41207 matches found
Trend Micro Maximum Security 2019 - Arbitrary Code Execution
Trend Micro Maximum Security 2019 - Arbitrary Code Execution Exploit Title: Trend Micro Maximum Security 2019 - Arbitrary Code Execution Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security...
Trend Micro Maximum Security 2019 - Privilege Escalation
Trend Micro Maximum Security 2019 - Privilege Escalation Exploit Title: Trend Micro Maximum Security 2019 - Privilege Escalation Date: 2020-1-16 Exploit Author: hyp3rlinx Vendor Homepage: www.trendmicro.com Version: Platform Microsoft Windows, Premium Security 2019 v15, Maximum Security 2019 v15...
GTalk Password Finder 2.2.1 - Key Denial of Service (PoC)
GTalk Password Finder 2.2.1 - Key Denial of Service PoC Exploit Title: GTalk Password Finder 2.2.1 - 'Key' Denial of Service PoC Exploit Author: Ismail Tasdelen Exploit Date: 2020-01-16 Vendor Homepage : http://www.nsauditor.com/ Link Software :...
APKF Product Key Finder 2.5.8.0 - Name Denial of Service (PoC)
APKF Product Key Finder 2.5.8.0 - Name Denial of Service PoC Exploit Title: APKF Product Key Finder 2.5.8.0 - 'Name' Denial of Service PoC Exploit Author: Ismail Tasdelen Exploit Date: 2020-01-16 Vendor Homepage : http://www.nsauditor.com/ Link Software :...
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass
Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Exploit Title: Wordpress Plugin InfiniteWP Client 1.9.4.5 - Authentication Bypass Date: 2020-1-16 Exploit Author: Raphael Karger Vendor Homepage: https://infinitewp.com/ Version: InfiniteWP Client 1.9.4.5 !/usr/bin/python3 import...
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass
Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Exploit Title: Wordpress Time Capsule Plugin 1.21.16 - Authentication Bypass Date: 2020-01-16 Exploit Author: B. Canavate Vendor Homepage: https://wptimecapsule.com/ Software Link: https://wptimecapsule.com/ Version: Wordpress Time...
Tautulli 2.1.9 - Denial of Service ( Metasploit )
Tautulli 2.1.9 - Denial of Service Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Tautulli v2.1.9 - Shutdown Denial of Service', 'Description' = 'Tautulli versions 2.1.9 and prior a...
Rukovoditel Project Management CRM 2.5.2 - reports_id SQL Injection
Rukovoditel Project Management CRM 2.5.2 - reportsid SQL Injection Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'reportsid' SQL Injection Google Dork: N/A Date: 2020-01-15 Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net...
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting
Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Exploit Title: Jenkins Gitlab Hook Plugin 1.4.2 - Reflected Cross-Site Scripting Exploit Author: Ai Ho Vendor Homepage : https://jenkins.io/ Effective version : Gitlab Hook Plugin 1.4.2 and earlier References:...
Rukovoditel Project Management CRM 2.5.2 - filters SQL Injection
Rukovoditel Project Management CRM 2.5.2 - filters SQL Injection Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection Google Dork: N/A Date: 2020-01-15 Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage: https://www.rukovoditel.net/...
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting
WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Exploit Title: WordPress Plugin Postie 1.9.40 - Persistent Cross-Site Scripting Google Dork: inurl:/wp-content/plugins/postie/readme.txt Date: 2020-01-15 Exploit Author: V1n1v131r4 Vendor Homepage: https://postieplugin.com/ Software...
Citrix Application Delivery Controller (ADC) and Gateway 13.0 - Path Traversal
Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal Exploit Title: Citrix Application Delivery Controller ADC and Gateway 13.0 - Path Traversal Date: 2019-12-17 CVE: CVE-2019-19781 Vulenrability: Path Traversal Vulnerablity Discovery: Mikhail Klyuchnikov Exploit Author:...
Rukovoditel Project Management CRM 2.5.2 - entities_id SQL Injection
Rukovoditel Project Management CRM 2.5.2 - entitiesid SQL Injection Exploit Title: Rukovoditel Project Management CRM 2.5.2 - 'entitiesid' SQL Injection Google Dork: N/A Date: 2020-01-15 Blog: https://fatihhcelik.blogspot.com/ Exploit Author: Fatih Çelik Vendor Homepage:...
