41207 matches found
MACCMS 10 - Cross-Site Request Forgery (Add User)
MACCMS 10 - Cross-Site Request Forgery Add User Exploit Title: MACCMSV10 CSRF vulnerability add admin account Date: 2018-06-11 Exploit Author: bay0net Vendor Homepage: https://www.cnblogs.com/v1vvwv/p/9168309.html Software Link: http://www.maccms.com/down.html Version: V10 CVE : CVE-2018-12114 I...
WordPress Plugin Ultimate Form Builder Lite 1.3.7 - SQL Injection
WordPress Plugin Ultimate Form Builder Lite 1.3.7 - SQL Injection Title: WordPress Ultimate Form Builder Lite Plugin getrow Vulnerable Variable: $POST'entryid' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin-ajax.php Vulnerable POST body:...
Joomla! Component EkRishta 2.10 - username SQL Injection
Joomla! Component EkRishta 2.10 - username SQL Injection Exploit Title: Joomla! Component EkRishta 2.10 - 'username' SQL Injection Date: 2018-06-11 Exploit Author: L0RD Software Link: https://extensions.joomla.org/extension/ek-rishta/ Vendor Homepage: https://www.joomlaextensions.co.in/ Version:...
OX App Suite 7.8.4 - Multiple Vulnerabilities
OX App Suite 7.8.4 - Multiple Vulnerabilities Product: OX App Suite Vendor: OX Software GmbH Internal reference: 55872 Bug ID Vulnerability type: Cross-Site Scripting CWE-80 Vulnerable version: 7.8.4 and earlier Vulnerable component: frontend Report confidence: Confirmed Solution status: Fixed by...
Canon PrintMe EFI - Cross-Site Scripting
Canon PrintMe EFI - Cross-Site Scripting Title: Canon PrintMe EFI - Cross-Site Scripting Date: 9.6.2018-06-09 Exploit Author: Huy Kha Vendor Homepage: https://www.efi.com/ Version: Canon PrintMe EFI Tested on: Mozilla FireFox CVE: CVE-2018-12111 XSS Payload used: '"--! PoC GET...
WordPress Plugin Google Map 4.0.4 - SQL Injection
WordPress Plugin Google Map 4.0.4 - SQL Injection Title: WordPress Google Map Plugin getresults Vulnerable Variable: $GET'order' Vulnerable URL: http://vulnerablesite.com/wp-admin/admin.php?page=wpgmpmanagelocation&orderby=locationaddress&order=asc PROCEDURE...
Event Manager Admin panel - events_new.php SQL injection
Event Manager Admin panel - eventsnew.php SQL injection Exploit Title: Event Manager PHP Script Admin panel - 'eventsnew.php' SQL injection Date: 2018-06-10 Exploit Author: telahdihapus Vendor Homepage: https://codecanyon.net/user/ezcode Software Link:...
WordPress Plugin Pie Register 3.0.9 - Blind SQL Injection
WordPress Plugin Pie Register 3.0.9 - Blind SQL Injection Title: WordPress Plugin Pie Register order = escsql $order ; IV. PROOF OF CONCEPT The following URL have been confirmed to all suffer from Time Based SQL Injection. GET...
Joomla! Component EkRishta 2.10 - cid SQL Injection
Joomla! Component EkRishta 2.10 - cid SQL Injection Exploit Title: Joomla! Component Ek Rishta 2.10 - SQL Injection Dork: N/A Date: 08.06.2018 Vendor Homepage: https://www.joomlaextensions.co.in/ Software Link: https://extensions.joomla.org/extension/ek-rishta/ Version: 2.10 Tested on: WiN7x64/...
Schools Alert Management Script - Arbitrary File Deletion
Schools Alert Management Script - Arbitrary File Deletion Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web...
WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service (Metasploit)
WebKitGTK+ 2.21.3 - WebKitFaviconDatabase Denial of Service Metasploit Title: WebKitGTK+ "WebKitGTK+ WebKitFaviconDatabase DoS", 'Description' = %q This module exploits a vulnerability in WebKitFaviconDatabase when pageURL is unset. If successful, it could lead to application crash, resulting in...
