Core FTP 2.0 - XRMD Denial of Service (PoC)

Core FTP 2.0 - XRMD Denial of Service PoC Exploit Title: Core FTP 2.0 - 'XRMD' Denial of Service PoC Date: 2018-07-24 Exploit Author: Erik David Martin Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/server/download/CoreFTPServer.exe Version: Version 2.0, build 653,...

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery (Admin Bypass)

Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery Admin Bypass Exploit Title: Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery Admin Bypass Date: 2018-07-25 Software Link: https://world.trivum-shop.de https://world.trivum-shop.de/ Version: 9.34 build 13381 - 12.07.18...

Kirby CMS 2.5.12 - Cross-Site Request Forgery (Delete Page)

Kirby CMS 2.5.12 - Cross-Site Request Forgery Delete Page Exploit Title:​​ Kirby CMS 2.5.12 - Cross-Site Request Forgery Delete Page Date: 2018-07-22 Exploit Author: Zaran Shaikh Version: 2.5.12 CVE: NA Category: Web Application 1. Description The application allows malicious HTTP requests to be...

GetGo Download Manager 6.2.1.3200 - Denial of Service (PoC)

GetGo Download Manager 6.2.1.3200 - Denial of Service PoC Exploit Title: GetGo Download Manager 6.2.1.3200 - Buffer Overflow Denial of Service Date: 2018-07-25 Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2017-17849 Tested On: Windows 7 x86, Windows 10 x64 Details The...

10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow (SEH)

10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow SEH Title: 10-Strike Bandwidth Monitor 3.7 - Local Buffer Overflow SEH Date: 2018-07-24 Exploit Author: absolomb Vendor Homepage: https://www.10-strike.com/products.shtml Software Link:...

10-Strike LANState 8.8 - Local Buffer Overflow (SEH)

10-Strike LANState 8.8 - Local Buffer Overflow SEH Exploit Title: 10-Strike LANState 8.8 - Local Buffer Overflow SEH Date: 2018-07-24 Exploit Author: absolomb Vendor Homepage: https://www.10-strike.com/products.shtml Software Link: https://www.10-strike.com/lanstate/download.shtml Version 8.8...

Micro Focus Secure Messaging Gateway (SMG) 471 - Remote Code Execution (Metasploit)

Micro Focus Secure Messaging Gateway SMG 471 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "MicroFocus Secure Messaging Gateway Remote Code Execution",...

D-link DAP-1360 - Path Traversal Cross-Site Scripting

D-link DAP-1360 - Path Traversal Cross-Site Scripting Exploit Title: D-Link DAP-1360 File path traversal and Cross site scriptingreflected can lead to Authentication Bypass easily. Date: 20-07-2018 Exploit Author: r3m0t3nu11 Contact : http://twitter.com/r3m0t3nu11 Vendor : www.dlink.com Version:...

Nagios Core 4.4.1 - Denial of Service

Nagios Core 4.4.1 - Denial of Service Exploit Title: Nagios Core Multiple Local Denial of Service Date: 2018-07-09 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.nagios.org/ Software Link: https://www.nagios.org/downloads/nagios-core/ Version: 4.4.1 and earlier Tested on:...

Microsoft Windows - dnslint.exe Drive-By Download

Microsoft Windows - dnslint.exe Drive-By Download + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-DNSLINT.EXE-FORCED-DRIVE-BY-DOWNLOAD.txt + ISR: Apparition Security Greetz: indoushka | Eduardo Vendor...

Synology DiskStation Manager 4.1 - Directory Traversal

Synology DiskStation Manager 4.1 - Directory Traversal Exploit Title: Synology DiskStation Manager 4.1 - Directory Traversal Google Dork: N/A Date: 2018-07-21 Exploit Author: Berk Dusunur Vendor Homepage: https://www.synology.com Software Link: https://www.synology.com Version: v4.1 Tested on:...

NUUO NVRmini - upgrade_handle.php Remote Command Execution

NUUO NVRmini - upgradehandle.php Remote Command Execution Exploit Title: NUUO NVR Unauthenticated Remote Code Execution Exploit Author: Berk Dusunur Google Dork: N/A Date: 2018-07-21 Vendor Homepage: http://www.nuuo.com/ Software Link: http://www.nuuo.com/ Affected Version: v2016 Tested on: Parro...

