41207 matches found
Smartshop 1 - Cross-Site Request Forgery
Smartshop 1 - Cross-Site Request Forgery Exploit Title: Smartshop 1 - Cross site request forgery Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage:...
Smartshop 1 - id SQL Injection
Smartshop 1 - id SQL Injection Exploit Title: Smartshop 1 - SQL Injection Date: 2018-06-02 Exploit Author: L0RD or [email protected] Software Link: https://github.com/smakosh/Smartshop/archive/master.zip Vendor Homepage:...
GreenCMS 2.3.0603 - Cross-Site Request Forgery Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery Remote Code Execution Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.06...
Epiphany 3.28.2.1 - Denial of Service
Epiphany 3.28.2.1 - Denial of Service Summary: ephy-session.c in libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call,...
Grid Pro Big Data 1.0 - SQL Injection
Grid Pro Big Data 1.0 - SQL Injection Exploit Title: Grid Pro Big Data 1.0 - 'test.php' SQL Injection Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Vendor Homepage:...
Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion
Microsoft Edge Chakra - EntrySimpleObjectSlotGetter Type Confusion / function optw, arr arr0 = 1.1; let res = w.event; arr0 = 2.3023e-320; return res; let arr = 1.1; for let i = 0; i ::EntrySimpleObjectSlotGetter 00007fffd5cf3d50 // w.event 000001a880001235 48ffd0 call rax 000001a880001238...
New STAR 2.1 - SQL Injection Cross-Site Scripting
New STAR 2.1 - SQL Injection Cross-Site Scripting Exploit Title: New STAR 2.1 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/new-star-listen-youtube-music/7486113 Version: 2.1...
TAC Xenta 511911 - Directory Traversal
TAC Xenta 511911 - Directory Traversal Exploit Title: TAC Xenta 511 and 911 Credentials Disclosure Date: 25.05.2018 Exploit Author: Marek Cybul Vendor Homepage: https://download.schneider-electric.com/files?pFileName=TACXenta911SDS-XENTA911.pdf Version: 5.17 Schneider Electric TAC Xenta 911 and 5...
PHP Dashboards NEW 5.5 - email SQL Injection
PHP Dashboards NEW 5.5 - email SQL Injection Exploit Title: PHP Dashboards NEW v5.5 - 'Login' SQL Injection Dork: N/A Date: 31.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/php-dashboards-v50-brand-new-enterprise-edition/21540104...
CSV Import Export 1.1.0 - SQL Injection Cross-Site Scripting
CSV Import Export 1.1.0 - SQL Injection Cross-Site Scripting Exploit Title: CSV Import & Export v1.1.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 30.05.2018 Exploit Author: Kağan Çapar Contact: [email protected] Vendor Homepage: https://codecanyon.net/item/csv-import-export/2110550...
Procps-ng - Multiple Vulnerabilities
Procps-ng - Multiple Vulnerabilities Qualys Security Advisory Procps-ng Audit Report ======================================================================== Contents ======================================================================== Summary 1. FUSE-backed /proc/PID/cmdline 2. Unprivileged...
Dolibarr ERPCRM 7.0.0 - (Authenticated) SQL Injection
Dolibarr ERPCRM 7.0.0 - Authenticated SQL Injection CVE-2018-10094 Dolibarr SQL Injection vulnerability Description Dolibarr is an "Open Source ERP & CRM for Business" used by many companies worldwide. It is available through GitHub or as distribution packages e.g .deb package. Threat The...
Yosoro 1.0.4 - Remote Code Execution
Yosoro 1.0.4 - Remote Code Execution Exploit title: Yosoro 1.0.4 - Remote Code Execution Date: 2018-05-29 Exploit Author: Carlo Pelliccioni Vendor homepage: https://yosoro.coolecho.net/ Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip Version:...
MachForm 4.2.3 - SQL Injection Path Traversal Upload Bypass
MachForm 4.2.3 - SQL Injection Path Traversal Upload Bypass Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin...
