Foxit Reader 9.0.1.1049 - Remote Code Execution

Foxit Reader 9.0.1.1049 - Remote Code Execution %PDF 1 0 obj 2 0 obj /S /JavaScript /JS / Foxit Reader Remote Code Execution Exploit ========================================== Written by: Steven Seeley mrme of Source Incite Date: 22/06/2018 Technical details:...

KVM (Nested Virtualization) - L1 Guest Privilege Escalation

KVM Nested Virtualization - L1 Guest Privilege Escalation When KVM on Intel virtualizes another hypervisor as L1 VM it does not verify that VMX instructions from the L1 VM which trigger a VM exit and are emulated by L0 KVM are coming from ring 0. For code running on bare metal or VMX root mode th...

WordPress Plugin Comments Import Export 2.0.4 - CSV Injection

WordPress Plugin Comments Import Export 2.0.4 - CSV Injection Exploit Title: Wordpress Plugin Comments Import & Export 2.0.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link: https://wordpress.org/plugins/comments-import-export-woocommerce/ Affected...

Intex Router N-150 - Arbitrary File Upload

Intex Router N-150 - Arbitrary File Upload Exploit Title:​​ Intex Router N-150 - Arbitrary File Upload Date: 2018-06-23 Exploit Author: Samrat Das Version: N-150 CVE : N/A Category: Router Firmware 1. Description The firmware allows malicious files to be uploaded without any checking of extension...

AsusWRT RT-AC750GF - Cross-Site Request Forgery (Change Admin Password)

AsusWRT RT-AC750GF - Cross-Site Request Forgery Change Admin Password Exploit Title: AsusWRT RT-AC750GF - Cross-Site Request Forgery Change Admin Password Date: 2018-06-23 Exploit Author: Wadeek Vendor Homepage: https://www.asus.com/ Firmware Link:...

DIGISOL DG-BR4000NG - Cross-Site Scripting

DIGISOL DG-BR4000NG - Cross-Site Scripting Exploit Title: DIGISOL DG-BR4000NG - Cross-Site Scripting Date: 2018-06-24 Vendor Homepage: http://www.digisol.com Hardware Link: https://www.amazon.in/Digisol-DG-BR4000NG-Wireless-Broadband-802-11n/dp/B00A19EHYK Category: Hardware Exploit Author: Adipta...

DIGISOL DG-BR4000NG - Buffer Overflow (PoC)

DIGISOL DG-BR4000NG - Buffer Overflow PoC Exploit Title: DIGISOL DG-BR4000NG - Buffer Overflow PoC Date 2018-06-24 Vendor Homepage† http://www.digisol.com Hardware Link httpswww.amazon.inDigisol-DG-BR4000NG-Wireless-Broadband-802-11ndpB00A19EHYK Version: DIGISOL DG-BR4000NG Wireless Router Catego...

WordPress Plugin iThemes Security 7.0.3 - SQL Injection

WordPress Plugin iThemes Security 7.0.3 - SQL Injection Exploit Title: WordPress Plugin iThemes Securitybetter-wp-security = 7.0.2 - Authenticated SQL Injection Date: 2018-06-25 Exploit Author: Çlirim Emini Website: https://www.sentry.co.com/ Vendor Homepage: https://ithemes.com/ Software Link:...

WordPress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection

WordPress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Exploit Title: Wordpress Plugin Advanced Order Export For WooCommerce 1.5.4 - CSV Injection Google Dork: N/A Date: 2018-06-24 Exploit Author: Bhushan B. Patil Software Link:...

Intex Router N-150 - Cross-Site Request Forgery (Add Admin)

Intex Router N-150 - Cross-Site Request Forgery Add Admin Exploit Title:​​ Intex Router N-150 - Cross-Site Request Forgery Add Admin Date: 2018-06-23 Exploit Author: Navina Asrani Version: N-150 CVE : N/A Category: Router Firmware 1. Description The firmware allows malicious request to be execute...

Ecessa WANWorx WVR-30 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Ecessa WANWorx WVR-30 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit title: Ecessa WANWorx WVR-30 input type="hidden" name="userusername...

Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit Title: Ecessa Edge EV150 10.7.4 - Cross-Site Request Forgery Add Superuser Author: LiquidWorm Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.6.5.2...

Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery (Add Superuser)

Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Exploit Title: Ecessa ShieldLink SL175EHQ 10.7.4 - Cross-Site Request Forgery Add Superuser Date: 2018-05-21 Vendor: Ecessa Corporation Product web page: https://www.ecessa.com Affected version: 10.7.4, 10.6.9, 10.7.4,...

GreenCMS 2.3.0603 - Information Disclosure

GreenCMS 2.3.0603 - Information Disclosure Exploit Title: GreenCMS 2.3.0603 - remote obtain sensitive information Date: 2018-06-21 Exploit Author: vrsystem Vendor Homepage: https://github.com/GreenCMS/GreenCMS/ Software Link: https://github.com/GreenCMS/GreenCMS/ Version: GreenCMS 2.3.0603 Tested...

QEMU Guest Agent 2.12.50 - Denial of Service

QEMU Guest Agent 2.12.50 - Denial of Service Exploit Title: QEMU Guest Agent 2.12.50 - Denial of Service Date: 2018-06-07 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://www.qemu.org/ Software Link: https://www.qemu.org/download/ Version: 2.12.50 and earlier Tested on: 2.12.50...

phpLDAPadmin 1.2.2 - server_id LDAP Injection (Username)

phpLDAPadmin 1.2.2 - serverid LDAP Injection Username Exploit Title: phpLDAPadmin 1.2.2 - 'serverid' LDAP Injection Username Google Dork:N/A Date: 21.06.2018 Exploit Author: Berk Dusunur Vendor Homepage: http://phpldapadmin.sourceforge.net Software Link: http://phpldapadmin.sourceforge.net Versio...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (2)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 2 Exploit Title: phpMyAdmin 4.8.1 - Local File Inclusion to Remote Code Execution Date: 2018-06-21 Exploit Author: VulnSpy Vendor Homepage: http://www.phpmyadmin.net Software Link:...

Opencart 3.0.2.0 - Denial of Service

Opencart 3.0.2.0 - Denial of Service !/usr/bin/perl -w Opencart https://ethical-hacker.org/ https://facebook.com/ethicalhackerorg Tested store with added more than 1000 products todor@adamantium cartkiller torsocks perl killcart.pl example.com Opencart = 3.0.2.0 googlesitemap Remote Denial of...

phpMyAdmin 4.8.1 - (Authenticated) Local File Inclusion (1)

phpMyAdmin 4.8.1 - Authenticated Local File Inclusion 1 The latest version downloaded from the official website, the file name is phpMyAdmin-4.8.1-all-languages.zip The problem appears in /index.php Find 5563 lines Line 61 contains include $REQUEST'target'; This is obviously LFI precursor, as lon...

LFCMS 3.7.0 - Cross-Site Request Forgery (Add Admin)

LFCMS 3.7.0 - Cross-Site Request Forgery Add Admin Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: administrator account can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203899.html Software Link:...

Dell EMC RecoverPoint 5.1.2 - Local Root Command Execution

Dell EMC RecoverPoint 5.1.2 - Local Root Command Execution Exploit Title: Dell EMC RecoverPoint &2 root@recoverpoint:/ id uid=0root gid=0root groups=0root root@recoverpoint:/...

Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution

Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Exploit Title: Dell EMC RecoverPoint 5.1.2 - Remote Root Command Execution Date: 2018-06-21 Version: All versions before RP 5.1.2, and all versions before RP4VMs 5.1.1.3 Exploit Author: Paul Taylor Vendor Advisory: DSA-2018-095 Vendor KB...

LFCMS 3.7.0 - Cross-Site Request Forgery (Add User)

LFCMS 3.7.0 - Cross-Site Request Forgery Add User Exploit Title: A CSRF vulnerability exists in LFCMS3.7.0: users can be added arbitrarily. Date: 2018-06-20 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9203740.html Software Link:...

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation

Microsoft Windows 10 - Desktop Bridge Activation Arbitrary Directory Creation Privilege Escalation Windows: Desktop Bridge Activation Arbitrary Directory Creation EoP Platform: Windows 10 1703, 1709 not tested RS4 Class: Elevation of Privilege Summary: The activator for Desktop Bridge application...

VideoInsight WebClient 5 - SQL Injection

VideoInsight WebClient 5 - SQL Injection Title: VideoInsight WebClient 5 - SQL Injection Date: 2018-05-06 Author: vosec Vendor Homepage: https://www.security.us.panasonic.com/ Software Link: https://www.security.us.panasonic.com/video-management-software/web-client/ Version: 5 Tested on: Windows...