Splinterware System Scheduler Pro 5.12 - Privilege Escalation

Splinterware System Scheduler Pro 5.12 - Privilege Escalation Exploit Title: Splinterware System Scheduler Pro 5.12 - Privilege Escalation Exploit Author: bzyo Twitter: @bzyo Date: 2018-07-21 Vulnerable Software: System Scheduler Pro 5.12 Vendor Homepage: https://www.splinterware.com Version: 5.1...

Kirby CMS 2.5.12 - Cross-Site Scripting

Kirby CMS 2.5.12 - Cross-Site Scripting Exploit Title:​​ Kirby CMS 2.5.12 - Cross-Site Scripting Date: 2018-07-22 Exploit Author: Zaran Shaikh Version: ​2.5.12 CVE : ​NA Category: ​Web Application Description The application allows user injected payload which can lead to Stored Cross Site...

Splinterware System Scheduler Pro 5.12 - Buffer Overflow (SEH)

Splinterware System Scheduler Pro 5.12 - Buffer Overflow SEH !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Splinterware System Scheduler Pro 5.12 - Local Buffer Overflow SEH Date: 07-21-18 Vulnerable Software: System Scheduler Pro 5.12 Vendor Homepage:...

Microsoft Windows Speech Recognition - Buffer Overflow (PoC)

Microsoft Windows Speech Recognition - Buffer Overflow PoC Title: Windows Speech Recognition- Buffer Overflow Author: Nassim Asrir Contact: [email protected] | https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: https://www.microsoft.com/ About Windows Speech Recognition:...

Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery (Reboot Router)

Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery Reboot Router Exploit Title: Tenda Wireless N150 Router 5.07.50 - Cross-Site Request Forgery Reboot Router Date: 2018-07-21 Exploit Author: Nathu Nandwani Website: http://nandtech.co CVE: CVE-2015-5996 Description: The router is...

Davolink DVW 3200 Router - Password Disclosure

Davolink DVW 3200 Router - Password Disclosure Exploit Title: Davolink DVW 3200 Router - Password Disclosure Google Dork: N/A Zoomeye dork : https://www.zoomeye.org/searchResult?q=%22var%20userpasswd%22%20%2Bapp%3A%22DAVOLINK%20GAPD-7000%20WAP%20httpd%22 Date: 2018-07-13 Exploit Author: Ankit...

GeoVision GV-SNVR0811 - Directory Traversal

GeoVision GV-SNVR0811 - Directory Traversal Exploit Title: GeoVision GV-SNVR0811 Directory Traversal Exploit Author: Berk Dusunur Google Dork: N/A Type: Hardware Date: 2018-07-21 Vendor Homepage: http://www.geovision.com.tw/product/GV-SNVR0811 Software Link:...

Inteno’s IOPSYS - (Authenticated) Local Privilege Escalation

Inteno’s IOPSYS - Authenticated Local Privilege Escalation !/usr/bin/python import json import sys import subprocess import socket import os from websocket import createconnection def ubusAuthhost, username, password: ws = createconnection"ws://" + host, header = "Sec-WebSocket-Protocol: ubus-jso...

TP-Link TL-WR840N - Denial of Service

TP-Link TL-WR840N - Denial of Service Exploit Title:- TP-Link Wireless N Router WR840N - Buffer Overflow Date:- 2018-07-16 Vendor Homepage:- https://www.tp-link.com/ Hardware Link:- https://www.amazon.in/TP-LINK-TL-WR840N-300Mbps-Wireless-External/dp/B01A0G1J7Q Version:- TP-Link Wireless N Router...

MSVOD 10 - cid SQL Injection

MSVOD 10 - cid SQL Injection Exploit Title: MSVOD V10 ¡V SQL Injection Google Dork: inurl:"images/lists?cid=13" Date: 2018/07/17 Exploit Author: Hzllaga Vendor Homepage: http://www.msvod.cc/ Version: MSVOD V10 CVE : CVE-2018-14418 Reference : https://www.wtfsec.org/2583/msvod-v10-sql-injection/...

