Snes9K 0.0.9z - Denial of Service (PoC)

Snes9K 0.0.9z - Denial of Service PoC Exploit Title: Snes9K 0.0.9z - Denial of Service PoC Date: 2018-09-28 Exploit Author: crashmanucoot Vendor Homepage: https://sourceforge.net/projects/snes9k/ Software Link: https://sourceforge.net/projects/snes9k/files/latest/download Version: 0.0.9z Tested o...

WUZHICMS 2.0 - Cross-Site Scripting

WUZHICMS 2.0 - Cross-Site Scripting Title: WUZHICMS 2.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-10-01 Vendor: http://www.wuzhicms.com Software: WUZHICMS 2.0 CVE: CVE-2018-17832 Technical Details & Description: A Cross Site Scripting vulnerability has been discovered in th...

H2 Database 1.4.196 - Remote Code Execution

H2 Database 1.4.196 - Remote Code Execution Exploit Title: H2 Database 1.4.196 - Remote Code Execution Google Dork: N/A Date: 2018-09-24 Exploit Author: h4ckNinja Vendor Homepage: https://www.h2database.com/ Software Link: http://www.h2database.com/h2-2018-03-18.zip Version: 1.4.196 and 1.4.197...

Flippa Marketplace Clone 1.0 - date_started SQL Injection

Flippa Marketplace Clone 1.0 - datestarted SQL Injection Exploit Title: Flippa Marketplace Clone 1.0 - 'datestarted' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/15 Version: 1.0...

Binary MLM Software 1.0 - pid SQL Injection

Binary MLM Software 1.0 - pid SQL Injection Exploit Title: Binary MLM Software 1.0 - 'pid' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://mlmsoftwarez.in/ Software Link: http://mlmdemo.biz/binary/root.html Version: 1.0 Category: Webapps Tested on:...

Zahir Enterprise Plus 6 build 10b - Buffer Overflow (SEH)

Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Exploit Title: Zahir Enterprise Plus 6 build 10b - Buffer Overflow SEH Google Dork: - Date: 2018-09-28 Exploit Author: modpr0be Vendor Homepage: http://www.zahiraccounting.com/ Software Link:...

Hotel Booking Engine 1.0 - h_room_type SQL Injection

Hotel Booking Engine 1.0 - hroomtype SQL Injection Exploit Title: Hotel Booking Engine 1.0 - 'hroomtype' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-10-01 Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/35 Version: 1.0 Category:...

Billion ADSL Router 400G 20151105641 - Cross-Site Scripting

Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Exploit Title: Billion ADSL Router 400G 20151105641 - Cross-Site Scripting Author: Cakes Discovery Date: 2018-09-30 Vendor Homepage: http://www.billion.com Software Link: http://billionfirmware.co.za Tested Version: 20151105641 Tested on...

ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting

ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Exploit Title: ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/asset-explorer/...

Fork CMS 5.4.0 - Cross-Site Scripting

Fork CMS 5.4.0 - Cross-Site Scripting Exploit Title: Fork CMS 5.4.0 - Cross-Site Scripting Date: 2018-09-26 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.fork-cms.com/ Software Link : https://github.com/forkcms/forkcms Software : Fork 5.4.0 Product Version: 5.4.0 Vulernability Type...

Singleleg MLM Software 1.0 - msg_id SQL Injection

Singleleg MLM Software 1.0 - msgid SQL Injection Exploit Title: Singleleg MLM Software 1.0 - 'msgid' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://mlmsoftwarez.in/ Software Link: http://mlmdemo.biz/singleleg/root.html Software Link:...

Education Website 1.0 - subject SQL Injection

Education Website 1.0 - subject SQL Injection Exploit Title: Education Website 1.0 - 'subject' SQL Injection Dork: N/A Date: 2018-10-01 Exploit Author: Ihsan Sencan Vendor Homepage: http://scriptzee.com/ Software Link: http://scriptzee.com/products/details/34 Version: 1.0 Category: Webapps Tested...