MaDDash 2.0.2 - Directory Listing

MaDDash 2.0.2 - Directory Listing Exploit Title: MaDDash 2.0.2 - Directory Listing Date: 2018-06-18 Vendor: perfSONAR Download Link: https://github.com/esnet/maddash/archive/master.zip Version: 2.0.2 Exploit Author: ManhNho CVE: CVE-2018-12522,CVE-2018-12523,CVE-2018-12524,CVE-2018-12525 Category...

NewMark CMS 2.1 - sec_id SQL Injection

NewMark CMS 2.1 - secid SQL Injection Exploit Title: NewMark CMS 2.1 - SQL Injection secid Google Dork: /catalog/?sectid= Date: 2018-06-20 Exploit Author: Berk Dusunur Vendor Homepage: https://nmark.ru/ Software Link: https://nmark.ru/razrabotka/korporativniy-sayt/ Version: v2.1 Tested on: Pardus...

Apache CouchDB 2.1.0 - Remote Code Execution

Apache CouchDB 2.1.0 - Remote Code Execution Title: Apache CouchDB 2.1.0 - Remote Code Execution Author: Cody Zacharias Shodan Dork: port:5984 Vendor Homepage: http://couchdb.apache.org/ Software Link: http://archive.apache.org/dist/couchdb/source/1.6.0/ Version: = 1.7.0 and 2.x - 2.1.0 Tested on...

Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation

Microsoft Windows 10 - Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix Privilege Escalation Windows: Windows: Desktop Bridge Virtual Registry CVE-2018-0880 Incomplete Fix EoP Platform: Windows 1709 not tested earlier version Class: Elevation of Privilege Summary: The handling of the...

ntp 4.2.8p11 - Local Buffer Overflow (PoC)

ntp 4.2.8p11 - Local Buffer Overflow PoC Exploit Title: ntpq and ntpdc 4.2.8p11 Local Buffer Overflow Date: 2018-06-06 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: http://www.ntp.org/ Software Link: http://www.ntp.org/downloads.html Version: 4.2.8p11 and earlier Tested on: 4.2.8p11...

IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure (Metasploit)

IPConfigure Orchid VMS 2.0.5 - Directory Traversal Information Disclosure Metasploit require 'msf/core' class MetasploitModule 'IPConfigure Orchid VMS %q Orchid Core VMS is vulnerable to a directory traversal attack. This affects Linux and Windows operating systems. This allows a remote,...

Mirasys DVMS Workstation 5.12.6 - Path Traversal

Mirasys DVMS Workstation 5.12.6 - Path Traversal Exploit Title: Path Traversal in Gateway in Mirasys DVMS Workstation 5.12.6...

TP-Link TL-WA850RE - Remote Command Execution

TP-Link TL-WA850RE - Remote Command Execution !/usr/bin/env python Exploit Title: TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Command Execution Date: 19/06/2018 Exploit Author: yoresongo - Advisability S.A.S Colombia www.advisability.co Vendor Homepage: https://www.tp-link.com/ Firmwar...

Redis 5.0 - Denial of Service

Redis 5.0 - Denial of Service Exploit Title: Redis 5.0 Denial of Service Date: 2018-06-13 Exploit Author: Fakhri Zulkifli @d0lph1n98 Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0 Fixed on: 5.0 CVE : CVE-2018-12453 Type confusion in the xgroupCommand...

Pale Moon Browser 27.9.3 - Use After Free (PoC)

Pale Moon Browser 27.9.3 - Use After Free PoC Exploit Title: Pale Moon Browser function SetVariablefuzzervars, varname, vartype fuzzervarsvartype = varname; function jsfuzzer var var1 = var2.getDistributedNodes; SetVariablevar1, 'NodeList';...

Nikto 2.1.6 - CSV Injection

Nikto 2.1.6 - CSV Injection Exploit Title: Nikto 2.1.6 - CSV Injection Google Dork: N/A Date: 2018-06-01 Exploit Author: Adam Greenhill Vendor Homepage: https://cirt.net/Nikto2 Software Link: https://github.com/sullo/nikto Affected Version: 2.1.6, 2.1.5 Category: Applications Tested on: Kali Linu...

RabbitMQ Web Management 3.7.6 - Cross-Site Request Forgery (Add Admin)

RabbitMQ Web Management 3.7.6 - Cross-Site Request Forgery Add Admin Exploit Title: RabbitMQ Web Management Add RabbitMQ Admin window.onload = rabbit.submit...

Audiograbber 1.83 - Local Buffer Overflow (SEH)

Audiograbber 1.83 - Local Buffer Overflow SEH Exploit Title: Audiograbber 1.83 - Local Buffer Overflow SEH Date: 2018-06-16 Exploit Author: Dennis 'dhn' Herrmann Vendor Homepage: https://www.audiograbber.org/ Version: 1.83 Tested on: Windows 7 SP1 x86 !/usr/bin/env python $Id: exploit.py,v 1.0...

Microsoft COM for Windows - Privilege Escalation

Microsoft COM for Windows - Privilege Escalation Writeup: https://codewhitesec.blogspot.com/2018/06/cve-2018-0624.html In May 2018 Microsoft patched an interesting vulnerability CVE-2018-0824 which was reported by Nicolas Joly of Microsoft's MSRC: A remote code execution vulnerability exists in...

Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery (Add User)

Joomla! Component Jomres 9.11.2 - Cross-Site Request Forgery Add User Exploit Title: Joomla!Component jomres 9.11.2 - Cross site request forgery Date: 2018-06-15 Exploit Author: L0RD Vendor Homepage: https://www.jomres.net/ Software link: https://extensions.joomla.org/extension/jomres/ Software...

Redis-cli 5.0 - Buffer Overflow (PoC)

Redis-cli 5.0 - Buffer Overflow PoC Exploit Title: Redis-cli 5.0 - Buffer Overflow PoC Date: 2018-06-13 Exploit Author: Fakhri Zulkifli Vendor Homepage: https://redis.io/ Software Link: https://redis.io/download Version: 5.0, 4.0, 3.2 Fixed on: 5.0, 4.0, 3.2 CVE : CVE-2018-12326 Buffer overflow i...

Redatam Web Server 7 - Directory Traversal

Redatam Web Server 7 - Directory Traversal Exploit Title: Redatam Web Server R+SP WebUtilities Exception Error Number 401 Error Message File not found in folder C:\wamp\apps\redatam\redbin\ - blablabla Script directory /wamp/app...

Dimofinf CMS 3.0.0 - Cross-Site Scripting

Dimofinf CMS 3.0.0 - Cross-Site Scripting Title: Dimofinf CMS 3.0.0 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-13 Software: Dimofinf CMS Version 3.0.0 CVE: CVE-2018-12094 A Reflected Cross-Site Scripting web vulnerability has been discovered in the "Dimofinf CMS"...

Soroush IM Desktop App 0.15 (beta) - Authentication Bypass

Soroush IM Desktop App 0.15 beta - Authentication Bypass Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Date: 2018-06-13 Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Teste...

OEcms 3.1 - Cross-Site Scripting

OEcms 3.1 - Cross-Site Scripting Title: OEcms 3.1 - Cross-Site Scripting Author: Felipe "Renzi" Gabriel Date: 2018-06-15 Software: OEcms v3.1 CVE: CVE-2018-12095 Technical Details & Description: A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1"...

Joomla Component Ek Rishta 2.10 - SQL Injection

Joomla Component Ek Rishta 2.10 - SQL Injection Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Date: 2018-06-14 Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download:...

rtorrent 0.9.6 - Denial of Service

rtorrent 0.9.6 - Denial of Service Exploit Title: rtorrent 0.9.6 - Denial of Service Date: 2018-01-10 Exploit Author: ecx86 Vendor Homepage: http://rtorrent.net Software Link: https://github.com/rakshasa/rtorrent/releases Version: I', lenmsg crash += msg s = socket.socketsocket.AFINET,...

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation

RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Title: RSLinx Classic and FactoryTalk Linx Gateway - Privilege Escalation Date: 2017-12-11 Author: LiquidWorm Vendor: Rockwell Automation, Inc. Product web page: https://www.rockwellautomation.com Affected version: Rockwell...

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass

Microsoft Windows 10 - Child Process Restriction Mitigation Bypass Windows: Child Process Restriction Mitigation Bypass Platform: Windows 10 1709 not tested other versions Class: Security Feature Bypass Summary: It’s possible to bypass the child process restriction mitigation policy by...

Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Exploit Title: Redaxo CMS Mediapool Addon 5.5.1 - Arbitrary File Upload Date: 2018-06-13 Exploit Author: mn@HackerWerkstatt Vendor Homepage: https://redaxo.org Software Link: https://redaxo.org/download/redaxo/5.5.1.zip Version: 5.5.1 and...