Online Book Store 1.0 - Arbitrary File Upload
Online Book Store 1.0 - Arbitrary File Upload Exploit Title: Online Book Store 1.0 - Arbitrary File Upload Google Dork: N/A Date: 2020-01-16 Exploit Author: Or4nG.M4n aka S4udiExploit Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software...
SunOS 5.10 Generic_147148-26 - Local Privilege Escalation
SunOS 5.10 Generic147148-26 - Local Privilege Escalation Exploit: SunOS 5.10 Generic147148-26 - Local Privilege Escalation Date: 2020-01-15 Author: Marco Ivaldi Vendor: www.oracle.com Software Link: https://www.oracle.com/technetwork/server-storage/solaris10/downloads/latest-release/index.html CV...
Sagemcom F@ST 3890 (50_10_19-T1) Cable Modem - Cable Haunt Remote Code Execution
Sagemcom F@ST 3890 501019-T1 Cable Modem - Cable Haunt Remote Code Execution // EDB Note: Download https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47936.zip function buf2hexbuffer // buffer is an ArrayBuffer return Array.prototype.map.callnew Uint8Arraybuffer, x...
Online Book Store 1.0 - bookisbn SQL Injection
Online Book Store 1.0 - bookisbn SQL Injection Exploit Title: Online Book Store 1.0 - 'bookisbn' SQL Injection Google Dork: N/A Date: 2020-01-15 Exploit Author: AmirHadi Yazdani Ertebat Gostar Co. Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-ph...
Huawei HG255 - Directory Traversal ( Metasploit )
Huawei HG255 - Directory Traversal Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. class MetasploitModule 'Huawei HG255 Directory...
Microsoft Windows - CryptoAPI (Crypt32.dll) Elliptic Curve Cryptography (ECC) Spoof Code-Signing Certificate
Microsoft Windows - CryptoAPI Crypt32.dll Elliptic Curve Cryptography ECC Spoof Code-Signing Certificate EDB Note Download: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47933.zip require 'openssl' raw = File.read "ca.crt" cacert =...
Redir 3.3 - Denial of Service (PoC)
Redir 3.3 - Denial of Service PoC Exploit Title: Redir 3.3 - Denial of Service PoC Date: 2020-01-14 Exploit Author: hieubl from HPT Cyber Security Vendor Homepage: https://github.com/troglobit/redir Software Link: https://github.com/troglobit/redir Version: 3.3 Tested on: Kali GNU/Linux Rolling...
VPN unlimited 6.1 - Unquoted Service Path
VPN unlimited 6.1 - Unquoted Service Path Exploit Title: VPN unlimited 6.1 - Unquoted Service Path Date: 2020-1-13 Exploit Author: Amin Rawah Vendor Homepage: https://www.vpnunlimitedapp.com Version: 6.1 Tested on: Windows 10 64bit C:\Users\Aminsc qc VPNUnlimitedService SC QueryServiceConfig...
WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM
WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM There is a memory corruption vulnerability in audio processing during a voice call in WeChat. When an RTP packet is processed, there is a call to UnpacketRTP. This function decrements the length of the packet by 12 without checking tha...
IBM RICOH 6400 Printer - HTML Injection
IBM RICOH 6400 Printer - HTML Injection Exploit Title: IBM RICOH 6400 Printer - HTML Injection Date: 2020-01-02 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ibm.com/il-en Hardware Link:...
IBM RICOH InfoPrint 6500 Printer - HTML Injection
IBM RICOH InfoPrint 6500 Printer - HTML Injection Exploit Title: IBM RICOH InfoPrint 6500 Printer - HTML Injection Date: 2020-01-02 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.ibm.com/il-en Hardware Link:...
Android - ashmem Readonly Bypasses via remap_file_pages() and ASHMEM_UNPIN
Android - ashmem Readonly Bypasses via remapfilepages and ASHMEMUNPIN This bug report describes two ways in which an attacker can modify the contents of a read-only ashmem fd. I'm not sure at this point what the most interesting user of ashmem is in the current Android release, but there are...
SpotOutlook 1.2.6 - Name Denial of Service (PoC)
SpotOutlook 1.2.6 - Name Denial of Service PoC Exploit Title: SpotOutlook 1.2.6 - 'Name' Denial of Service PoC Exploit Author: Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotoutlooksetup.exe Tested on OS:...
