Zechat 1.5 - SQL Injection Cross-Site Request Forgery

Zechat 1.5 - SQL Injection Cross-Site Request Forgery Exploit Title: Zechat 1.5 - 'hashtag' / 'v' SQL Injection / Cross site request forgery Date: 2018-05-22 Exploit Author: Borna nematzadeh L0RD or [email protected] Vendor Homepage: https://bylancer.com Version: 1.5 Tested on: Kali...

MakeMyTrip 7.2.4 - Information Disclosure

MakeMyTrip 7.2.4 - Information Disclosure Exploit Title: Android Application MakeMyTrip 7.2.4 - Unencrypted Database Files Date: 2018-05-21 Software Link: MakeMyTrip v7.2.4 Android Application Exploit Author: Divya Jain Version: 7.2.4 Android App CVE: CVE-2018-11242 Category: Mobileapps Tested on...

Easy File Uploader 1.7 - SQL Injection Cross-Site Scripting

Easy File Uploader 1.7 - SQL Injection Cross-Site Scripting Exploit Title: Easy File Uploader 1.7 - SQL Injection / Cross-Site Scripting Dork: N/A Date: 22.05.2018 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage:...

Nordex N1494.0-4.5 - SQL Injection

Nordex N1494.0-4.5 - SQL Injection Exploit Title: Nordex N149/4.0-4.5 Wind Turbine Web Server - SQL Injection Date: 21-05-2018 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.nordex-online.com Tested on: Windows Version: N149/4.0-4.5 Wind Turbine Category: webapps --- Proof Of Concept...

Siemens SIMATIC S7-1500 CPU - Remote Denial of Service

Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Exploit Title: Siemens SIMATIC S7-1500 CPU - Remote Denial of Service Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1500 CPU all...

Feedy RSS News Ticker 2.0 - cat SQL Injection

Feedy RSS News Ticker 2.0 - cat SQL Injection Exploit Title: Feedy RSS News Ticker 2.0 - 'cat' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/feedy-rss-news-ticker/5818277 Version: 2.0 Category: Webapps Tested on: Ka...

Microsoft Edge Chakra JIT - Magic Value Type Confusion

Microsoft Edge Chakra JIT - Magic Value Type Confusion / BOOL JavascriptNativeFloatArray::SetItemuint32 index, double dValue if uint64&dValue == uint64&JavascriptNativeFloatArray::MissingItem JavascriptArray varArr = JavascriptNativeFloatArray::ToVarArraythis; varArr-DirectSetItemAtindex,...

NewsBee CMS 1.4 - download.php SQL Injection

NewsBee CMS 1.4 - download.php SQL Injection Exploit Title: NewsBee CMS 1.4 - 'download.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/19404937 Version:...

NewsBee CMS 1.4 - home-text-edit.php SQL Injection

NewsBee CMS 1.4 - home-text-edit.php SQL Injection Exploit Title: NewsBee CMS 1.4 - 'home-text-edit.php' SQL Injection Dork: N/A Date: 2018-05-22 Exploit Author: Özkan Mustafa Akkuş AkkuS Vendor Homepage: https://codecanyon.net/item/newsbee-fully-featured-news-cms-with-bootstrasp-php-mysql/194049...

Microsoft Windows - POPMOV SS Privilege Escalation

Microsoft Windows - POPMOV SS Privilege Escalation Demo exploitation of the POP SS vulnerability CVE-2018-8897, leading to unsigned code execution with kernel privilages. - KVA Shadowing should be disabled and the relevant security update should be uninstalled. - This may not work with certain...

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting

Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-22 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU family...

AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass

AMD ARM Intel - Speculative Execution Variant 4 Speculative Store Bypass / ======== Intro / Overview ======== After Michael Schwarz made some interesting observations, we started looking into variants other than the three already-known ones. I noticed that Intel's Optimization Manual says in...

Dell EMC RecoverPoint boxmgmt CLI 5.1.2 - Arbitrary File Read

Dell EMC RecoverPoint boxmgmt CLI 5.1.2 - Arbitrary File Read Exploit Title: Dell EMC RecoverPoint boxmgmt CLI /etc/passwd: terminating, 34 bad configuration options Command "ssh...

PaulPrinting CMS Printing 1.0 - SQL Injection

PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Title: PaulPrinting CMS Printing 1.0 - SQL Injection Exploit Date: 2018-05-19 Software Link: https://codecanyon.net/item/paulprinting-cms-printing-solutions/19546365 Author: Mehmet Onder Key Version: 1.0 Tested On: Linux 1. Description Any...

Private Message PHP Script 2.0 - Cross-Site Scripting

Private Message PHP Script 2.0 - Cross-Site Scripting Exploit Title: Private Message PHP Script 2.0 - Persistent Cross-Site scripting Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD Vendor Homepage: https://codecanyon.net/item/private-message-php-script/21027192?srank=1 Version: 2.0 Tested...

Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery

Teradek VidiU Pro 3.0.3 - Server-Side Request Forgery Teradek VidiU Pro 3.0.3 SSRF Vulnerability Vendor: Teradek, LLC Product web page: https://www.teradek.com Affected version: VidiU, VidiU Mini, VidiU Pro 3.0.3r32136 3.0.2r31225 2.4.10 Summary: The Teradek VidiU gives you the freedom to broadca...

Auto Dealership Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities

Auto Dealership Vehicle Showroom WebSys 1.0 - Multiple Vulnerabilities Exploit Title: Auto Dealership & Vehicle Showroom WebSys 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Admin panel Authentication bypass Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD or...

Microsoft Internet Explorer 11 (Windows 7 x64x86) - vbscript Code Execution

Microsoft Internet Explorer 11 Windows 7 x64x86 - vbscript Code Execution Dim lIIl Dim IIIlI6,IllII6 Dim IllI Dim IIllI40 Dim lIlIIl,lIIIll Dim IlII Dim llll,IIIIl Dim llllIl,IlIIII Dim NtContinueAddr,VirtualProtectAddr IlII=195948557...

Teradek Cube 7.3.6 - Cross-Site Request Forgery

Teradek Cube 7.3.6 - Cross-Site Request Forgery input type="submit...

Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting Cross-Site Request Forgery

Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: Flippy DamnFacts - Viral Fun Facts Sharing Script 1.1.0 - Persistent cross site scripting / Cross site request forgery Date: 2018-05-20 Dork: N/A Exploit Author: borna nematzad...

Schneider Electric PLCs - Cross-Site Request Forgery

Schneider Electric PLCs - Cross-Site Request Forgery Exploit Title: Schneider Electric PLCs - Cross-Site Request Forgery Date: 2018-05-12 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Tested on: Windows CVE: CVE-2013-0663 Version: Schneider Electric Quantum PLC:...

Teradek Slice 7.3.15 - Cross-Site Request Forgery

Teradek Slice 7.3.15 - Cross-Site Request Forgery...

ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting

ManageEngine Recovery Manager Plus 5.3 - Cross-Site Scripting Exploit Title: ManageEngine Recovery Manager Plus 5.3 Build 5330 - Persistent Cross-Site Scripting Dated: 2018-03-31 Exploit Author: Ahmet GÜREL Software Link: https://www.manageengine.com/ad-recovery-manager/ Version: = 5.3 Build 5330...

R 3.4.4 - Local Buffer Overflow (DEP Bypass)

R 3.4.4 - Local Buffer Overflow DEP Bypass...

Superfood 1.0 - Multiple Vulnerabilities

Superfood 1.0 - Multiple Vulnerabilities Exploit Title: Superfood - Restaurants & Online Food Order System 1.0 - Persistent cross site scripting / Cross site request forgery / Admin panel Authentication bypass Date: 2018-05-20 Exploit Author: Borna nematzadeh L0RD or [email protected]...

Model Agency Media House Model Gallery 1.0 - Multiple Vulnerabilities

Model Agency Media House Model Gallery 1.0 - Multiple Vulnerabilities Exploit Title: Model Agency Media House & Model Gallery 1.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery / Authentication bypass Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD or...

GitBucket 4.23.1 - Remote Code Execution

GitBucket 4.23.1 - Remote Code Execution Exploit Title: GitBucket 4.23.1 Unauthenticated RCE Date: 21-05-2018 Software Link: https://github.com/gitbucket/gitbucket Exploit Author: Kacper Szurek Contact: https://twitter.com/KacperSzurek Website: https://security.szurek.pl/ Category: remote 1...

