginx/1.12.1, nginx/1.10.2, nginx/1.8.0,...

net-snmp 5.7.3 - (Authenticated) Denial of Service (PoC)

net-snmp 5.7.3 - Authenticated Denial of Service PoC / | | | / / | | -| || -| | | . | ||/ ||||| ||||||| | || 2018-10-08 NET-SNMP REMOTE DOS =================== Second bug is remotely exploitable only with knowledge of the community string in this case "public" leading to Denial of Service: echo -...

Android - sdcardfs Changes current-fs Without Proper Locking

Android - sdcardfs Changes current-fs Without Proper Locking Tested on a Pixel 2 walleye: ro.build.abupdate: true ro.build.characteristics: nosdcard ro.build.date: Mon Jun 4 22:10:18 UTC 2018 ro.build.date.utc: 1528150218 ro.build.description: walleye-user 8.1.0 OPM2.171026.006.G1 4820017...

Imperva SecureSphere 13 - Remote Command Execution

Imperva SecureSphere 13 - Remote Command Execution Title: Imperva SecureSphere 13 - Remote Command Execution Author: rsp3ar Date: 2018-10-08 Vendor: https://www.imperva.com/products/securesphere/ CVE: N/A Version: 13.0.10, 13.1.10, 13.2.10 Tested on: SecureSphere Virtual Appliance Description PWS...

net-snmp 5.7.3 - (Unauthenticated) Denial of Service (PoC)

net-snmp 5.7.3 - Unauthenticated Denial of Service PoC Exploit Title: net-snmp 5.7.3 - Unauthenticated Denial of Service PoC Date: 2018-10-08 Exploit Author: Magnus Klaaborg Stubman Website: https://dumpco.re/blog/net-snmp-5.7.3-remote-dos Vendor Homepage: http://www.net-snmp.org/ Software Link:...

Linux - Kernel Pointer Leak via BPF

Linux - Kernel Pointer Leak via BPF / Commit 82abbf8d2fc46d79611ab58daa7c608df14bb3ee "bpf: do not allow root to mangle valid pointers", first in v4.15 included the following snippet: ========= @@ -2319,43 +2307,29 @@ static int adjustregminmaxvalsstruct bpfverifierenv env, if srcreg-type !=...

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure

FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure Exploit Title: FLIR Thermal Traffic Cameras 1.01-0bb5b27 - RTSP Stream Disclosure Author: Gjoko 'LiquidWorm' Krstic Date: 2018-10-06 Vendor: https://www.flir.com Link: https://www.flir.com/security/best-practices-for-cybersecurity...

Chamilo LMS 1.11.8 - firstname Cross-Site Scripting

Chamilo LMS 1.11.8 - firstname Cross-Site Scripting Exploit Title: Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-06 Vendor Homepage: https://chamilo.org Software Link:...

Git Submodule - Arbitrary Code Execution (PoC)

Git Submodule - Arbitrary Code Execution PoC These releases fix a security flaw CVE-2018-17456, which allowed an attacker to execute arbitrary code by crafting a malicious .gitmodules file in a project cloned with --recurse-submodules. When running "git clone --recurse-submodules", Git parses the...

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities

D-Link Central WiFiManager Software Controller 1.03 - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ D-Link Central WiFiManager Software Controller Multiple Vulnerabilities 1. Advisory Information Title: D-Link Central WiFiManager Software Controller...

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)

Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery Add Admin Exploit Title: Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery Add Admin Author: Cakes Discovery Date: 2018-10-01 Vendor Homepage: http://www.netis-systems.com Software Link:...

ISPConfig 3.1.13 - Remote Command Execution

ISPConfig 3.1.13 - Remote Command Execution Title: ISPConfig error'Invalid language.'; The regex checks if the language contains two lower-case characters. The problem is that everything that contains two a-z characters will match the regex. Developer probably missed the ^ $ on the regex to match...

Chamilo LMS 1.11.8 - Cross-Site Scripting

Chamilo LMS 1.11.8 - Cross-Site Scripting Exploit Title: Chamilo LMS 1.11.8 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-10-05 Vendor Homepage: https://chamilo.org Software Link: https://github.com/chamilo/chamilo-lms/releases/download/v1.11.8/chamilo-1.11.8-php5.zip Tested Version:...

LayerBB Forum 1.1.1 - search_query SQL Injection

LayerBB Forum 1.1.1 - searchquery SQL Injection Exploit Title: LayerBB Forum 1.1.1 - 'searchquery' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-04 Vendor Homepage: https://layerbb.com/ Software Link: https://demo.layerbb.com/ Version: 1.1.1 Category: Webapps Tested on:...