Schools Alert Management Script - get_sec.php SQL Injection
Schools Alert Management Script - getsec.php SQL Injection Exploit Title: Schools Alert Management Script - 'getsec.php' SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category:...
Schools Alert Management Script - Arbitrary File Read
Schools Alert Management Script - Arbitrary File Read Exploit Title: Schools Alert Management Script - Arbitrary File Read Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web...
userSpice 4.3.24 - Username Enumeration
userSpice 4.3.24 - Username Enumeration Exploit Title: userSpice 4.3.24 - Username Enumeration Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu import sys import os.path import requests print"+ UserSpice 4.3.24 Username Enumeration"...
userSpice 4.3.24 - X-Forwarded-For Cross-Site Scripting
userSpice 4.3.24 - X-Forwarded-For Cross-Site Scripting Exploit Title: userSpice 4.3.24 - 'X-Forwarded-For' Cross-Site Scripting Date: 2018-06-10 Author: Dolev Farhi Vendor or Software Link: www.userspice.com Version: 4.3.24 Tested on: Ubuntu Payload will get executed when admin visits the audit...
Schools Alert Management Script - SQL Injection
Schools Alert Management Script - SQL Injection Exploit Title: Schools Alert Management Script - SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit...
Siaberry 1.2.2 - Command Injection
Siaberry 1.2.2 - Command Injection Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying and selling data storage...
Google Chrome - Integer Overflow when Processing WebAssembly Locals
Google Chrome - Integer Overflow when Processing WebAssembly Locals / When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypass...
XiongMai uc-httpd 1.0.0 - Buffer Overflow
XiongMai uc-httpd 1.0.0 - Buffer Overflow Exploit Title: XiongMai uc-httpd 1.0.0 - Buffer Overflow Date: 2018-06-08 Exploit Author: Andrew Watson Software Version: XiongMai uc-httpd 1.0.0 Vendor Homepage: http://www.xiongmaitech.com/en/ Tested on: KKMoon DVR running XiongMai uc-httpd 1.0.0 on...
WebKit - Use-After-Free when Resuming Generator
WebKit - Use-After-Free when Resuming Generator !-- In WebKit, resuming a generator is implemented in JavaScript. An internal object property, @generatorState is used to prevent recursion within generators. In GeneratorPrototype.js, the state is checked by calling: var state = this.@generatorStat...
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass
TrendMicro OfficeScan XG 11.0 - Change Prevention Bypass + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/TRENDMICRO-OFFICESCAN-XG-v11.0-UNAUTHORIZED-CHANGE-PREVENTION-SERVICE-BYPASS.txt + ISR: Apparition Security Greetz:...
Gnome Web (Epiphany) 3.28.2.1 - Denial of Service
Gnome Web Epiphany 3.28.2.1 - Denial of Service Title: Gnome Web/Epiphany Browser libephymain.so in GNOME WEB/Epiphany PoC: b1tch3z = window.open"https://www.google.com", "bl1ngbl1ng", "width=250,height=250"; b1tch3z.document.write"ua b1tch3z"; // https://github.com/undergroundagency //...
WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access
WebRTC - VP9 Frame Processing Out-of-Bounds Memory Access There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::ManageFrameVp9 fetches the GofInfo based on a picidx parsed fr...
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access
WebRTC - VP9 Missing Frame Processing Out-of-Bounds Memory Access There is a missing check in VP9 frame processing that could lead to memory corruption. In the file videocoding/rtpframereferencefinder.cc, the function RtpFrameReferenceFinder::MissingRequiredFrameVp9 contains the following code:...
Splunk 7.0.1 - Information Disclosure
Splunk 7.0.1 - Information Disclosure Exploit Title: Splunk 7.0.1 - Information Disclosure Date: 2018-05-23 Exploit Author: KoF2002 Vendor Homepage: https://www.splunk.com/ Version: 6.2.3 - 7.01 MAYBE ALL VERSION AFFECTED Tested on: Linux OS CVE : CVE-2018-11409 Splunk through 6.2.3 7.0.1 allows...