Merge PACS 7.0 - Cross-Site Request Forgery

Merge PACS 7.0 - Cross-Site Request Forgery Exploit Title: Merge PACS 7.0 - Cross-Site Request Forgery Google Dork: - Date: 2018-05-21 Exploit Author: Safak Aslan Vendor Homepage: http://www.merge.com/ Version: Merge PACS 7.0 Tested on: Windows CVE: - 1. Proof of Concept history.pushState'', '',...

Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery

Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Exploit Title: Siemens SIMATIC S7-1200 CPU - Cross-Site Request Forgery Google Dork: inurl:/Portal/Portal.mwsl Date: 2018-05-21 Exploit Author: t4rkd3vilz, Jameel Nabbo Vendor Homepage: https://www.siemens.com/ Version: SIMATIC S7-1200 CPU...

Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting

Wchat PHP AJAX Chat Script 1.5 - Cross-Site Scripting Exploit Title: Wchat - Fully Responsive PHP AJAX Chat Script 1.5 - Persistent cross site scripting Date: 2018-05-21 Exploit Author: Borna nematzadeh L0RD Vendor Homepage:...

Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery

Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery input type="hidden" name="pw2" value...

Zenar Content Management System - Cross-Site Scripting

Zenar Content Management System - Cross-Site Scripting Exploit Title: Zenar Content Management System - Cross-Site Scripting Software Link: https://zenar.io/ Dork: N/A Author: Berk Dusunur Tested Website: http://demo.zenar.io Date: 2018-05-20 Category: Web App PoC GET Request: POST...

D-Link DSL-3782 - Authentication Bypass

D-Link DSL-3782 - Authentication Bypass Exploit Title: D-Link DSL 3782 - Authentication Bypass Vendor Homepage: https://eu.dlink.com Version: A1WI20170303 || SWVer="V100R001B012" FWVer="3.10.0.24" FirmVer="TT77616E6771696F6E67" Category: Webapps Exploit Author: Giulio Comi CVE : CVE-2018-8898 Dat...

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow (SEH) (DEP Bypass)

Easy MPEG to DVD Burner 1.7.11 - Local Buffer Overflow SEH DEP Bypass !/usr/bin/python ------------------------------------------------------------------------------------------------------------------------------------ Exploit: Easy MPEG to DVD Burner 1.7.11 SEH + DEP Bypass Local Buffer Overflo...

Joomla! Component EkRishta 2.10 - Cross-Site Scripting SQL Injection

Joomla! Component EkRishta 2.10 - Cross-Site Scripting SQL Injection Exploit Title: Joomla! extension EkRishta 2.10 - Persistent Cross-Site Scripting / SQL Injection Dork: N/A Date: 2018-05-18 Exploit Author: Sina Kheirkhah || [email protected] Software Link:...

HPE iMC 7.3 - Remote Code Execution (Metasploit)

HPE iMC 7.3 - Remote Code Execution Metasploit Exploit Title: HPE iMC EL Injection Unauthenticated RCE Date: 6 February, 2018 Exploit Author: TrendyTofu Vendor Homepage: https://www.hpe.com/us/en/home.html Software Link:...

Monstra CMS 3.0.4 - Cross-Site Scripting (2)

Monstra CMS 3.0.4 - Cross-Site Scripting 2 Exploit Title: Monstra CMS 3.0.4 - Cross-Site Scripting Date: 2018-05-17 Exploit Author: Berk Dusunur Vendor Homepage: https://monstra.org Software Link: https://monstra.org Version: before 3.0.4 Tested on: Pardus / Win10 AppServer Proof Of Concept Monst...

SAP NetWeaver Web Dynpro 6.4 7.5 - Information Disclosure

SAP NetWeaver Web Dynpro 6.4 7.5 - Information Disclosure Application: SAP NetWeaver Web Dynpro 6.4 to 7.5 - Information disclosure Versions Affected: SAP NetWeaver 6.4 - 7.5 Vendor URL: http://SAP.com Bugs: Information disclosure Enumerate users Sent: 2016-12-15 Reported: 2016-12-15 Date of Publ...

SAP B2B B2C CRM 2.x 4.x - Local File Inclusion

SAP B2B B2C CRM 2.x 4.x - Local File Inclusion Title: SAP B2B / B2C CRM 2.x 4.x - Local File Inclusion Application:SAP B2B OR B2C is CRM Versions Affected: SAP B2B OR B2C is CRM 2.x 3.x and 4.x with Bakend R/3 to icssb2b Vendor URL: http://SAP.com Bugs: SAP LFI in B2B OR B2C CRM Sent: 2018-05-03...