Cisco Prime Infrastructure - (Unauthenticated) Remote Code Execution

Cisco Prime Infrastructure - Unauthenticated Remote Code Execution This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco Prime Infrastructure Unauthenticated Remote Code Execution', 'Description...

virtualenv 16.0.0 - Sandbox Escape

virtualenv 16.0.0 - Sandbox Escape Exploit Title: virtualenv 16.0.0 - Sandbox Escape Date: 2018-10-02 Exploit Author: vrsystem Vendor Homepage: https://virtualenv.pypa.io/en/stable/ Software Link: https://virtualenv.pypa.io/en/stable/ Version: 16.0.0 Tested on: kali linux CVE : CVE-2018-17793 1...

NICO-FTP 3.0.1.19 - Buffer Overflow (SEH) (ASLR Bypass)

NICO-FTP 3.0.1.19 - Buffer Overflow SEH ASLR Bypass Title: NICO-FTP 3.0.1.19 - Buffer Overflow SEHASLR Date: 2018-10-04 Platforms: Windows Author: Miguel Mendez Z Vendor: Nico-FTP Version: 3.0.1.19 Tested on: Windows XPsp3 es/ Windows 7x86 eng !/usr/bin/python import struct Bad Byte:...

Zechat 1.5 - uname SQL Injection

Zechat 1.5 - uname SQL Injection Exploit Title: Zechat 1.5 - 'uname' SQL Injection Exploit Author: Ihsan Sencan Date: 2018-10-02 Dork: N/A Vendor Homepage: https://bylancer.com/ Software Link: https://bylancer.com/products/zechat-php-script/index.php Version: 1.5 Category: Webapps Tested on:...

Airties AIR5342 1.0.0.18 - Cross-Site Scripting

Airties AIR5342 1.0.0.18 - Cross-Site Scripting Exploit Title: Airties AIR5342 1.0.0.18 - Cross-Site Scripting Date: 25-09-2018 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.airties.com/ Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 Affected products: AIR534...

FTP Voyager 16.2.0 - Denial of Service (PoC)

FTP Voyager 16.2.0 - Denial of Service PoC Exploit Title: FTP Voyager 16.2.0 - Denial of Service PoC Author: Abdullah Alıç Discovey Date: 2018-10-2 Vendor notified : 2018-10-2 Homepage: https://www.serv-u.com/ Software Link: https://www.serv-u.com/ftp-voyager Tested Version: 16.2.0 Tested on OS:...

RICOH MP C1803 JPN Printer - Cross-Site Scripting

RICOH MP C1803 JPN Printer - Cross-Site Scripting Exploit Title: RICOH MP C1803 JPN Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link : https://www.ricoh.co.jp/mfp/mpc/1803/ Software : RICOH Printer Product Versio...

Joomla! Component Jimtawl 2.2.7 - id SQL Injection

Joomla! Component Jimtawl 2.2.7 - id SQL Injection Exploit Title: Joomla! Component Jimtawl 2.2.7 - 'id' SQL Injection Exploit Author: Ihsan Sencan Dork: N/A Date: 2018-10-03 Vendor Homepage: https://janguo.de/ Software Link:...

OPAC EasyWeb Five 5.7 - biblio SQL Injection

OPAC EasyWeb Five 5.7 - biblio SQL Injection Exploit Title: OPAC EasyWeb Five 5.7 - 'biblio' SQL Injection Dork: inurl:"index.php?scelta=campi" Date: 2018-10-02 Exploit Author: Dino Barlattani Vendor Homepage: http://www.nexusfi.it/ Software Link: http://www.nexusfi.it/easyweb.php Version: 5.7...

Coaster CMS 5.5.0 - Cross-Site Scripting

Coaster CMS 5.5.0 - Cross-Site Scripting Exploit Title: Coaster CMS 5.5.0 - Cross-Site Scripting Date: 2018-10-01 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.web-feet.co.uk/ Software Link : https://github.com/Web-Feet/coastercms Software : Coaster CMS Product Version: v5.5.0...

OPAC EasyWeb Five 5.7 - nome SQL Injection

OPAC EasyWeb Five 5.7 - nome SQL Injection Exploit Title: OPAC EasyWeb Five 5.7 - 'nome' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-10-02 Vendor Homepage: http://www.nexusfi.it/ Software Link: http://www.nexusfi.it/easyweb.php Version: 5.7 Category: Webapps Tested on:...

Linux Kernel 4.11.8 - mq_notify: double sock_put() Local Privilege Escalation

Linux Kernel 4.11.8 - mqnotify: double sockput Local Privilege Escalation / CVE-2017-11176: "mqnotify: double sockput" by LEXFO 2018. DISCLAIMER: The following code is for EDUCATIONAL purpose only. Do not use it on a system without authorizations. WARNING: The exploit WILL NOT work on your target...