WebKit - WebAssembly Compilation Info Leak
WebKit - WebAssembly Compilation Info Leak arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, the functio...
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection
WordPress Plugin Contact Form Maker 1.12.20 - SQL Injection Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Date: 2018-06-07 Author: Neven Biruski Software: WordPress Contact Form Maker plugin Software link: https://wordpress.org/plugins/contact-form-maker/ Version: 1.12.20 and...
Monstra CMS 3.0.4 - Cross-Site Scripting (1)
Monstra CMS 3.0.4 - Cross-Site Scripting 1 Title: Monstra CMS www.target.com' url = input'Target : ' print' Required admin's PHPSESSID.' PHPSESSID = input'PHPSESSID : ' pagename = input'Pagename : ' script = input'Script : ' target = 'http://' + url + '/admin/index.php?id=pages&action=addpage'...
WampServer 3.0.6 - Cross-Site Request Forgery
WampServer 3.0.6 - Cross-Site Request Forgery Exploit Title: WampServer 3.0.6 - Cross-Site Request Forgery Date: 2018-06-11 Exploit Author: L0RD Software Link: https://ufile.io/gpqh9 Vendor Homepage: http://www.wampserver.com/en/ Version: 3.0.6 - 64bit Tested on: Win 10 Description : An issue was...
WordPress Plugin Form Maker 1.12.24 - SQL Injection
WordPress Plugin Form Maker 1.12.24 - SQL Injection Title: WordPress Form Maker Plugin 1.12.24 - SQL Injection Date: 2018-06-07 Author: Neven Biruski Software: WordPress Form Maker plugin https://wordpress.org/plugins/form-maker/ Version: 1.12.24 and below Vendor Status: Vendor contacted, update...
Ftp Server 1.32 - Credential Disclosure
Ftp Server 1.32 - Credential Disclosure Exploit Title: Ftp Server 1.32 - Credential Disclosure Date: 2018-05-29 Software Link: https://play.google.com/store/apps/details?id=com.theolivetree.ftpserver Version: 1.32 Android App Vendor: The Olive Tree Exploit Author: ManhNho CVE: N/A Category: Mobil...
Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver
Apple macOS Kernel - Use-After-Free Due to Lack of Locking in nvidia GeForce Driver / nvDevice::SetAppSupportBits is external method 0x107 of the nvAccelerator IOService. It calls taskdeallocate without locking. Two threads can race calling this external method to drop two task references when on...
Apple macOSiOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist
Apple macOSiOS Kernel - Heap Overflow Due to Lack of Lower Size Check in getvolattrlist / getvolattrlist takes a user controlled bufferSize argument via the fgetattrlist syscall. When allocating a kernel buffer to serialize the attr list to there's the following comment: / Allocate a target buffe...
PHP 7.2.2 - php_stream_url_wrap_http_ex Buffer Overflow
PHP 7.2.2 - phpstreamurlwraphttpex Buffer Overflow Description: ------------ The latest PHP distributions contain a memory corruption bug while parsing malformed HTTP response packets. Vulnerable code at: phpstreamurlwraphttpex /home/weilei/php-7.2.2/ext/standard/httpfopenwrapper.c:723 if...
XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP
XNU Kernel - Heap Overflow Due to Bad Bounds Checking in MPTCP mptcpusrconnectx is the handler for the connectx syscall for the APMULTIPATH socket family. The logic of this function fails to correctly handle source and destination sockaddrs which aren't AFINET or AFINET6: // verify salen for...
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 - Local Buffer Overflow SEH...
10-Strike Network Scanner 3.0 - Local Buffer Overflow (SEH)
10-Strike Network Scanner 3.0 - Local Buffer Overflow SEH...
MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting
MyBB Recent Threads Plugin 1.0 - Cross-Site Scripting Exploit Title: MyBB Recent Threads Plugin v1.0 - Cross-Site Scripting Date: 6/2/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=842 Version: 1.0 Tested on: Ubuntu 18.0...