Prime95 29.4b8 - Stack Buffer Overflow (SEH)

Prime95 29.4b8 - Stack Buffer Overflow SEH Exploit Title: Prime95 Local Buffer Overflow SEH Date: 13-4-2018 Exploit Author: crashmanucoot Contact: twitter.com/crashmanucoot Vendor Homepage: https://www.mersenne.org/ Software Link: https://www.mersenne.org/download/download Version: 29.4b8 Tested...

Healwire Online Pharmacy 3.0 - Cross-Site Scripting Cross-Site Request Forgery

Healwire Online Pharmacy 3.0 - Cross-Site Scripting Cross-Site Request Forgery Exploit Title: Healwire Online Pharmacy 3.0 - Persistent Cross-Site Scripting / Cross-Site Request Forgery Date: 2018-05-17 Exploit Author: L0RD Vendor Homepage:...

DynoRoot DHCP Client - Command Injection

DynoRoot DHCP Client - Command Injection Exploit Title: DynoRoot DHCP - Client Command Injection Date: 2018-05-18 Exploit Author: Kevin Kirsche Exploit Repository: https://github.com/kkirsche/CVE-2018-1111 Exploit Discoverer: Felix Wilhelm Vendor Homepage: https://www.redhat.com/ Version: RHEL 6....

Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery

Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Exploit Title: Infinity Market Classified Ads Script 1.6.2 - Cross-Site Request Forgery Date: 2018-05-18 Exploit Author: L0RD Vendor Homepage:...

Microsoft Edge Chakra JIT - Bound Check Elimination Bug

Microsoft Edge Chakra JIT - Bound Check Elimination Bug / Chakra uses the InvariantBlockBackwardIterator class to backpropagate the information about the hoisted bound checks. But the class follows the linked list instaed of the control flow. This may lead to incorrectly remove the bound checks. ...

Cisco SA520W Security Appliance - Path Traversal

Cisco SA520W Security Appliance - Path Traversal Title: Cisco SA520W Security Appliance - Path Traversal Author: Nassim Asrir Contact: [email protected] / https://www.linkedin.com/in/nassim-asrir-b73a57122/ Vendor: https://www.cisco.com/ About Product: =============== Cisco SA 500 Series Securit...

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution

Nanopool Claymore Dual Miner 7.3 - Remote Code Execution Exploit Title: Nanopool Claymore Dual Miner = 7.3 Remote Code Execution Date: 2018/02/09 Exploit Author: ReverseBrain Vendor Homepage: https://nanopool.org/ Software Link: https://github.com/nanopool/Claymore-Dual-Miner Version: 7.3 and lat...

Intelbras NCLOUD 300 1.0 - Authentication bypass

Intelbras NCLOUD 300 1.0 - Authentication bypass coding: utf-8 Exploit Title: Intelbras NCloud Authentication bypass Date: 16/05/2018 Exploit Author: Pedro Aguiar - [email protected] Vendor Homepage: http://www.intelbras.com.br/ Software Link:...

NodAPS 4.0 - SQL injection Cross-Site Request Forgery

NodAPS 4.0 - SQL injection Cross-Site Request Forgery Exploit Title: Online Booking system - NodAPS 4.0 - 'search' SQL injection / Cross-Site Request Forgery Date: 2018-05-16 Exploit Author: Borna nematzadeh L0RD Vendor Homepage:...

PowerlogicSchneider Electric IONXXXX Series - Cross-Site Request Forgery

PowerlogicSchneider Electric IONXXXX Series - Cross-Site Request Forgery Exploit Title: Powerlogic Schneider Electric IONXXXX Series - Cross-Site Request Forgery Date: 2018-05-17 Exploit Author: t4rkd3vilz Vendor Homepage: http://www.schneider-electric.com/ Version: ION73XX series, ION75XX series...

Linux 4.16.9 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall

Linux 4.16.9 4.14.41 - 4-byte Infoleak via Uninitialized Struct Field in compat adjtimex Syscall / Commit 3a4d44b61625 "ntp: Move adjtimex related compat syscalls to native counterparts" removed the memset in compatgettimex. Since then, the compat adjtimex syscall can invoke doadjtimex with an...