PCProtect 4.8.35 - Privilege Escalation

PCProtect 4.8.35 - Privilege Escalation Exploit Title: PCProtect 4.8.35 - Privilege Escalation Date: 2018-09-11 Exploit Author: Hashim Jawad - @ihack4falafel Vendor Homepage: https://www.pcprotect.com/ Vulnerable Software: https://www.pcprotect.com/download Tested on: Windows 7 Enterprise SP1 x64...

Rausoft ID.prove 2.95 - Username SQL injection

Rausoft ID.prove 2.95 - Username SQL injection Exploit Title: Rausoft ID.prove 2.95 - 'Username' SQL injection Google Dork: inurl:IdproveWebclient Date: 2018-09-26 Exploit Author: Ilya Timchenko, Mercedes pay S.A. Vendor Homepage: https://www.idprove.de Software Link:...

iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection

iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection Exploit Title: iWay Data Quality Suite Web Console 10.6.1.ga-2016-11-20 – XML External Entity Injection Google Dork: N/A Date: 2018-09-27 Exploit Author: Sureshbabu Narvaneni Author Blog : https://nullnews.in Vendor...

ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting

ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting Exploit Title: ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting Date: 2018-09-11 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link :...

EE 4GEE Mini EE40_00_02.00_44 - Privilege Escalation

EE 4GEE Mini EE400002.0044 - Privilege Escalation Title: EE 4GEE Mini EE400002.0044 - Privilege Escalation Date: 2018-09-22 Software Version: EE400002.0044 Tested on: Windows 10 64-bit and Windows 7 64-bit Exploit Author: Osanda Malith Jayathissa @OsandaMalith Original Advisory:...

Microsoft Edge - Sandbox Escape

Microsoft Edge - Sandbox Escape 1. Content process - Privileged content process firststage.js When spawning a new Edge content process, its privilege is determined by its URL. This URL check is performed by the LCIEUrlPolicy::GetPICForPrivilegedInternalPage method in eModel.dll. The method calls...

CrossFont 7.5 - Denial of Service (PoC)

CrossFont 7.5 - Denial of Service PoC Exploit Title: CrossFont 7.5 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-26 Software Link: http://www.acutesystems.com/cfnt/cfsetup.exe Tested Version: 7.5 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python...

Linux Kernel 2.6.x 3.10.x 4.14.x (RedHat Debian CentOS) (x64) - Mutagen Astronomy Local Privilege Escalation

Linux Kernel 2.6.x 3.10.x 4.14.x RedHat Debian CentOS x64 - Mutagen Astronomy Local Privilege Escalation / EDB-Note: Systems with less than 32GB of RAM are unlikely to be affected by this issue, due to memory demands during exploitation. EDB Note: poc-exploit.c / / poc-exploit.c for CVE-2018-1463...

Linux Kernel - VMA Use-After-Free via Buggy vmacache_flush_all() Fastpath Local Privilege Escalation

Linux Kernel - VMA Use-After-Free via Buggy vmacacheflushall Fastpath Local Privilege Escalation Since commit 615d6e8756c8 "mm: per-thread vma caching", first in 3.15, Linux has per-task VMA caches that contain up to four VMA pointers for fast lookup. VMA caches are invalidated by bumping the...

TransMac 12.2 - Denial of Service (PoC)

TransMac 12.2 - Denial of Service PoC Exploit Title: TransMac 12.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-09-26 Software Link: http://www.acutesystems.com/tmac/tmsetup.exe Tested Version: 12.2 Tested on OS: Windows 7 32-bit Steps to Reproduce: Run the python...

Joomla! Component Collection Factory 4.1.9 - SQL Injection

Joomla! Component Collection Factory 4.1.9 - SQL Injection Exploit Title: Joomla! Component Collection Factory 4.1.9 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...

Joomla! Component Jobs Factory 2.0.4 - SQL Injection

Joomla! Component Jobs Factory 2.0.4 - SQL Injection Exploit Title: Joomla! Component Jobs Factory 2.0.4 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...

Joomla! Component Questions 1.4.3 - SQL Injection

Joomla! Component Questions 1.4.3 - SQL Injection Exploit Title: Joomla! Component Questions 1.4.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://extensiondeveloper.com/ Software Link:...

Joomla! Component Music Collection 3.0.3 - SQL Injection

Joomla! Component Music Collection 3.0.3 - SQL Injection Exploit Title: Joomla! Component Music Collection 3.0.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://joomlathat.com/ Software Link:...

Joomla Component eXtroForms 2.1.5 - filter_type_id SQL Injection

Joomla Component eXtroForms 2.1.5 - filtertypeid SQL Injection Exploit Title: Joomla Component eXtroForms 2.1.5 - 'filtertypeid' SQL Injection Dork: N/A Date: 2018-08-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://extro.media/ Software Link:...

Joomla! Component Timetable Schedule 3.6.8 - SQL Injection

Joomla! Component Timetable Schedule 3.6.8 - SQL Injection Exploit Title: Joomla! Component Timetable Schedule 3.6.8 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://osthemeclub.com/ Software Link:...

Joomla! Component Dutch Auction Factory 2.0.2 - filter_order_Dir SQL Injection

Joomla! Component Dutch Auction Factory 2.0.2 - filterorderDir SQL Injection Exploit Title: Joomla! Component Dutch Auction Factory 2.0.2 - 'filterorderDir' SQL Injection Dork: N/A Exploit Author: Ihsan Sencan Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...

Joomla! Component Social Factory 3.8.3 - SQL Injection

Joomla! Component Social Factory 3.8.3 - SQL Injection Exploit Title: Joomla! Component Social Factory 3.8.3 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...

Super Cms Blog Pro 1.0 - SQL Injection

Super Cms Blog Pro 1.0 - SQL Injection Exploit Title: Super Cms Blog Pro 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://coolscript.cf/ Software Link: https://www.codegrape.com/item/super-cms-blog-pro/22250 Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE:...

Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection

Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection Exploit Title: Joomla! Component Penny Auction Factory 2.0.4 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...

Easy PhoroResQ 1.0 - Buffer Overflow

Easy PhoroResQ 1.0 - Buffer Overflow...

RICOH MP C6503 Plus Printer - Cross-Site Scripting

RICOH MP C6503 Plus Printer - Cross-Site Scripting Exploit Title: RICOH MP C6503 Plus Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...

WebKit - WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded Use-After-Free

WebKit - WebCore::RenderTreeBuilder::removeAnonymousWrappersForInlineChildrenIfNeeded Use-After-Free ::selection, input:focus, .class0, ul::first-letter -webkit-column-count: 85; float: left; function jsfuzzer var fuzzervars = ; try / / var00034 = document.getSelection; catche try...

WebKit - WebCore::Node::ensureRareData Use-After-Free

WebKit - WebCore::Node::ensureRareData Use-After-Free .class1 -webkit-mask-box-image-source: urlfoo; function freememory var a; forvar i=0;i100;i++ a = new Uint8Array10241024; document.implementation.createHTMLDocument"doc"; function jsfuzzer try var00097 = document.createElement"source"; catche...

Joomla! Component Swap Factory 2.2.1 - SQL Injection

Joomla! Component Swap Factory 2.2.1 - SQL Injection Exploit Title: Joomla! Component Swap Factory 2.2.1 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link:...

Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection

Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection Exploit Title: Joomla! Component AlphaIndex Dictionaries 1.0 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: http://multiplanet.gr/ Software Link:...

