QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities

QNAP Qcenter Virtual Appliance - Multiple Vulnerabilities Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ QNAP Qcenter Virtual Appliance Multiple Vulnerabilities 1. Advisory Information Title: QNAP Qcenter Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2018-0006...

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities

WAGO e!DISPLAY 7300T - Multiple Vulnerabilities SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote code execution via multiple attack vectors product: WAGO e!DISPLAY 7300T - WP 4.3 480x272 PIO1 vulnerable version: ...

Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure

Zeta Producer Desktop CMS 14.2.0 - Remote Code Execution Local File Disclosure SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Remote Code Execution & Local File Disclosure product: Zeta Producer Desktop CMS vulnerable...

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload

Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Exploit Title: Cela Link CLR-M20 2.7.1.6 - Arbitrary File Upload Date: 2018-07-13 Shodan Dork: CLR-M20 Exploit Author: Safak Aslan Software Link: http://www.celalink.com Version: 2.7.1.6 CVE: 2018-15137 Authentication Required: No Tested on: Windo...

Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions

Microsoft Edge Chakra JIT - Type Confusion with Hoisted SetConcatStrMultiItemBE Instructions / Here's a PoC: / function optstr for let i = 0; i .var s9.var = LdSlot s32s18l53.var s7.var = LdSlot s20s18l51.var s8.var = LdSlot s19s18l52.var s1Object.var = LdA 0x7FFFF47A0000 GlobalObjectObject.var...

Microsoft Edge Chakra JIT - Out-of-Bounds ReadsWrites

Microsoft Edge Chakra JIT - Out-of-Bounds ReadsWrites / It seems that this issue is similar to the issue 1429 MSRC 42111. It might need to refresh the page several times to observe a crash. PoC: / let arr = new Uint32Array1000; for let i = 0; i 0x1000000; i++ for let j = 0; j 1; j++ i--; i++; arr...

Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read

Microsoft Edge Chakra JIT - BoundFunction::NewInstance Out-of-Bounds Read / BoundFunction::NewInstance is used to handle calls to a bound function. The method first allocates a new argument array and copies the prepended arguments and others into the new argument array and calls the actual...

Dicoogle PACS 2.5.0 - Directory Traversal

Dicoogle PACS 2.5.0 - Directory Traversal Exploit Title: Dicoogle PACS 2.5.0 - Directory Traversal Date: 2018-05-25 Software Link: http://www.dicoogle.com/home Version: Dicoogle PACS 2.5.0-201712291522 Category: webapps Tested on: Windows 2012 R2 Exploit Author: Carlos Avila Contact:...

Awk to Perl 1.007-5 - Buffer Overflow (PoC)

Awk to Perl 1.007-5 - Buffer Overflow PoC Exploit Title: Awk to Perl 1.007-5 - Buffer Overflow PoC Author: Todor Donev Date: 2018-07-11 Software: Linux Awk to Perl Translator '/usr/bin/a2p' Version: 1.007-5 CVE: N/A Tested on: CentOS 6.9, Ubuntu 10 todor@adamantium $ python -c "print 'A' 2070" |...

Instagram-Clone Script 2.0 - Cross-Site Scripting

Instagram-Clone Script 2.0 - Cross-Site Scripting Exploit Title: Instagram-clone Script 2.0 - Cross-Site Scripting Date: 2018-07-10 Exploit Author: L0RD Vendor Homepage: https://github.com/yTakkar/Instagram-clone Version: 2.0 CVE: CVE-2018-13849 Tested on: Kali linux POC : Persistent Cross site...

JavaScript Core - Arbitrary Code Execution

JavaScript Core - Arbitrary Code Execution // Load Int library, thanks saelo! load'util.js'; load'int64.js'; // Helpers to convert from float to in a few random places var conva = new ArrayBuffer8; var convf = new Float64Arrayconva; var convi = new Uint32Arrayconva; var convi8 = new...

D-Link DIR601 2.02 - Credential Disclosure

D-Link DIR601 2.02 - Credential Disclosure Exploit title: D-Link DIR601 2.02NA - Credential disclosure Date: 2018-07-10 Exploit Author: Richard Rogerson Vendor Homepage: http://ca.dlink.com/ Software Link: http://support.dlink.ca/ProductInfo.aspx?m=DIR-601 Version: = 2.02NA Tested on: D-Link DIR6...

