41207 matches found
SEIG Modbus 3.4 - Remote Code Execution
SEIG Modbus 3.4 - Remote Code Execution Title: SEIG Modbus 3.4 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link:...
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting
WordPress Plugin Tagregator 0.6 - Cross-Site Scripting Exploit Title: WordPress Plugin Tagregator 0.6 - Cross-Site Scripting Date: 2018-05-05 Exploit Author: ManhNho Vendor Homepage: https://wordpress.org/plugins/tagregator/ Software Link: https://downloads.wordpress.org/plugin/tagregator.0.6.zip...
SEIG SCADA System 9 - Remote Code Execution
SEIG SCADA System 9 - Remote Code Execution Title: SEIG SCADA SYSTEM 9 - Remote Code Execution Author: Alejandro Parodi Date: 2018-08-17 Vendor Homepage: https://www.schneider-electric.com Software Link:...
ADM 3.1.2RHG1 - Remote Code Execution
ADM 3.1.2RHG1 - Remote Code Execution Title: Asustor ADM 3.1.2RHG1 - Remote Code Execution Author: Matthew Fulton & Kyle Lovett Date: 2018-07-01 Vendor Homepage: https://www.asustor.com/ Software Link: http://download.asustor.com/download/adm/X64G33.1.2.RHG1.img Version: = ADM 3.1.2RHG1 Tested on...
Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl
Microsoft Edge Chakra JIT - ImplicitCallFlags Check Bypass with Intl / If the Intl object hasn't been initialized, access to any property of it will trigger the initialization process which will run Intl.js. The problem is that it runs Intl.js without caring about the ImplicitCallFlags flag. In t...
Microsoft Edge Chakra JIT - DictionaryPropertyDescriptor::CopyFrom Type Confusion
Microsoft Edge Chakra JIT - DictionaryPropertyDescriptor::CopyFrom Type Confusion / Here's the method. template template void DictionaryPropertyDescriptor::CopyFromDictionaryPropertyDescriptor& descriptor this-Attributes = descriptor.Attributes; this-Data = descriptor.Data ==...
CEWE Photoshow 6.3.4 - Denial of Service (PoC)
CEWE Photoshow 6.3.4 - Denial of Service PoC Exploit Title: CEWE Photoshow 6.3.4 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-17 Homepage: https://cewe-photoworld.com/ Software Link: https://cewe-photoworld.com/creator-software/windows-download Tested Version: 6.3...
Mikrotik WinBox 6.42 - Credential Disclosure (golang)
Mikrotik WinBox 6.42 - Credential Disclosure golang / Title: Mikrotik WinBox 6.42 - Credential Disclosure golang edition Author: Maxim Yefimenko @slider Date: 2018-08-06 Sotware Link: https://mikrotik.com/download Vendor Page: https://www.mikrotik.com/ Version: 6.29 - 6.42 Tested on: Fedora 28 ...
Microsoft Edge Chakra JIT - InlineArrayPush Type Confusion
Microsoft Edge Chakra JIT - InlineArrayPush Type Confusion / This is similar to issue 1531 . The patch seems to prevent type confusion triggered from StElemIA instructions. But the SetItem method can also be invoked through the Array.prototype.push method which can be inlineed. We can achieve typ...
Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion
Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion // PoC: async function triggera = class b await 1 let spray = ; for let i = 0; i 0016 SetHomeObj R13 R14 001b NewScObjectSimple R9 001d ProfiledStFld R9.value = R2 1 0021 ProfiledStFld R9.done = R4 2 0025 Yield R9 R9...
Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion
Microsoft Edge Chakra JIT - InitializeNumberFormat and InitializeDateTimeFormat Type Confusion / The InitializeNumberFormat function in Intl.js is used to initialize an Intl.NumberFormat object, and InitializeDateTimeFormat is used for an Intl.DateTimeFormat object. There are two versions of each...
Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery
Pimcore 5.2.3 - SQL Injection Cross-Site Scripting Cross-Site Request Forgery SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection, XSS & CSRF vulnerabilities product: Pimcore vulnerable version: 5.2.3 and bel...
WebkitGTK+ 2.20.3 - ImageBufferCairo::getImageData() Buffer Overflow (PoC)
WebkitGTK+ 2.20.3 - ImageBufferCairo::getImageData Buffer Overflow PoC Exploit Title: WebkitGTK+ 2.20.3 - 'ImageBufferCairo::getImageData' Buffer Overflow PoC Date: 2018-08-15 Exploit Author: PeregrineX Vendor Homepage: https://webkitgtk.org/ & https://webkit.org/wpe/ Software Link:...
