Tenda ADSL Router D152 - Cross-Site Scripting

Tenda ADSL Router D152 - Cross-Site Scripting Exploit Title: Tenda D152 ADSL Router - Cross-Site Scripting Exploit Author: Sandip Dey Date: 2018-07-21 Vendor Homepage: http://www.tendacn.com Hardware Link:...

RPi Cam Control 6.4.25 - preview.php Remote Command Execution

RPi Cam Control 6.4.25 - preview.php Remote Command Execution !/usr/bin/python import sys import requests import os import re import readline def usage: print "\nRPi Cam Web Interface Exploit\n" print "Usage: %s http://host/path/to/preview.php \n" % sys.argv0 print "Options: " print " -h, --help...

iSmartViewPro 1.5 - DDNS Buffer Overflow

iSmartViewPro 1.5 - DDNS Buffer Overflow...

Logicspice FAQ Script 2.9.7 - Remote Code Execution

Logicspice FAQ Script 2.9.7 - Remote Code Execution Exploit Title: Logicspice FAQ Script 2.9.7 - Remote Code Execution Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.logicspice.com/products/faq-script Software Link:...

PHP File Browser Script 1 - Directory Traversal

PHP File Browser Script 1 - Directory Traversal Exploit Title: PHP File Browser Script 1 - Directory Traversal Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/file-browser.php Software...

Simple POS 4.0.24 - columns[0][search][value] SQL Injection

Simple POS 4.0.24 - columns0searchvalue SQL Injection Exploit Title: Simple POS 4.0.24 - 'columns0searchvalue' SQL Injection Google Dork: N/A Date: 2018-08-31 Exploit Author: Renos Nikolaou Software Link: https://codecanyon.net/item/simple-pos-point-of-sale-made-easy/3947976 Vendor Homepage:...

mooSocial Store Plugin 2.6 - SQL Injection

mooSocial Store Plugin 2.6 - SQL Injection Exploit Title: mooSocial Store Plugin 2.6 - SQL Injection Exploit Author: Andrea Bocchetti Date: 2018-08-28 Google Dork: N/A - Vendor: https://moosocial.com/product/store-plugins/ Software Link: https://moosocial.com/product/store-plugins/ Demo URL:...

Trend Micro Virtual Mobile Infrastructure 5.5.1336 - Server address Denial of Service (PoC)

Trend Micro Virtual Mobile Infrastructure 5.5.1336 - Server address Denial of Service PoC Exploit Title: Trend Micro Virtual Mobile Infrastructure 5.5.1336 - 'Server address' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-09-01 Vendor Homepage:...

Symantec Mobile Encryption for iPhone 2.1.0 - Server Denial of Service (PoC)

Symantec Mobile Encryption for iPhone 2.1.0 - Server Denial of Service PoC Exploit Title: Symantec Mobile Encryption for iPhone 2.1.0 - 'Server' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-09-02 Vendor Homepage: https://www.symantec.com/ Software Link:...

Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)

Admidio 3.3.5 - Cross-Site Request Forgery Change Permissions Exploit Title: Admidio 3.3.5 - Cross-Site Request Forgery Change Permissions Author: Nawaf Alkeraithe Date: 2018-09-01 Vendor Homepage: https://www.admidio.org/ Software Link:...

Visual Ping 0.8.0.0 - Host Denial of Service (PoC)

Visual Ping 0.8.0.0 - Host Denial of Service PoC Exploit Title: Visual Ping 0.8.0.0 - 'Host' Denial of Service PoC Date: 2018-08-30 Exploit Author: Uriel Corral Salinas Vendor Homepage: http://www.itlights.com Software Link: http://www.scanwith.com/download/FreeVisualPing.htm Version: Free Visual...

D-Link DIR-615 - Denial of Service (PoC)

D-Link DIR-615 - Denial of Service PoC Exploit Title: D-Link DIR-615 - Denial of Service PoC Date: 2018-08-09 Vendor Homepage: http://www.dlink.co.in Hardware Link: https://www.amazon.in/D-Link-DIR-615-Wireless-N300-Router-Black/dp/B0085IATT6 Version: D-Link DIR-615 Category: Hardware Exploit...