Siemens SIMATIC S7-300 CPU - Remote Denial of Service
Siemens SIMATIC S7-300 CPU - Remote Denial of Service Exploit Title: Siemens SIMATIC S7-300 CPU - Remote Denial Of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-30 Exploit Author: t4rkd3vilz Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-300 CPU family: all versions...
SearchBlox 8.6.6 - Cross-Site Request Forgery
SearchBlox 8.6.6 - Cross-Site Request Forgery Exploit Title: CSRF Privilege Escalation Creation of an administrator account on SearchBlox 8.6.6 Exploit Author: Canberk BOLAT, Ahmet GÜREL Software Link: https://www.searchblox.com/ Version: = SearchBlox Version 8.6.6 Platform: Java Tested on: Windo...
NUUO NVRmini2 NVRsolo - Arbitrary File Upload
NUUO NVRmini2 NVRsolo - Arbitrary File Upload Exploit Title: NUUO NVRmini2 / NVRsolo Arbitrary File Upload Vulnerability Google Dork: intitle:NUUO Network Video Recorder Login Date: 2018-05-20 Exploit Author: M3@Pandas Vendor Homepage: http://www.nuuo.com Software Link: N/A Version: all Tested on...
Sitemakin SLAC 1.0 - my_item_search SQL Injection
Sitemakin SLAC 1.0 - myitemsearch SQL Injection Exploit Title: SLAC v1.0: Blind SQL Injection / XPath Injection Date: 29-05-2018 Vendor Homepage: https://sitemakin.com/login-script-demo Exploit Author: Divya Jain Version: v1.0 CVE: CVE-2018-11535 Category: Webapps Severity: High Tested on: KaLi...
Facebook Clone Script 1.0.5 - search SQL Injection
Facebook Clone Script 1.0.5 - search SQL Injection Exploit Title: Facebook Clone Script 1.0.5 - 'search' SQL Injection Date: 2018-05-29 Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 POC : SQLi : Parameter : search Typ...
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery
Facebook Clone Script 1.0.5 - Cross-Site Request Forgery Exploit Title: Facebook Clone Script 1.0.5 - Cross-Site Request Forgery Date: 2018-05-29 Exploit Author: L0RD Vendor Homepage: https://www.phpscriptsmall.com/product/facebook-clone/ Version: 1.0.5 Tested on: Win 10 Description : Facebook...
GNU Barcode 0.99 - Buffer Overflow
GNU Barcode 0.99 - Buffer Overflow GNU Barcode 0.99 - Buffer Overflow Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Author: Gjoko 'LiquidWorm' Krstic Tested on: Ubuntu 16.04.4 Affected versio...
GNU Barcode 0.99 - Memory Leak
GNU Barcode 0.99 - Memory Leak GNU Barcode 0.99 - Memory Leak Vendor: The GNU Project | Free Software Foundation, Inc. Product web page: https://www.gnu.org/software/barcode/ https://directory.fsf.org/wiki/Barcode Affected version: 0.99 Tested on: Ubuntu 16.04.4 Author: Gjoko 'LiquidWorm' Krstic...
IssueTrak 7.0 - SQL Injection
IssueTrak 7.0 - SQL Injection ================ Exploit Title: SQL Injection Vulnerability in Issue Trak = 7.0 Possibly applicable up to version 9.7 Date: 05-28-2018 Vendor Homepage: http://issuetrak.com Version: Confirmed 7.0; = 7.0 extremely likely; up to 9.7 very likely Google Dork:...
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting
MyBB ChangUonDyU Plugin 1.0.2 - Cross-Site Scripting Exploit Title: MyBB ChangUonDyU Advanced Statistics Plugin v1.0.2 - Cross-Site Scripting Date: 5/25/2018 Author: 0xB9 Twitter: @0xB9Sec Contact: 0xB9atpm.me Software Link: https://community.mybb.com/mods.php?action=view&pid=1125 Version: 1.0.2...
Sony Playstation 4 (PS4) 5.1 - Kernel (PoC)
Sony Playstation 4 PS4 5.1 - Kernel PoC log"--- trying kernel exploit --"; function mallocsz var backing = new Uint8Array0x10000+sz; window.nogc.pushbacking; var ptr = p.read8p.leakvalbacking.add320x10; ptr.backing = backing; return ptr; function malloc32sz var backing = new Uint8Array0x10000+sz4...