Faleemi Desktop Software 1.8.2 - Device alias Local Buffer Overflow (SEH)

Faleemi Desktop Software 1.8.2 - Device alias Local Buffer Overflow SEH Exploit Title: Faleemi Desktop Software 1.8.2 - 'Device alias' Local Buffer Overflow SEH Author: Gionathan "John" Reale Discovey Date: 2018-09-25 Software Link: http://support.faleemi.com/fsc776/Faleemiv1.8.exe Tested Version...

Joomla! Component Raffle Factory 3.5.2 - SQL Injection

Joomla! Component Raffle Factory 3.5.2 - SQL Injection Exploit Title: Joomla! Component Raffle Factory 3.5.2 - SQL Injection Dork: N/A Date: 2018-09-24 Vendor Homepage: https://thephpfactory.com/ Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/raffle-factory/...

RICOH MP C2003 Printer - Cross-Site Scripting

RICOH MP C2003 Printer - Cross-Site Scripting Exploit Title: RICOH MP C2003 Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...

WebKit - WebCore::SVGTRefElement::updateReferencedText Use-After-Free

WebKit - WebCore::SVGTRefElement::updateReferencedText Use-After-Free function freememory forvar i=0;i !-- ================================================================= ASan log: ================================================================= ==69919==ERROR: AddressSanitizer:...

RICOH MP C406Z Printer - Cross-Site Scripting

RICOH MP C406Z Printer - Cross-Site Scripting Exploit Title: RICOH MP C406Z Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...

WebKit - WebCore::RenderLayer::updateDescendantDependentFlags Use-After-Free

WebKit - WebCore::RenderLayer::updateDescendantDependentFlags Use-After-Free htmlvar00005, noframes, diplay: inline; padding-top: 0vw; -webkit-column-count: 41; transition-delay: body::first-letter box-flex-group: -webkit-background-size: contain; -webkit-opacity: 0.716727864979; htmlvar00001,...

WebKit - WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free

WebKit - WebCore::RenderMultiColumnSet::updateMinimumColumnHeight Use-After-Free htmlvar00002, htmlvar00006 column-span: all; :root 1px; position: fixed; -webkit-column-width: 1px; .class2 text-indent: -webkit-shape-margin: 0px; -webkit-writing-mode: vertical-rl; '.' defselement, .class8 display:...

RICOH MP 305+ Printer - Cross-Site Scripting

RICOH MP 305+ Printer - Cross-Site Scripting Exploit Title: RICOH MP 305+ Printer - Cross-Site Scripting Date: 2018-09-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link:...

WebKit - WebCore::SVGTextLayoutAttributes::context Use-After-Free

WebKit - WebCore::SVGTextLayoutAttributes::context Use-After-Free tref, feMerge, title inherit; float: right; none; 81em function jsfuzzer try var var00006 = htmlvar00002.getSVGDocument; catche try var var00162 = document.head; catche try htmlvar00015.setSelectionRange2,56; catche try...

WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free

WebKit - WebCore::SVGAnimateElementBase::resetAnimatedType Use-After-Free function eventhandler2 try var var00138 = svgvar00013.parentNode; catche try htmlvar00006.setAttribute"onfocusin", "eventhandler2"; catche try svgvar00001.aftervar00138; catche function eventhandler5 try...

WebKit - WebCore::AXObjectCache::handleMenuItemSelected Use-After-Free

WebKit - WebCore::AXObjectCache::handleMenuItemSelected Use-After-Free function jsfuzzer var a; forvar i=0;i !-- ================================================================= ASan log: ================================================================= ==69238==ERROR: AddressSanitizer:...

Joomla! Component Responsive Portfolio 1.6.1 - filter_order_Dir SQL Injection

Joomla! Component Responsive Portfolio 1.6.1 - filterorderDir SQL Injection Exploit Title: Joomla! Component Responsive Portfolio 1.6.1 - 'filterorderDir' SQL Injection Dork: N/A Date: 2018-09-25 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://extro.media/ Software Link:...