OpenSSH 2.3 7.7 - Username Enumeration (PoC)
OpenSSH 2.3 7.7 - Username Enumeration PoC !/usr/bin/env python Copyright c 2018 Matthew Daley Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files the "Software", to deal in the Software without restriction, including...
TP-Link WR840N 0.9.1 3.16 - Denial of Service (PoC)
TP-Link WR840N 0.9.1 3.16 - Denial of Service PoC Exploit Title: TP-Link WR840N 0.9.1 3.16 - Denial of Service PoC Exploit Author: Aniket Dinda Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q...
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection
WordPress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Title: Wordpress Plugin Export Users to CSV 1.1.1 - CSV Injection Exploit Author: Javier Olmedo Website: https://hackpuntes.com Date: 2018-08-14 Google Dork: N/A Vendor: Matt Cromwell Software Link:...
OpenEMR 5.0.1.3 - (Authenticated) Arbitrary File Actions
OpenEMR 5.0.1.3 - Authenticated Arbitrary File Actions Exploit Title: OpenEMR 5.0.1.3 - Arbitrary File Actions Date: 2018-08-14 Exploit Author: Joshua Fam Twitter : @Insecurity Vendor Homepage: https://www.open-emr.org/ Software Link: https://github.com/openemr/openemr/archive/v5013.tar.gz Versio...
ObserverIP Scan Tool 1.4.0.1 - Denial of Service (PoC)
ObserverIP Scan Tool 1.4.0.1 - Denial of Service PoC Exploit Title: ObserverIP Scan Tool 1.4.0.1 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-16 Homepage: https://www.ambientweather.com Software Link:...
Central Management Software 1.4.13 - Denial of Service (PoC)
Central Management Software 1.4.13 - Denial of Service PoC Exploit Title: Central Management Software v1.4.13 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-16 Homepage: https://www.ambientweather.com Software Link:...
JioFi 4G M2S 1.0.2 - Denial of Service (PoC)
JioFi 4G M2S 1.0.2 - Denial of Service PoC Exploit Title: JioFi 4G M2S 1.0.2 - Denial of Service PoC Exploit Author: Vikas Chaudhary Date: 2018-07-26 Vendor Homepage: https://www.jio.com/ Hardware Link:...
ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution SQL Injection
ASUSTOR ADM 3.1.0.RFQ3 - Remote Command Execution SQL Injection Product - ASUSTOR ADM - 3.1.0.RFQ3 and all previous builds Vendor - https://www.asustor.com/ Patch Notes - http://download.asustor.com/download/docs/releasenotes/RNADM3.1.3.RHU2.pdf Issue: The Asustor NAS appliance on ADM 3.1.0 and...
ASUS-DSL N10 1.1.2.2_17 - Authentication Bypass
ASUS-DSL N10 1.1.2.217 - Authentication Bypass Title: ASUS-DSL N10 1.1.2.217 - Authentication Bypass Author: AmnBAN team Date: 2018-08-06 Vendor Homepage: https://www.asus.com/Networking/DSLN10C1with5dBiantenna/ Sofrware version: 1.1.2.217 CVE: N/A 1. Description: In ASUS-DSL N10 C1 modem Firmwar...
Cloudme 1.9 - Buffer Overflow (DEP) (Metasploit)
Cloudme 1.9 - Buffer Overflow DEP Metasploit Exploit Title: Cloudme 1.9 - Buffer Overflow DEP Metasploit Date: 2018-08-13 Exploit Author: Raymond Wellnitz Vendor Homepage: https://www.cloudme.com Version: 1.8.x/1.9.x Tested on: Windows 7 x64 CVE : 2018-6892 This module requires Metasploit:...
cgit 1.2.1 - Directory Traversal (Metasploit)
cgit 1.2.1 - Directory Traversal Metasploit Title: cgit 1.2.1 - Directory Traversal Metasploit Author: Dhiraj Mishra Software: cgit Link: https://git.zx2c4.com/cgit/ Date: 2018-08-14 CVE: CVE-2018-14912 This module exploits a directory traversal vulnerability which exists in cgit 'cgit Directory...
Wansview 1.0.2 - Denial of Service (PoC)
Wansview 1.0.2 - Denial of Service PoC Exploit Title: Wansview 1.0.2 - Denial of Service PoC Author: Gionathan "John" Reale Discovey Date: 2018-08-14 Software Link: http://www.wansview.com/uploads/soft/Wansviewv1.0.2.exe Tested Version: 1.0.2 Tested on OS: Windows 10 Steps to Reproduce: Run the...