Touchpad Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass

Touchpad Trivum WebTouch Setup 2.53 build 13163 - Authentication Bypass Exploit Title: Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 - Unauthorized Authentication Reset Date: 2018-07-20 Software Link: https://world.trivum-shop.de Version: 2.56 build 13381 - 12-07-2018 Category: webapps...

MyBB New Threads Plugin 1.1 - Cross-Site Scripting

MyBB New Threads Plugin 1.1 - Cross-Site Scripting Exploit Title: MyBB New Threads Plugin - Cross-Site Scripting Date: 7/16/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1143 Version: 1.1 Tested on: Ubuntu 18.04 CVE:...

Google Chrome - Swiftshader Texture Allocation Integer Overflow

Google Chrome - Swiftshader Texture Allocation Integer Overflow There's a remotely triggerable memory corruption issue in SwiftShader that's reachable from WebGL, resulting from an integer overflow issue. In the GPU process there is validation on the sizes passed to texture creation functions to...

Google Chrome - Swiftshader Blitting Floating-Point Precision Errors

Google Chrome - Swiftshader Blitting Floating-Point Precision Errors getInternalFormat == FORMATNULL return; ifblitReactorsource, sourceRect, dest, destRect, options return; SliceRectF sRect = sourceRect; SliceRect dRect = destRect; bool flipX = destRect.x0 destRect.x1; bool flipY = destRect.y0...

WordPress Plugin All In One Favicon 4.6 - (Authenticated) Cross-Site Scripting

WordPress Plugin All In One Favicon 4.6 - Authenticated Cross-Site Scripting Exploit Title: WordPress Plugin All In One Favicon = 4.6 - Authenticated Multiple XSS Persistent Date: 2018-07-10 Exploit Author: Javier Olmedo Website: https://hackpuntes.com/ Vendor Homepage: http://www.techotronic.de/...

Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak

Google Chrome - SwiftShader OpenGL Texture Bindings Reference Count Leak getRenderTarget; if!renderTarget ERR"Failed to retrieve the render target."; return errorGLOUTOFMEMORY; ifimagelevel imagelevel-release; imagelevel = egl::Image::createthis, width, height, internalformat; if!imagelevel retur...

FTP2FTP 1.0 - Arbitrary File Download

FTP2FTP 1.0 - Arbitrary File Download Exploit Title: FTP2FTP 1.0 - Arbitrary File Download Dork: N/A Date: 18.07.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/ftp2ftp-server-to-server-file-transfer-php-script/21972395 Version: 1.0 Category: Webapps...

Open-AudIT Community 2.1.1 - Cross-Site Scripting

Open-AudIT Community 2.1.1 - Cross-Site Scripting Exploit Title: Open-AudIT Community - 2.1.1 - Cross Site Scripting Vulnerability Google Dork:NA Exploit Author: Ranjeet Jaiswal Vendor Homepage: https://opmantek.com/ Software Link:http://dl-openaudit.opmantek.com/OAE-Win-x8664- release2.2.1.exe...

Smart SMS Email Manager 3.3 - contact_type_id SQL Injection

Smart SMS Email Manager 3.3 - contacttypeid SQL Injection Exploit Title: Smart SMS & Email Manager v3.3 - SQL Injection Google Dork: N/A Date: 17.07.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/smart-sms-email-manager-ssem/14817919 Version: 3.3 Teste...

Modx Revolution 2.6.4 - Remote Code Execution

Modx Revolution 2.6.4 - Remote Code Execution Exploit Title: Modx Revolution ' if requests.get target + '/connectors/system/phpthumb.php', verify=verify.statuscode != 404: printFore.GREEN + '/connectors/system/phpthumb.php - found' url = target + '/connectors/system/phpthumb.php' payload = 'ctx':...

HomeMatic Zentrale CCU2 - Remote Code Execution

HomeMatic Zentrale CCU2 - Remote Code Execution Exploit Title: HomeMatic Zentrale CCU2 Unauthenticated RCE Date: 16-07-2018 Software Link: https://www.homematic.com/ Exploit Author: Kacper Szurek - ESET Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ YouTube:...

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Restricted Shell Escape Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Backdoor Jailbreak Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0...

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Denial of Service

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Denial of Service Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 buil...

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - File Manipulation

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - File Manipulation Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Arbitrary File Attacks Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0...

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Cross-Site Request Forgery Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway CSRF Vulnerabilities Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb...

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Remote Root Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Remote Root Exploit Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0 build 2160...

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Default Credentials

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Default Credentials Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Default Credentials Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb 2.2.0...

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Configuration Download

Microhard Systems 3G4G Cellular Ethernet and Serial Gateway - Configuration Download Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Configuration Download Vendor: Microhard Systems Inc. Product web page: http://www.microhardcorp.com Affected version: IPn4G 1.1.0 build 1098 IPn3Gb...

WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting

WordPress Plugin Job Manager 4.1.0 - Cross-Site Scripting Exploit Title: Wordpress Plugin Job Manager v4.1.0 Stored Cross Site Scripting Google Dork: N/A Date: 2018-07-15 Exploit Author: Berk Dusunur & Selimcan Ozdemir Vendor Homepage: https://wpjobmanager.com Software Link:...

PrestaShop 1.6.1.19 - BlowFish ECD Privilege Escalation

PrestaShop 1.6.1.19 - BlowFish ECD Privilege Escalation !/usr/bin/env python3 PrestaShop = 1.6.1.19 Privilege Escalation Charles Fol 2018-07-10 See https://ambionics.io/blog/prestashop-privilege-escalation The condition for this exploit to work is for an employee to have the same password as a...

macOSiOS - JavaScript Injection Bug in OfficeImporter

macOSiOS - JavaScript Injection Bug in OfficeImporter QuickLook is a widely used feature in macOS/iOS which allows you to preview various formats such as pdf, docx, pptx, etc. The way it uses to show office files is quite interesting. First it parses the office file and converts it to HTML code...

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection

Microsoft Enterprise Mode Site List Manager - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-ENTERPRISE-MODE-SITE-LIST-MANAGER-XXE.txt + ISR: Apparition Security Greetz:...

Linux (Ubuntu) - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass

Linux Ubuntu - Other Users coredumps Can Be Read via setgid Directory and killpriv Bypass / Note: I am both sending this bug report to [email protected] and filing it in the Ubuntu bugtracker because I can't tell whether this counts as a kernel bug or as a Ubuntu bug. You may wish to talk to ea...

VelotiSmart WiFi B-380 Camera - Directory Traversal

VelotiSmart WiFi B-380 Camera - Directory Traversal Title: Vulnerability in VelotiSmart Wifi - Directory Traversal Date: 12-07-2018 Scope: Directory Traversal Platforms: Unix Author: Miguel Mendez Z Vendor: VelotiSmart Version: B380 CVE: CVE-2018–14064 Vulnerability description...

PrestaShop 1.6.1.19 - AES CBC Privilege Escalation

PrestaShop 1.6.1.19 - AES CBC Privilege Escalation !/usr/bin/env python3 PrestaShop = 1.6.1.19 AES Rijndael / opensslencrypt Cookie Read Charles Fol See https://ambionics.io/blog/prestashop-privilege-escalation This POC will reveal the content of an employee's cookie. By modifying it one can...

Fortify Software Security Center (SSC) 17.x18.1 - XML External Entity Injection

Fortify Software Security Center SSC 17.x18.1 - XML External Entity Injection Details ================ Software: Fortify SSC Software Security Center Version: 17.10, 17.20 & 18.10 Homepage: https://www.microfocus.com Advisory report: https://github.com/alt3kx/CVE-2018-12463 CVE: CVE-2018-12463 at...

Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery

Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery Exploit Title: Grundig Smart Inter@ctive 3.0 - Cross-Site Request Forgery Date: 2018-07-§3 Exploit Author: Ahmethan-Gultekin - t4rkd3vilz Vendor Homepage: https://www.grundig.com/ Software Link:...

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow

G DATA Total Security 25.4.0.3 - Activex Buffer Overflow 'for debugging/custom prolog targetFile = "C:\Program Files\G DATA\TotalSecurity\ASK\GDASpam.dll" prototype = "Function IsBlackListed ByVal strIP As String As Long" m...