Microsoft Windows Explorer Out-of-Bound Read - Denial of Service (PoC)

Microsoft Windows Explorer Out-of-Bound Read - Denial of Service PoC Exploit Title: Microsoft Windows Explorer Out-of-Bound read - Denial of Service PoC Date: 2018-09-01 Exploit Author: Ghaaf Vendor Homepage: http://www.microsoft.com Version: Windows 7x86/x64 Tested on: 6.1.7601 Service Pack 1...

FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection

FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection Title: FsPro Labs Event Log Explorer v4.6.1.2115 - XML External Entity Injection Author: hyp3rlinx Date: 2018-09-01 Vendor: www.eventlogxp.com Software: https://eventlogxp.com/download.php Affected Component: elex.exe CVE:...

Wikipedia 12.0 - Denial of Service (PoC)

Wikipedia 12.0 - Denial of Service PoC Exploit Title: Wikipedia 12.0 - Denial of Service PoC Date: 9/2/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://www.microsoft.com/en-us/p/wikipedia/9wzdncrfhwm4?activetab=pivot%3aoverviewtab Version: 12.0 Tested on: Windows 10...

VSAXESS V2.6.2.70 build 20171226_053 - Nickname Denial of Service (PoC)

VSAXESS V2.6.2.70 build 20171226053 - Nickname Denial of Service PoC Exploit Title: VSAXESS V2.6.2.70 build20171226053 - 'Nickname' Denial of Service PoC Discovery by: Diego Santamaria Discovery Date: 2018-08-31 Vendor Homepage: https:https://www.visionistech.com/en/home/ Software Link:...

Online Quiz Maker 1.0 - catid SQL Injection

Online Quiz Maker 1.0 - catid SQL Injection Exploit Title: Online Quiz Maker 1.0 - 'catid' SQL Injection Dork: N/A Date: 2018-09-03 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://www.hscripts.com/scripts/php/quiz-maker.php Software...

Argus Surveillance DVR 4.0.0.0 - Privilege Escalation

Argus Surveillance DVR 4.0.0.0 - Privilege Escalation...

Acunetix WVS Reporter 10.0 - Denial of Service (PoC)

Acunetix WVS Reporter 10.0 - Denial of Service PoC Exploit Title: Acunetix WVS Reporter 10.0 - Denial of Service PoC Exploit Author: Ali Alipour Date: 2018-08-22 Vendor Homepage : https://www.acunetix.com/ Tested on : Windows 10 - 64-bit Steps to Reproduce Run the python exploit script, it will...

Vox TG790 ADSL Router - Cross-Site Scripting

Vox TG790 ADSL Router - Cross-Site Scripting Title: Vox TG790 ADSL Router - Cross-Site Scripting Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper user iunput management low privilege users are ab...

DamiCMS 6.0.0 - Cross-Site Request Forgery (Change Admin Password)

DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Exploit Title: DamiCMS 6.0.0 - Cross-Site Request Forgery Change Admin Password Author: AutismJH Date: 2018-08-30 Vendor Homepage: https://github.com/731276192/damicms Software Link: https://github.com/731276192/damicms Version: 6.0...

Nord VPN 6.14.31 - Denial of Service (PoC)

Nord VPN 6.14.31 - Denial of Service PoC Exploit Title: Nord VPN = 6.14.31 - Denial of Service PoC Exploit Author : L0RD borna nematzadeh Contact: [email protected] Date: 2018-08-30 Vendor Homepage : https://nordvpn.com Software link: https://nordvpn.com/download/ Version: = 6.14.31...

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal

Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Directory Traversal Date: 2018-08-29 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.cybrotech.com/ Software Link:...

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - Username Denial of Service (PoC)

NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - Username Denial of Service PoC Exploit Title: NetworkActiv Web Server 4.0 Pre-Alpha-3.7.2 - 'Username' Denial of Service PoC Discovery by: Victor Mondragón Discovery Date: 2018-08-30 Vendor Homepage: https://www.networkactiv.com/WebServer.html Softwar...

Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting

Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Exploit Title: Cybrotech CyBroHttpServer 1.0.3 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Emre ÖVÜNÇ Vendor Homepage: http://www.cybrotech.com/ Software Link:...

WordPress Plugin Quizlord 2.0 - Cross-Site Scripting

WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Exploit Title: WordPress Plugin Quizlord 2.0 - Cross-Site Scripting Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/quizlord.zip Version: 2.0 Tested on: Kali Linux CVE: N/A Description :...