Microsoft Windows 10 build 1809 - Local Privilege Escalation (UAC Bypass)
Microsoft Windows 10 build 1809 - Local Privilege Escalation UAC Bypass Exploit Title: Microsoft Windows 10 - Local Privilege Escalation UAC Bypass Author: Nassim Asrir Date: 2019-01-10 Exploit Author: Nassim Asrir CVE: N/A Tested On: Windows 10Pro 1809 Vendor : https://www.microsoft.com Technica...
TaskCanvas 1.4.0 - Registration Denial Of Service
TaskCanvas 1.4.0 - Registration Denial Of Service Exploit Title: TaskCanvas 1.4.0 - 'Registration' Denial Of Service Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : https://www.digitalvolcano.co.uk/ Link Software : https://www.digitalvolcano.co.uk/taskcanvasdownload.ht...
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow (SEH)
Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow SEH Exploit Title: Allok RM RMVB to AVI MPEG DVD Converter 3.6.1217 - Stack Overflow SEH Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.alloksoft.com Software Link:...
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting
Digi AnywhereUSB 14 - Reflective Cross-Site Scripting Exploit Title: Digi AnywhereUSB 14 - Reflective Cross-Site Scripting Date: 2019-11-10 Exploit Author: Raspina Net Pars Group Vendor Homepage: https://www.digi.com/products/networking/usb-connectivity/usb-over-ip/awusb Version: 1.93.21.19 CVE :...
SpotDialup 1.6.7 - Name Denial of Service (PoC)
SpotDialup 1.6.7 - Name Denial of Service PoC Exploit Title: SpotDialup 1.6.7 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software : http://www.nsauditor.com/downloads/spotdialupsetup.exe Tested on OS:...
Backup Key Recovery 2.2.5 - Name Denial of Service (PoC)
Backup Key Recovery 2.2.5 - Name Denial of Service PoC Exploit Title: Backup Key Recovery 2.2.5 - 'Name' Denial of Service PoC Exploit Author : Ismail Tasdelen Exploit Date: 2020-01-06 Vendor Homepage : http://www.nsauditor.com/ Link Software :...
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions Exploit Title: Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions Exploit Author: ZwX Exploit Date: 2020-01-12 Vendor Homepage : https://advancedsystemrepair.com/ Software Link:...
Allok Video Converter 4.6.1217 - Stack Overflow (SEH)
Allok Video Converter 4.6.1217 - Stack Overflow SEH Exploit Title: Allok Video Converter 4.6.1217 - Stack Overflow SEH Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.alloksoft.com Software Link: https://www.alloksoft.com/allokvconverter.exe Version: 4.6.1217...
Top Password Software Dialup Password Recovery 1.30 - Denial of Service (PoC)
Top Password Software Dialup Password Recovery 1.30 - Denial of Service PoC Exploit Title: Top Password Software Dialup Password Recovery 1.30 - Denial of Service PoC Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.top-password.com/ Software Link:...
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution (Metasploit)
Citrix Application Delivery Controller and Gateway 10.5 - Remote Code Execution Metasploit This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Citrix ADC Remote Code Execution', 'Description' = %q ...
Chevereto 3.13.4 Core - Remote Code Execution
Chevereto 3.13.4 Core - Remote Code Execution Exploit Title: Chevereto 3.13.4 Core - Remote Code Execution Date: 2020-01-11 Exploit Author: Jinny Ramsmark Vendor Homepage: https://chevereto.com/ Software Link: https://github.com/Chevereto/Chevereto-Free/releases Version: 1.0.0 Free - 1.1.4 Free, ...
Top Password Firefox Password Recovery 2.8 - Denial of Service (PoC)
Top Password Firefox Password Recovery 2.8 - Denial of Service PoC Exploit Title: Top Password Firefox Password Recovery 2.8 - Denial of Service PoC Date: 2020-01-12 Exploit Author: Antonio de la Piedra Vendor Homepage: https://www.top-password.com/ Software Link:...
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution (PoC)
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution PoC !/bin/bash Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway - CVE-2019-19781 Usage : bash CVE-2019-19781.sh IPOFVULNURABLEHOST COMMANDTOEXECUTE e.g : bash...
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution
Citrix Application Delivery Controller and Citrix Gateway - Remote Code Execution !/usr/bin/python3 Exploits the Citrix Directory Traversal Bug: CVE-2019-19781 You only need a listener like netcat to catch the shell. Shout out to the team: Rob Simon, Justin Elze, Logan Sampson, Geoff Walton,...
Pandora 7.0NG - Remote Code Execution
Pandora 7.0NG - Remote Code Execution Exploit Title: Pandora 7.0NG - Remote Code Execution Date: 2019-11-14 Exploit Author: Askar @mohammadaskar2 CVE: CVE-2019-20224 Vendor Homepage: https://pandorafms.org/ Software link: https://pandorafms.org/features/free-download-monitoring-software/ Version:...
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution
PixelStor 5000 K:4.0.1580-20150629 - Remote Code Execution Exploit Title: PixelStor 5000 - Remote Code Execution Product: PixelStor 5000 Vendor: Rasilient Date: 2020-01-08 Exploit Author: .:UND3R:. Vendor Homepage: http://rasilient.com Version: K:4.0.1580-20150629 KDI Version Tested on:...
ASTPP 4.0.1 VoIP Billing - Database Backup Download
ASTPP 4.0.1 VoIP Billing - Database Backup Download Exploit Title: ASTPP 4.0.1 VoIP Billing - Database Backup Download Date: 2019-11-18 Exploit Author: Fabien AUNAY Vendor Homepage: https://www.astppbilling.org/ Software Link: https://github.com/iNextrix/ASTPP/tree/v4.0.1 Version: 4.0.1 vendor...
TotalAV 2020 4.14.31 - Privilege Escalation
TotalAV 2020 4.14.31 - Privilege Escalation Exploit Title: TotalAV 2020 4.14.31 - Privilege Escalation Date: 2020-01-09 Exploit Author: Kusol Watchara-Apanukorn Vendor Homepage: https://www.totalav.com/ Version: 4.14.31 Fixed on: 5.3.35 Tested on: Windows 10 x64 CVE : CVE-2019-18194 Vulnerability...
MSN Password Recovery 1.30 - XML External Entity Injection
MSN Password Recovery 1.30 - XML External Entity Injection Exploit Title: MSN Password Recovery 1.30 - XML External Entity Injection Exploit Author: ZwX Exploit Date: 2020-01-08 Vendor Homepage : https://www.top-password.com/ Software Link: https://www.top-password.com/download/MSNPRSetup.exe...
ZIP Password Recovery 2.30 - ZIP File Denial of Service (PoC)
ZIP Password Recovery 2.30 - ZIP File Denial of Service PoC Exploit Title: ZIP Password Recovery 2.30 - 'ZIP File' Denial of Service PoC Exploit Author : ZwX Exploit Date: 2020-01-08 Vendor Homepage : https://www.top-password.com/purchase.html Link Software :...
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution
Oracle Weblogic 10.3.6.0.0 - Remote Command Execution Exploit Title: Oracle Weblogic 10.3.6.0.0 - Remote Command Execution Date: 2020-01-08 Exploit Author: Waffles & Paveway3 Vendor Homepage: https://www.oracle.com/middleware/technologies/weblogic.html Version: 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0...
JetBrains TeamCity 2018.2.4 - Remote Code Execution
JetBrains TeamCity 2018.2.4 - Remote Code Execution Exploit Title: JetBrains TeamCity 2018.2.4 - Remote Code Execution Date: 2020-01-07 Exploit Author: Harrison Neal Vendor Homepage: https://www.jetbrains.com/ Software Link: https://confluence.jetbrains.com/display/TW/Previous+Releases+Downloads...
Codoforum 4.8.3 - input_txt Persistent Cross-Site Scripting
Codoforum 4.8.3 - inputtxt Persistent Cross-Site Scripting Exploit Title: Codoforum 4.8.3 - Persistent Cross-Site Scripting Google Dork: intext:"Powered by Codoforum" Date: 2020-01-07 Exploit Author: Vyshnav Vizz Vendor Homepage: https://codoforum.com/index.php Software Link:...
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow
EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Exploit Title: EBBISLAND EBBSHAVE 6100-09-04-1441 - Remote Buffer Overflow Date: 2018-09-19 Exploit Author: Harrison Neal Vendor Homepage: https://www.ibm.com/us-en/ Version: 6100-09-04-1441, 7100-03-05-1524, 7100-04-00-0000,...