Oracle Glassfish OSE 4.1 - Path Traversal (Metasploit)
Oracle Glassfish OSE 4.1 - Path Traversal Metasploit Exploit title: Oracle Glassfish OSE 4.1 - Path Traversal Metasploit Author: Dhiraj Mishra Date: 2018-08-14 Software: Oracle Glassfish Server OSE Version: 4.1 Software link: http://download.oracle.com/glassfish/4.1/release/glassfish-4.1.zip CVE:...
Microsoft DirectX SDK - Xact.exe Remote Code Execution
Microsoft DirectX SDK - Xact.exe Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DIRECTX-SDK-XACT.EXE-TROJAN-FILE-CODE-EXECUTION.txt + ISR: Apparition Security Greetz: indoushka | Eduardo...
Acunetix WVS 10.0 Build 20150623 - Denial of Service (PoC)
Acunetix WVS 10.0 Build 20150623 - Denial of Service PoC Exploit Title : Acunetix Web Vulnerability Scanner 10.0 Build 20150623 - Denial of Service PoC Discovery by: Javier Enrique Rodriguez Gutierrez Discovery Date : 2018-08-11 Vendor Homepage: https://www.acunetix.com Tested Version : 10.0...
Monitoring software iSmartViewPro 1.5 - SavePath for ScreenShots Buffer Overflow
Monitoring software iSmartViewPro 1.5 - SavePath for ScreenShots Buffer Overflow...
PLC Wireless Router GPN2.4P21-C-CN - Denial of Service
PLC Wireless Router GPN2.4P21-C-CN - Denial of Service Exploit Title: PLC Wireless Router GPN2.4P21-C-CN Unauthenticated Remote Reboot Date: 8/12/2018 Exploit Author: Chris Rose Affected Model : GPN2.4P21-C-CNFirmware: W2001EN-00 Vendor: ChinaMobile Tested on: Debian Linux Shodan dork- title:PLC...
PostgreSQL 9.4-0.5.3 - Privilege Escalation
PostgreSQL 9.4-0.5.3 - Privilege Escalation Exploit Title: PostgreSQL 9.4-0.5.3 - Privilege Escalation Date: 2017-10-11 Exploit Author: Johannes Segitz Vendor Homepage: https://bugzilla.suse.com/showbug.cgi?id=1062722 Software Link: - Version: Before postgresql-init-9.4-0.5.3.1 Tested on: SUSE...
IP Finder 1.5 - Denial of Service (PoC)
IP Finder 1.5 - Denial of Service PoC Exploit Title: IP Finder 1.5 - Denial of Service PoC Author: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-12 Software Link: https://securimport.com/university/index.php/videovigilancia-ip/software/429-ip-finder Tested...
IBM Sterling B2B Integrator 5.2.0.15.2.6.3 - Cross-Site Scripting
IBM Sterling B2B Integrator 5.2.0.15.2.6.3 - Cross-Site Scripting Exploit Title: IBM Sterling B2B Integrator persistent cross-site scripting Exploit Author: Vikas Khanna https://www.linkedin.com/in/leetvikaskhanna/ https://twitter.com/MRSHANUKHANNA Vendor Homepage:...
Switch Port Mapping Tool 2.81.2 - Name Field Denial of Service (PoC)
Switch Port Mapping Tool 2.81.2 - Name Field Denial of Service PoC Exploit Title: Switch Port Mapping Tool 2.81.2 - 'Name Field' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-13 Vendor Homepage: https://switchportmapper.com/...
Android - Directory Traversal over USB via Injection in blkid Output
Android - Directory Traversal over USB via Injection in blkid Output When a USB mass storage device is inserted into an Android phone even if the phone is locked!, vold will attempt to automatically mount partitions from the inserted device. For this purpose, vold has to identify the partitions o...
Zimbra 8.6.0_GA_1153 - Cross-Site Scripting
Zimbra 8.6.0GA1153 - Cross-Site Scripting Exploit Title: Xss Zimbra Mail server Google Dork: Date: 2018/08/10 Exploit Author: Dinbar78 Vendor Homepage: https://www.zimbra.com/ Version: 8.6.0GA1153 build 20141215151110 bug 103609 or CVE-2016-3411 Payload: es. https://...
MyBB Thank YouLike Plugin 3.0.0 - Cross-Site Scripting
MyBB Thank YouLike Plugin 3.0.0 - Cross-Site Scripting Exploit Title: MyBB Thank You/Like Plugin 3.0.0 - Cross-Site Scripting Date: 8/1/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=360 Version: 3.0.0 Tested on: Ubuntu...
iSmartViewPro 1.5 - Password Buffer Overflow
iSmartViewPro 1.5 - Password Buffer Overflow Exploit Title: iSmartViewPro 1.5 - 'Password' Buffer Overflow Discovery by: Javier Enrique Rodriguez Gutierrez Discovery Date: 2018-08-09 Vendor Homepage: https://securimport.com/ Software Link:...
MyBB Like Plugin 3.0.0 - Cross-Site Scripting
MyBB Like Plugin 3.0.0 - Cross-Site Scripting Exploit Title: MyBB Like Plugin 3.0.0 - Cross-Site Scripting Date: 2018-08-01 Author: 0xB9 Twitter: @0xB9Sec Software Link: https://community.mybb.com/mods.php?action=view&pid=360 Version: 3.0.0 Tested on: Ubuntu 18.04 CVE: N/A 1. Description: This...
Linux Kernel 4.14.7 (Ubuntu 16.04 CentOS 7) - (KASLR SMEP Bypass) Arbitrary File Read
Linux Kernel 4.14.7 Ubuntu 16.04 CentOS 7 - KASLR SMEP Bypass Arbitrary File Read // A proof-of-concept exploit for CVE-2017-18344. // Includes KASLR and SMEP bypasses. No SMAP bypass. // No support for 1 GB pages or 5 level page tables. // Tested on Ubuntu xenial 4.4.0-116-generic and...
Soroush IM Desktop App 0.17.0 - Authentication Bypass
Soroush IM Desktop App 0.17.0 - Authentication Bypass Exploit Title: Soroush IM Desktop App 0.17.0 - Authentication Bypass Date: 2018-08-08 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: http://54.36.43.176/SoroushSetup0.17.0.exe Version: 0.17.0 BETA Tested on...
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Information Disclosure)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery Information Disclosure Exploit Title: TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery Information Disclosure Date: 2018-08-09 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3...
reSIProcate 1.10.2 - Heap Overflow
reSIProcate 1.10.2 - Heap Overflow ''' CVE ID: CVE-2018-12584 TIMELINE Bug report with test code sent to main reSIProcate developers: 2018-06-15 Patch created by Scott Godin: 2018-06-18 CVE ID assigned: 2018-06-19 Patch committed to reSIProcate repository: 2018-06-21 Advisory first published on...
Mikrotik WinBox 6.42 - Credential Disclosure (Metasploit)
Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Exploit Title: Mikrotik WinBox 6.42 - Credential Disclosure Metasploit Date: 2018-05-21 Exploit Authors: Omid Shojaei @Dmitriyarea51, Dark VoidSeeker, Alireza Mosajjal Vendor Page: https://www.mikrotik.com/ Sotware Link:...
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery (Remote Reboot)
TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery Remote Reboot Exploit Title: TP-Link C50 Wireless Router 3 - Cross-Site Request Forgery Remote Reboot Date: 2018-08-09 Exploit Author: Wadeek Vendor Homepage: https://www.tp-link.com/ Hardware Version: Archer C50 v3 00000001 Firmware Link...
TP-Link Wireless N Router WR840N - Denial of Service (PoC)
TP-Link Wireless N Router WR840N - Denial of Service PoC Exploit Title:- TP-Link Wireless N Router WR840N - Denial of Service PoC Date: 2018-08-05 Vendor Homepage: https://www.tp-link.com/ Hardware Link: https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version:...
iSmartViewPro 1.5 - Account Buffer Overflow
iSmartViewPro 1.5 - Account Buffer Overflow Exploit Title: iSmartViewPro 1.5 - 'Account' Buffer Overflow Discovery by: Alan Joaquín Baeza Meza Discovery Date: 2018-08-07 Vendor Homepage: http://www.securimport.com/n/en/ Software Link:...
iSmartViewPro 1.5 - Device Alias Buffer Overflow
iSmartViewPro 1.5 - Device Alias Buffer Overflow Exploit Title: iSmartViewPro 1.5 - 'Device Alias' Buffer Overflow Author: Rodrigo Eduardo Rodriguez Discovery Date: 2018-08-07 Vendor Homepage: https://securimport.com/ Software Link:...
osTicket 1.10.1 - Arbitrary File Upload
osTicket 1.10.1 - Arbitrary File Upload Exploit Title: osTicket 1.10.1 - Arbitrary File Upload Exploit Author: r3j10r Rajwinder Singh Date: 2018-08-08 Vendor Homepage: http://osticket.com/ Software Link: http://osticket.com/download Version: osTicket v1.10.1 CVE-2017-15580 Vulnerability Details:...
LG-Ericsson iPECS NMS 30M - Directory Traversal
LG-Ericsson iPECS NMS 30M - Directory Traversal Exploit Title: LG-Ericsson iPECS NMS 30M - Directory Traversal Shodon Dork: iPECS CM Exploit Author: Safak Aslan Software Link: www.ipecs.com Version: 30M-B.2Ia and 30M-2.3Gn Authentication Required: No Tested on: Linux CVE: N/A Description The...