DomainMod 4.09.03 - sslpaid Cross-Site Scripting
DomainMod 4.09.03 - sslpaid Cross-Site Scripting Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter Date: 2018-05-28 Exploit Author: longer([email protected]) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link:...
wityCMS 0.6.1 - Cross-Site Scripting
wityCMS 0.6.1 - Cross-Site Scripting Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field Date: 05/28/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: https://creatiwity.net/witycms Software Link:...
Sony Playstation 4 (PS4) 5.07 - Jailbreak WebKit bpf v2 Kernel Loader
Sony Playstation 4 PS4 5.07 - Jailbreak WebKit bpf v2 Kernel Loader PS4 5.05 Kernel Exploit --- Summary In this project you will find a full implementation of the second "bpf" kernel exploit for the PlayStation 4 on 5.05. It will allow you to run arbitrary code as kernel, to allow jailbreaking an...
Joomla! Component Full Social 1.1.0 - search_query SQL Injection
Joomla! Component Full Social 1.1.0 - searchquery SQL Injection Exploit Title: Joomla! extension Full Social 1.1.0 - 'searchquery' SQL Injection Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link: https://extensions.joomla.org/extension/full-social/ Vendor...
CloudMe Sync 1.11.0 - Buffer Overflow (SEH) (DEP Bypass)
CloudMe Sync 1.11.0 - Buffer Overflow SEH DEP Bypass Exploit: CloudMe Sync netstat -nao | find "8888" TCP 0.0.0.0:8888 0.0.0.0:0 LISTENING 2640 C:\tasklist | find "2640" CloudMe.exe 2640 Console 1 36,632 K Attacking Machine: root@kali:/Desktop python cloudme.py CloudMe Sync v1.10.9 Buffer Overflo...
DomainMod 4.09.03 - oid Cross-Site Scripting
DomainMod 4.09.03 - oid Cross-Site Scripting Exploit Title: DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter Date: 2018-05-28 Exploit Author: longer([email protected]) Vendor Homepage: domainmod https://github.com/domainmod/domainmod Software Link: domainmod...
ALFTP 5.31 - Local Buffer Overflow (SEH Bypass)
ALFTP 5.31 - Local Buffer Overflow SEH Bypass...
WordPress Plugin Events Calendar - SQL Injection
WordPress Plugin Events Calendar - SQL Injection Exploit Title: Wordpress Plugin Events Calendar - SQL Injection Dork: N/A Date: 2018-05-27 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage: https://codecanyon.net/item/wp-events-calendar-plugin/5025660 Version: 1.0 Categor...
Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery
Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery Exploit Title: Joomla! extension JoomOCShop 1.0 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link:...
TP-Link TL-WR840NTL-WR841N - Authenticaton Bypass
TP-Link TL-WR840NTL-WR841N - Authenticaton Bypass Title: TP-Link Multiple RouterTL-WR840N and TL-WR841N Unauthenticated Router Access Vulnerability Author: BlackFog Team Date: 27 May 2018 Website: SecureLayer7.net Contact: [email protected] Version: 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n...
Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery
Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery Exploit Title: Joomla! extension jCart for OpenCart 2.3.0.2 - Cross site request forgery Date: 2018-05-28 Exploit Author: L0RD or [email protected] Software Link:...
Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection Cross-Site Scripting
Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection Cross-Site Scripting Exploit Title: Wordpress Plugin Booking Calendar 3.0.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 26.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: Wachipi Vendor Homepage:...
Werewolf Online 0.8.8 - Information Disclosure
Werewolf Online 0.8.8 - Information Disclosure Exploit Title: Werewolf Online 0.8.8 - Insecure Logging Date: 2018-05-24 Software Link: https://play.google.com/store/apps/details?id=com.werewolfapps.online Download Link:...