Elektronischer Leitz-Ordner 10 - SQL Injection

Elektronischer Leitz-Ordner 10 - SQL Injection Title: Elektronischer Leitz-Ordner 10 - SQL Injection Author: Jens Regel, Schneider & Wulf EDV-Beratung GmbH & Co. KG Software: https://www.elo.com/en-de/ CVE: N/A Affected Products: ELOenterprise 10 ELO Access Manager = 10.17.120 ELOenterprise 9 ELO...

WolfSight CMS 3.2 - SQL Injection

WolfSight CMS 3.2 - SQL Injection Exploit Title: WolfSight CMS 3.2 - SQL Injection Google Dork: N/A Date: 2018-07-10 Exploit Author: Berk Dusunur & Zehra Karabiber Vendor Homepage: http://www.wolfsight.com Software Link: http://www.wolfsight.com Version: v3.2 Tested on: Parrot OS / WinApp Server...

Linux Kernel 4.13.9 (Ubuntu 16.04 Fedora 27) - Local Privilege Escalation

Linux Kernel 4.13.9 Ubuntu 16.04 Fedora 27 - Local Privilege Escalation / Credit @bleidl, this is a slight modification to his original POC https://github.com/brl/grlh/blob/master/get-rekt-linux-hardened.c For details on how the exploit works, please visit...

Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow

Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow Exploit Title: Stack-based buffer overflow in Activision Infinity Ward Call of Duty Modern Warfare 2 Date: 14-12-2017 Exploit Author: Maurice Heumann Contact: https://twitter.com/momo5502?lang=en Website: https://momo5502.co...

Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH)

Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow SEH Exploit Title: Boxoft wav-wma Converter - Local Buffer Overflow SEH Date: 2018-07-08 Software Link: http://www.boxoft.com/wav-to-wma/ Software Version:1.0 Exploit Author: Achilles Target: Windows 7 x64 CVE: Description: A malicious .wav...

Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting

Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Author Information Author : Ahmed Elhady Mohamed twitter : @AhmedELhady Date : 01/07/2018 Software Information Affected Software : SeoChecker Umbraco CMS Plug-in Version: version 1.9.2 Software website :...

Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution

Oracle WebLogic 12.1.2.0 - RMI Registry UnicastRef Object Java Deserialization Remote Code Execution !/usr/bin/python -- coding: utf-8 -- from argparse import RawTextHelpFormatter import socket, argparse, subprocess, ssl, os.path HELPMESSAGE = '''...

Airties AIR5444TT - Cross-Site Scripting

Airties AIR5444TT - Cross-Site Scripting Exploit Title: Airties AIR5444TT - Cross-Site Scripting Date: 2018-07-06 Exploit Author: Raif Berkay Dincel Vendor Homepage: airties.com Software http://www.airties.com.tr/support/dcenter/ Version: 1.0.0.18 CVE-ID: CVE-2018-8738 Tested on: MacOS High Sierr...

PolarisOffice 2017 8 - Remote Code Execution

PolarisOffice 2017 8 - Remote Code Execution + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/POLARISOFFICE-2017-v8-REMOTE-CODE-EXECUTION.txt + ISR: Apparition Security Vendor: ============= www.polarisoffice.com Product:...

ADB Broadband Gateways Routers - Authorization Bypass

ADB Broadband Gateways Routers - Authorization Bypass SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authorization Bypass product: All ADB Broadband Gateways / Routers based on Epicentro platform vulnerable version:...

VLC media player 2.2.8 - Arbitrary Code Execution (PoC)

VLC media player 2.2.8 - Arbitrary Code Execution PoC Exploit Title: VLC media player 2.2.8 - Arbitrary Code Execution PoC Date: 2018-06-06 Exploit Author: Eugene Ng Vendor Homepage: https://www.videolan.org/vlc/index.html Software Link:...

ADB Broadband Gateways Routers - Privilege Escalation

ADB Broadband Gateways Routers - Privilege Escalation SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Privilege escalation via linux group manipulation product: All ADB Broadband Gateways / Routers based on Epicentro...

SoftExpert Excellence Suite 2.0 - cddocument SQL Injection

SoftExpert Excellence Suite 2.0 - cddocument SQL Injection Exploit Title: SoftExpert Excellence Suite 2.0 - 'cddocument' SQL Injection Author: Seren PORSUK Date: 2018-06-28 Type: webapps Platform: PHP CVE= N/A Vendor Homepage : https://www.softexpert.com/solucao/softexpert-excellence-suite/ DETAI...

ADB Broadband Gateways Routers - Local Root Jailbreak

ADB Broadband Gateways Routers - Local Root Jailbreak SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local root jailbreak via network file sharing flaw product: All ADB Broadband Gateways / Routers based on Epicentro...

Gitea 1.4.0 - Remote Code Execution

Gitea 1.4.0 - Remote Code Execution pip install PyJWT requests pip install dulwich==0.19.0 from requests import Request, Session, get, post import jwt import time import base64 import os import re import time import threading import random import string import urlparse import urllib from dulwich...

Online Trade - Information Disclosure

Online Trade - Information Disclosure Exploit Title: Online Trade 1 - Information Disclosure Date: 2018-07-03 Exploit Author: L0RD Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE: CVE-2018-12908 Version: 1 Tested on...

ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution

ManageEngine Exchange Reporter Plus Build 5311 - Remote Code Execution Exploit Title: ManageEngine Exchange Reporter Plus = 5310 Unauthenticated RCE Date: 28-06-2018 Software Link: https://www.manageengine.com/products/exchange-reports/ Exploit Author: Kacper Szurek Contact:...

ShopNx - Arbitrary File Upload

ShopNx - Arbitrary File Upload Exploit Title: ShopNx - Angular5 Single Page Shopping Cart Application 1 - Arbitrary File Upload Date: 2018-07-03 Exploit Author: L0RD Email: [email protected] Vendor Homepage: http://codenx.com/ Version: 1 CVE: CVE-2018-12519 Tested on: Win 10...

CMS Made Simple 2.2.5 - (Authenticated) Remote Code Execution

CMS Made Simple 2.2.5 - Authenticated Remote Code Execution Exploit Title: CMS Made Simple 2.2.5 authenticated Remote Code Execution Date: 3rd of July, 2018 Exploit Author: Mustafa Hasan @strukt93 Vendor Homepage: http://www.cmsmadesimple.org/ Software Link:...

OpenSLP 2.0.0 - Double-Free

OpenSLP 2.0.0 - Double-Free ''' | | | | | | | || | | | | -| | . | . | | . | . | | | . | | -| | | | -| -| ||| || ||||||| || || ||| || 2018-06-28 SLPD DOUBLE FREE ================ CVE-2018-12938 An issue was found in openslp-2.0.0 that can be used to induce a double free bug or memory corruption by...

ntop-ng 3.4.180617 - Authentication Bypass

ntop-ng 3.4.180617 - Authentication Bypass ''' Vulnerability title: ntop-ng 3.4.180617 - Authentication Bypass Author: Ioannis Profetis Contact: me at x86.re Vulnerable versions: 3.4.180617-4560 Fixed version: 3.4.180617 Link: ntop.org Date: 2.07.2018 CVE-2018-12520 Product Details ntopng is the...

Enhanced Mitigation Experience Toolkit (EMET) - XML External Entity Injection

Enhanced Mitigation Experience Toolkit EMET - XML External Entity Injection + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/MICROSOFT-WINDOWS-EMET-XML-INJECTION.txt + ISR: Apparition Security Greetz:...

Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow (PoC)

Delta Industrial Automation COMMGR 1.08 - Stack Buffer Overflow PoC Exploit Title: Delta Electronics Delta Industrial Automation COMMGR - Remote STACK-BASED BUFFER OVERFLOW Date: 02.07.2018 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.deltaww.com/ Software Link:...

Dolibarr ERPCRM 7.0.3 - PHP Code Injection

Dolibarr ERPCRM 7.0.3 - PHP Code Injection Exploit Title: Unauthenticated Remote Code Evaluation in Dolibarr ERP CRM =7.0.3 Date: 06/29/2018 Exploit Author: om3rcitak - https://omercitak.com Vendor Homepage: https://dolibarr.org Software Link: https://github.com/Dolibarr/dolibarr Version: =7.0.3...

VMware NSX SD-WAN Edge 3.1.2 - Command Injection

VMware NSX SD-WAN Edge 3.1.2 - Command Injection !/usr/bin/env python Exploit Title: Unauthenticated Command Injection vulnerability in VMware NSX SD-WAN by VeloCloud Date: 2018-06-29 Exploit Author: paragonsec @ Critical Start Credit: Brian Sullivan from Tevora and Section 8 @ Critical Start...

Geutebruck 5.02024 G-CamEFD-2250 - simple_loglistjs.cgi Remote Command Execution (Metasploit)

Geutebruck 5.02024 G-CamEFD-2250 - simpleloglistjs.cgi Remote Command Execution Metasploit This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Geutebruck simpleloglistjs.cgi Remote Command Execution...

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

DAMICMS 6.0.0 - Cross-Site Request Forgery Add Admin history.pushState'', '', '/'...

SIPp 3.6 - Local Buffer Overflow (PoC)

SIPp 3.6 - Local Buffer Overflow PoC Exploit Title: SIPp 3.6 - Local Buffer Overflow PoC Date: 2018-06-30 Exploit Author: Fakhri Zulkifli Vendor Homepage: http://sipp.sourceforge.net/ Software Link: https://github.com/SIPp/sipp/releases Version: 3.6-dev and earlier Tested on: 3.6-dev $ ./sipp -3p...

Core FTP LE 2.2 - Buffer Overflow (PoC)

Core FTP LE 2.2 - Buffer Overflow PoC Exploit Title: Core FTP LE 2.2 - Buffer Overflow PoC Date: 2018-06-28 Exploit Author: Berk Cem Göksel Vendor Homepage: http://www.coreftp.com/ Software Link: http://www.coreftp.com/download Version: Core FTP Client LE v2.2 Build 1921 Tested on: Windows 10...

DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting

DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Exploit Title: DIGISOL DG-HR3400 Wireless Router - Cross-Site Scripting Date: 2018-06-25 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-HR3400-300Mbps-Wireless-Broadband/dp/B00IL8DR6W Category:...

hycus CMS 1.0.4 - Authentication Bypass

hycus CMS 1.0.4 - Authentication Bypass Exploit Title: hycus Content Management System v1.0.4 Login Page Bypass Google Dork:N/A Date: 28.06.2018 Exploit Author: Berk Dusunur Vendor Homepage: http://www.hycus.com/ Software Link: http://demosite.center/hycus/ Version: 1.0.4 Tested on: Pardus / Debi...

BEESCMS 4.0 - Cross-Site Request Forgery (Add Admin)

BEESCMS 4.0 - Cross-Site Request Forgery Add Admin Exploit Title: A CSRF vulnerability exists in BEESCMSV4.0: The administrator can be added arbitrarily. Date: 2018-06-25 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9226389.html Software Link: http://www.beescms.com/...

Cisco Adaptive Security Appliance - Path Traversal

Cisco Adaptive Security Appliance - Path Traversal ''' Cisco Adaptive Security Appliance - Path Traversal CVE-2018-0296 A security vulnerability in Cisco ASA that would allow an attacker to view sensitive system information without authentication by using directory traversal techniques. Vulnerabl...

HongCMS 3.0.0 - (Authenticated) SQL Injection

HongCMS 3.0.0 - Authenticated SQL Injection Exploit Title: HongCMS 3.0.0 - SQL Injection Google Dork: if applicable Date: 2018/06/26 Exploit Author: Hzllaga Vendor Homepage: https://github.com/Neeke/HongCMS/ Software Link: https://github.com/Neeke/HongCMS/ Version: 3.0.0 Tested on: php5.4 mysql5...

WordPress Core 4.9.6 - (Authenticated) Arbitrary File Deletion

WordPress Core 4.9.6 - Authenticated Arbitrary File Deletion Exploit Title: Wordpress = 4.9.6 Arbitrary File Deletion Vulnerability Date: 2018-06-27 Exploit Author: VulnSpy Vendor Homepage: http://www.wordpress.org Software Link: http://www.wordpress.org/download Version: = 4.9.6 Tested on: php7...

HPE VAN SDN 2.7.18.0503 - Remote Root

HPE VAN SDN 2.7.18.0503 - Remote Root ''' -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 KL-001-2018-008 : HPE VAN SDN Unauthenticated Remote Root Vulnerability Title: HPE VAN SDN Unauthenticated Remote Root Vulnerability Advisory ID: KL-001-2018-008 Publication Date: 2018.06.25 Publication URL:...

Liferay Portal 7.0.4 - Server-Side Request Forgery

Liferay Portal 7.0.4 - Server-Side Request Forgery 1. ADVISORY INFORMATION ======================================== Title: Liferay Portal pingback.ping http://TARGET/ http://mehmetince.dev:8080/web/guest/home/-/blogs/30686...

PoDoFo 0.9.5 - Buffer Overflow (PoC)

PoDoFo 0.9.5 - Buffer Overflow PoC Exploit Title: PoDoFo 0.9.5 - Stack-Based Buffer Overflow PoC Date: 25.06.2018 Software Link: https://sourceforge.net/projects/podofo/ Vuln Version: 0.9.5 CVE: cve-2018-8002 Vulnerability Details: https://bugzilla.redhat.com/showbug.cgi?id=1548930 Exploit Author...