DLink DIR-601 - Credential Disclosure

DLink DIR-601 - Credential Disclosure Exploit Title: DLink DIR-601 - Credential Disclosure Google Dork: N/A Date: 2018-06-24 Exploit Author: Kevin Randall Vendor Homepage: https://www.dlink.com Software Link: N/A Version: Firmware: 2.02NA Hardware Version B1 Tested on: Windows 10 + Mozilla Firefo...

WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting

WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting Exploit Title: WordPress Plugin Jibu Pro 1.7 - Cross-Site Scripting Google Dork: inurl:"/wp-content/plugins/jibu-pro" Date: 2018-08-29 Exploit Author: Renos Nikolaou Software Link: https://downloads.wordpress.org/plugin/jibu-pro.1.7.zip Version...

Drive Power Manager 1.10 - Denial Of Service (PoC)

Drive Power Manager 1.10 - Denial Of Service PoC Exploit Title: Drive Power Manager 1.10 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-29 Homepage: https://www.hdtune.com/ Software Link: https://www.hdtune.com/download.html Tested Version: v1.10 Tested on OS: Windo...

ipPulse 1.92 - TCP Port Denial of Service (PoC)

ipPulse 1.92 - TCP Port Denial of Service PoC Exploit Title: ipPulse 1.92 - 'TCP Port' Denial of Service PoC Discovery by: Diego Santamaria Discovery Date: 2018-08-28 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link: http://download.netscantools.com/ipls192.zip Tested...

Trillian 6.1 Build 16 - Sign In Denial of service (PoC)

Trillian 6.1 Build 16 - Sign In Denial of service PoC Exploit Title: Trillian 6.1 Build 16 - "Sign In" Denial of service PoC Discovery by: Jose Miguel Gonzalez Discovery Date; 2018-08-29 Vendor Homepage: https://www.trillian.im/ Software Link: https://www.trillian.im/download/ Tested Version: 6.1...

R 3.4.4 - Buffer Overflow (SEH)

R 3.4.4 - Buffer Overflow SEH -------------------------------------------------------- Exploit Title: R v3.4.4 - SEH Buffer Overflow Exploit Exploit Author : ZwX Exploit Date: 2018-08-22 Vendor Homepage : https://www.r-project.org/ Tested on OS: Windows 7 Social: twitter.com/ZwX2a contact:...

Easy PhotoResQ 1.0 - Denial Of Service (PoC)

Easy PhotoResQ 1.0 - Denial Of Service PoC Exploit Title: Easy PhotoResQ 1.0 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-29 Homepage: https://www.hdtune.com/ Software Link: https://www.hdtune.com/download.html Tested Version: v1.0 Tested on OS: Windows 7 32-bit...

phpMyAdmin 4.7.x - Cross-Site Request Forgery

phpMyAdmin 4.7.x - Cross-Site Request Forgery Exploit Title: phpMyAdmin 4.7.x - Cross-Site Request Forgery Date: 2018-08-28 Exploit Author: VulnSpy Vendor Homepage: https://www.phpmyadmin.net/ Software Link: https://www.phpmyadmin.net/downloads/ Version: Versions 4.7.x prior to 4.7.7 Tested on:...

SIPP 3.3 - Stack-Based Buffer Overflow

SIPP 3.3 - Stack-Based Buffer Overflow Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: SIPP 3.3 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user suppliedinput while reading the...

NASA openVSP 3.16.1 - Denial of Service (PoC)

NASA openVSP 3.16.1 - Denial of Service PoC Exploit Title: NASA openVSP 3.16.1 - Denial of Service PoC Exploit Author : L0RD Date: 2018-08-28 Vendor Homepage : https://software.nasa.gov/software/LAR-17491-1 Software link: https://github.com/nasa/OpenVSP Version: 3.16.1 Tested on: Windows 10 CVE:...

Episerver 7 patch 4 - XML External Entity Injection

Episerver 7 patch 4 - XML External Entity Injection Exploit Title: Episerver 7 patch 4 - XML External Entity Injection Google Dork: N/A Date: 2018-08-28 Exploit Author: Jonas Lejon Vendor Homepage: https://www.episerver.se/ Version: Episerver 7 patch 4 and below CVE : N/A episploit.py - Blind XXE...

Fathom 2.4 - Denial Of Service (PoC)

Fathom 2.4 - Denial Of Service PoC Exploit Title: Fathom 2.4 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-28 Homepage: https://fathom.concord.org/ Software Link: https://fathom.concord.org/download/ Tested Version: v2.4 Tested on OS: Windows 7 32-bit Steps to...

Skype Empresarial Office 365 16.0.10730.20053 - Dirección de inicio de sesión Denial of service (PoC)

Skype Empresarial Office 365 16.0.10730.20053 - Dirección de inicio de sesión Denial of service PoC Exploit Title: Skype Empresarial Office 365 16.0.10730.20053 - 'Dirección de inicio de sesión' Denial of service PoC Discovery by: Samuel Cruz Discovery Date; 2018-08-29 Vendor Homepage:...

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure

Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure Exploit Title: Eaton Xpert Meter 13.4.0.10 - SSH Private Key Disclosure Date: 2018-07-16 WebPage: https://CTRLu.net/ Vendor Homepage: http://www.eaton.com/ Vendor Advisory:...

Cisco AnyConnect Secure Mobility Client 4.6.01099 - Introducir URL Denial of Service (PoC)

Cisco AnyConnect Secure Mobility Client 4.6.01099 - Introducir URL Denial of Service PoC Exploit Title: Cisco AnyConnect Secure Mobility Client 4.6.01099 - 'Introducir URL' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-29 Vendor Homepage: https://www.cisco.com/ Softwar...

Immunity Debugger 1.85 - Denial of Service (PoC)

Immunity Debugger 1.85 - Denial of Service PoC Exploit Title: Immunity Debugger 1.85 - Denial of Service PoC Author: Gionathan "John" Reale Date: 2018-08-28 Homepage: https://www.immunityinc.com/ Software Link: https://www.immunityinc.com/products/debugger/index.html Tested Version: v1.85 Tested ...

Argus Surveillance DVR 4.0.0.0 - Directory Traversal

Argus Surveillance DVR 4.0.0.0 - Directory Traversal Exploit: Argus Surveillance DVR 4.0.0.0 - Directory Traversal Author: John Page aka hyp3rlinx Date: 2018-08-28 Vendor: www.argussurveillance.com Software Link: http://www.argussurveillance.com/download/DVRstp.exe CVE: N/A Description: Argus...

HD Tune Pro 5.70 - Denial of Service (PoC)

HD Tune Pro 5.70 - Denial of Service PoC Exploit Title: HD Tune Pro 5.70 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-29 Homepage: https://www.hdtune.com/ Software Link: https://www.hdtune.com/download.html Tested Version: v5.70 Tested on OS: Windows 7 32-bit Step...

Cisco Network Assistant 6.3.3 - Cisco Login Denial of Service (PoC)

Cisco Network Assistant 6.3.3 - Cisco Login Denial of Service PoC Exploit Title: Cisco Network Assistant 6.3.3 - 'Cisco Login' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-27 Vendor Homepage: https://www.cisco.com/ Software Link :...

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free

Microsoft Windows - JScript RegExp.lastIndex Use-After-Free alert'start'; var vars = ; var r = new RegExp; forvar i=0; i20000; i++ varsi =...

Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation

Microsoft Windows - Advanced Local Procedure Call ALPC Local Privilege Escalation Note: PoC will now hijack the print spooler service - spoolsv.exe - as it required less code then hijacking printfilterpipelinesvc.exe, which was shown in the original video demo Description of the vulnerability The...

VirtualBox 5.2.6.r120293 - VM Escape

VirtualBox 5.2.6.r120293 - VM Escape Oracle fixed some of the issues I reported in VirtualBox during the Oracle Critical Patch Update - April 2018. CVE-2018-2844 was an interesting double fetch vulnerability in VirtualBox Video Acceleration VBVA feature affecting Linux hosts. VBVA feature works o...

Instagram App 41.1788.50991.0 - Denial of Service (PoC)

Instagram App 41.1788.50991.0 - Denial of Service PoC Exploit Title: Instagram App 41.1788.50991.0 - Denial of Service PoC Exploit Author : Ali Alipour Date: 2018-08-25 Vendor Homepage : https://www.instagram.com/ Software Link Download :...

Trend Micro Enterprise Mobile Security 2.0.0.1700 - Servidor Denial of Service (PoC)

Trend Micro Enterprise Mobile Security 2.0.0.1700 - Servidor Denial of Service PoC Exploit Title: Trend Micro Enterprise Mobile Security 2.0.0.1700 - 'Servidor' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-26 Vendor Homepage:...