ClipperCMS 1.3.3 - Cross-Site Scripting
ClipperCMS 1.3.3 - Cross-Site Scripting Exploit Title: ClipperCMS 1.3.3 Persistent XSS on 'Site name' field Date: 05/27/2018 Exploit Author: Nathu Nandwani Website: http://nandtech.co/ Vendor Homepage: http://www.clippercms.com/ Software Link:...
Baby Names Search Engine 1.0 - a SQL Injection
Baby Names Search Engine 1.0 - a SQL Injection Exploit Title: Baby Names Search Engine v1.0 - 'a' SQL Injection Dork: N/A Date: 27.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor: MediaGeni Vendor Homepage: https://codecanyon.net/item/baby-names-search-engine/11864316 Version: 2.0...
Ingenious School Management System - id SQL Injection
Ingenious School Management System - id SQL Injection Exploit Title: Ingenious School Management System - SQL Injection Date: 2018-05-26 Exploit Author: Meisam Monsef - [email protected] - @meisamrce Vendor Homepage: https://www.codester.com/items/4945/ingenious-school-management-system Version...
BookingWizz Booking System 5.5 - id SQL Injection
BookingWizz Booking System 5.5 - id SQL Injection Exploit Title: BookingWizz Booking System 5.5 - 'bs-services-add.php' SQL Injection Dork: N/A Date: 27.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/booking-system/87919 Version: 5.5 Category: Webap...
Bitmain Antminer D3L3+S9 - Remote Command Execution
Bitmain Antminer D3L3+S9 - Remote Command Execution Exploit Title: Bitmain Antminer D3, L3+, and S9 devices allow Remote Command Execution Google Dork: N/A Date: 27/05/2018 Exploit Author: Corrado Liotta Vendor Homepage: https://www.bitmain.com/ Software Link: N/A Version: Antminer - D3, L3+, S9,...
Listing Hub CMS 1.0 - SQL Injection
Listing Hub CMS 1.0 - SQL Injection Exploit Title: Listing Hub CMS 1.0 - Multiple SQL Injection Dork: N/A Date: 27.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/listing-hub-cms-directory-listings-theme/21361294 Version: 1.0 Category: Webapps Tested...
Lyrist - id SQL Injection
Lyrist - id SQL Injection Exploit Title: Lyrist - Music Lyrics Script - SQL Injection Date: 2018-05-26 Exploit Author: Meisam Monsef - [email protected] - @meisamrce Vendor Homepage: https://www.codester.com/items/7250/lyrist-music-lyrics-script Version: All Version Exploit :...
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery Cross-Site Scripting
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery Cross-Site Scripting Exploit Title: Sharetronix CMS XSRF Vulnerability Version : 3.6.2 Exploit Author: Hesam Bazvand Software Link: http://sharetronix.ir/wp-content/uploads/2014/10/gold.zip Tested on: Windows 10 / Kali Linux Category: WebApps Dor...
My Directory 2.0 - SQL Injection Cross-Site Scripting
My Directory 2.0 - SQL Injection Cross-Site Scripting Exploit Title: My Directory 2.0 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 27.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/my-directory/15859886 Version: 2.0 Category: Webapps Teste...
easyLetters 1.0 - id SQL Injection
easyLetters 1.0 - id SQL Injection Exploit Title: easyLetters 1.0 - 'id' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/easyletters/5281396 Version: 1.0 Category: Webapps Tested on: Kali linux...
mySurvey 1.0 - id SQL Injection
mySurvey 1.0 - id SQL Injection Exploit Title: mySurvey 1.0 - 'statistic.php' SQL Injection Dork: N/A Date: 25.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/mysurvey/6794645 Version: 1.0 Category: Webapps Tested on: Kali linux Description : You can...
EasyService Billing 1.0 - Cross-Site Scripting
EasyService Billing 1.0 - Cross-Site Scripting !-- Exploit Title: EasyService Billing 1.0 Cross-Site Scripting in 'q' Parameter Date: 25-05-2018 Software Link: https://codecanyon.net/item/easyservice-billing-php-scripts-for-quotation-invoice-payments-etc/16687594 Exploit Author: Divya Jain Versio...