WebKitGTK+ 2.21.3 - Crash (PoC)
WebKitGTK+ 2.21.3 - Crash PoC Title: WebKitGTK+ win = window.open"sleeponesecond.php", "WIN"; window.open"https://www.paypal.com", "WIN"; win.document.execCommand'Stop'; win.document.write"Spoofed URL"; win.document.close; Backtrace using fedora 27: 0 WTF::StringImpl::rawHash at...
Linux Kernel 4.16.11 - ext4_read_inline_data() Memory Corruption
Linux Kernel 4.16.11 - ext4readinlinedata Memory Corruption ext4 can store data for small regular files as "inline data", meaning that the data is stored inside the corresponding inode instead of in separate blocks. Inline data is stored in two places: The first 60 bytes go in the iblock field in...
10-Strike Network Inventory Explorer 8.54 - Registration Key Buffer Overflow (SEH)
10-Strike Network Inventory Explorer 8.54 - Registration Key Buffer Overflow SEH...
Clone2GO Video converter 2.8.2 - Buffer Overflow
Clone2GO Video converter 2.8.2 - Buffer Overflow !/usr/bin/python ---------------------------------------------------------------------------------------------------------------------- Exploit Title : Clone 2 GO Video converter 2.8.2 Unicode Buffer Overflow Remote Code Execution Exploit Author :...
Jenkins Mailer Plugin 1.20 - Cross-Site Request Forgery (Send Email)
Jenkins Mailer Plugin 1.20 - Cross-Site Request Forgery Send Email Exploit Title : Jenkins mailer plugin \ '+table'covermessage'+'' s = smtplib.SMTPtable'smtpserver' s.starttls s.logintable'lid', table'lpw' s.sendmailmsg'From', msg'To', msg.asstring def urlset : url...
Pagekit 1.0.13 - Cross-Site Scripting Code Generator
Pagekit 1.0.13 - Cross-Site Scripting Code Generator Title: Pagekit ' + code + '' f = openname, 'w+' f.writecode f.close if name == 'main': print''' / \ \ / / | | \ / / | / / | | / / | || | | | \ \ / /| | | | | | |/ \ | | | | ' | || | | | \ V / | ||/ /| || | | || | | | | | | / || ||/||/ |||/...
SearchBlox 8.6.7 - XML External Entity Injection
SearchBlox 8.6.7 - XML External Entity Injection Exploit Title: SearchBlox 8.6.7 Out-Of-Band XML eXternal Entity OOB-XXE Exploit Author: Ahmet GUREL, Canberk BOLAT Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.7 Platform: Java Tested on: Windows CVE: CVE-2018-11586 ...
Zip-n-Go 4.9 - Buffer Overflow (SEH)
Zip-n-Go 4.9 - Buffer Overflow SEH !/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : Zip-n-Go v4.9 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage :...
CyberArk 10 - Memory Disclosure
CyberArk 10 - Memory Disclosure Exploit Title: CyberArk 10 - Memory Disclosure Date: 2018-06-04 Exploit Author: Thomas Zuk Vendor Homepage: https://www.cyberark.com/products/privileged-account-security-solution/enterprise-password-vault/ Version: 9.7 and 10 Tested on: Windows 2008, Windows 2012,...
Brother HL Series Printers 1.15 - Cross-Site Scripting
Brother HL Series Printers 1.15 - Cross-Site Scripting Exploit Title: XSS at Brother HL series printers Date: 30.05.2018 Exploit Author: Huy Kha Vendor Homepage: http://support.brother.com Software Link: Website Version: Brother HL series printers. Tested on: Mozilla FireFox Reflected XSS Payload...
EMS Master Calendar 8.0.0.20180520 - Cross-Site Scripting
EMS Master Calendar 8.0.0.20180520 - Cross-Site Scripting Exploit Title: EMS Master Calendar alert'XSS'xyz...
GreenCMS 2.3.0603 - Cross-Site Request Forgery (Add Admin)
GreenCMS 2.3.0603 - Cross-Site Request Forgery Add Admin Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability add admin Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE :...